Port from winapi to windows-sys

rustls-platform-verifier/Cargo.toml

@@ -59,7 +59,7 @@ security-framework = { version = "2.10", features = ["OSX_10_14"] }
 security-framework-sys = { version = "2.10", features = ["OSX_10_14"] }
 
 [target.'cfg(windows)'.dependencies]
-winapi = { version = "0.3", features = ["wincrypt", "winerror"] }
+windows-sys = { version = "0.52", default-features = false, features = ["Win32_Foundation", "Win32_Security_Cryptography"] }
 
 [dev-dependencies]
 rustls = { version = "0.23", default-features = false, features = ["ring"] }

rustls-platform-verifier/src/lib.rs

@@ -15,9 +15,6 @@ pub use verification::Verifier;
 #[cfg_attr(docsrs, doc(cfg(target_os = "android")))]
 pub mod android;
 
-#[cfg(windows)]
-mod windows;
-
 /// Fixures and data to support testing the server
 /// certificate verifier.
 #[cfg(any(test, feature = "ffi-testing"))]

rustls-platform-verifier/src/verification/mod.rs

@@ -82,11 +82,10 @@ fn invalid_certificate(reason: impl Into<String>) -> rustls::Error {
 /// - id-kp-serverAuth
 // TODO: Chromium also allows for `OID_ANY_EKU` on Android.
 #[cfg(target_os = "windows")]
-// XXX: Windows requires that we NUL terminate EKU strings and we want to make sure that only the
-// data part of the `&str` pointer (using `.as_ptr()`), not all of its metadata.
-// This can be cleaned up when our MSRV is increased to 1.77 and C-string literals are available.
+// XXX: Windows requires that we NUL terminate EKU strings.
 // See https://github.com/rustls/rustls-platform-verifier/issues/126#issuecomment-2306232794.
-const ALLOWED_EKUS: &[*mut u8] = &["1.3.6.1.5.5.7.3.1\0".as_ptr() as *mut u8];
+const ALLOWED_EKUS: &[windows_sys::core::PCSTR] =
+    &[windows_sys::Win32::Security::Cryptography::szOID_PKIX_KP_SERVER_AUTH];
 #[cfg(target_os = "android")]
 pub const ALLOWED_EKUS: &[&str] = &["1.3.6.1.5.5.7.3.1"];