Skip to content

Commit

Permalink
Upgrade to rustls-native-certs 0.8
Browse files Browse the repository at this point in the history
  • Loading branch information
djc committed Dec 2, 2024
1 parent e4a25b4 commit e5fd640
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 66 deletions.
45 changes: 6 additions & 39 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion rustls-platform-verifier/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ once_cell = "1.9"
paste = { version = "1.0", default-features = false, optional = true } # Only used when `ffi-testing` feature is enabled

[target.'cfg(all(unix, not(target_os = "android"), not(target_vendor = "apple"), not(target_arch = "wasm32")))'.dependencies]
rustls-native-certs = "0.7"
rustls-native-certs = "0.8"
webpki = { package = "rustls-webpki", version = "0.102", default-features = false }

[target.'cfg(target_os = "android")'.dependencies]
Expand Down
43 changes: 17 additions & 26 deletions rustls-platform-verifier/src/verification/others.rs
Original file line number Diff line number Diff line change
Expand Up @@ -127,34 +127,25 @@ impl Verifier {
not(target_vendor = "apple"),
not(target_arch = "wasm32"),
))]
match rustls_native_certs::load_native_certs() {
Ok(certs) => {
let (added, ignored) = root_store.add_parsable_certificates(certs);
let result = rustls_native_certs::load_native_certs();
let (added, ignored) = root_store.add_parsable_certificates(result.certs);
if ignored != 0 {
log::warn!("Some CA root certificates were ignored due to errors");
}

if ignored != 0 {
log::warn!("Some CA root certificates were ignored due to errors");
}
for error in result.errors {
log::warn!("Error loading CA root certificate: {error}");
}

if root_store.is_empty() {
log::error!("No CA certificates were loaded from the system");
} else {
log::debug!("Loaded {added} CA certificates from the system");
}
}
Err(err) => {
// This only contains a path to a system directory:
// https://github.com/rustls/rustls-native-certs/blob/bc13b9a6bfc2e1eec881597055ca49accddd972a/src/lib.rs#L91-L94
const MSG: &str = "failed to load system root certificates: ";

// Don't return an error if this fails when other roots have already been loaded via
// `new_with_extra_roots`. It leads to extra failure cases where connections would otherwise still work.
if root_store.is_empty() {
return Err(rustls::Error::General(format!("{MSG}{err}")));
} else {
log::error!("{MSG}{err}");
}
}
};
// Don't return an error if this fails when other roots have already been loaded via
// `new_with_extra_roots`. It leads to extra failure cases where connections would otherwise still work.
if root_store.is_empty() {
return Err(rustls::Error::General(
"No CA certificates were loaded from the system".to_owned(),
));
} else {
log::debug!("Loaded {added} CA certificates from the system");
}

#[cfg(target_arch = "wasm32")]
{
Expand Down

0 comments on commit e5fd640

Please sign in to comment.