From 6ffd0d88f58374370256e88d0a18f4ce3021dc7b Mon Sep 17 00:00:00 2001 From: Constantin Nickel Date: Wed, 4 Sep 2024 13:13:00 +0200 Subject: [PATCH] deps: update `rustls-native-certs` to 0.8 The `load_native_certs()` function now returns all errors instead of raising only the first error. Not finding any native root CA certificates is not fatal if the "rustls-tls-webpki-roots" feature is enabled. --- Cargo.toml | 2 +- src/tls.rs | 22 +++++++++++++++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index dec1fa2c..4711060e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -53,7 +53,7 @@ version = "1.0" [dependencies.rustls-native-certs] optional = true -version = "0.7.0" +version = "0.8.0" [dependencies.tokio-native-tls] optional = true diff --git a/src/tls.rs b/src/tls.rs index 7fe7329b..4863914c 100644 --- a/src/tls.rs +++ b/src/tls.rs @@ -95,10 +95,26 @@ mod encryption { let mut root_store = RootCertStore::empty(); #[cfg(feature = "rustls-tls-native-roots")] { - let native_certs = rustls_native_certs::load_native_certs()?; - let total_number = native_certs.len(); + let rustls_native_certs::CertificateResult { + certs, errors, .. + } = rustls_native_certs::load_native_certs(); + + if !errors.is_empty() { + log::warn!( + "native root CA certificate loading errors: {errors:?}" + ); + } + + // Not finding any native root CA certificates is not fatal if the + // "rustls-tls-webpki-roots" feature is enabled. + #[cfg(not(feature = "rustls-tls-webpki-roots"))] + if certs.is_empty() { + return Err(std::io::Error::new(std::io::ErrorKind::NotFound, format!("no native root CA certificates found (errors: {errors:?})")).into()); + } + + let total_number = certs.len(); let (number_added, number_ignored) = - root_store.add_parsable_certificates(native_certs); + root_store.add_parsable_certificates(certs); log::debug!("Added {number_added}/{total_number} native root certificates (ignored {number_ignored})"); } #[cfg(feature = "rustls-tls-webpki-roots")]