Replace rustls-native-certs with rustls-platform-verifier (#24656)
closes https://github.com/zed-industries/zed/issues/19620. I am not 100% sure on how to test this though. @elithrar: would you mind giving this branch a shot and seeing if it works for you? I kicked off bundling for this pull request and you should be able to download a DMG from the CI artifacts as soon as it's done building. Release Notes: - Fixed a bug that caused OS-level CA certificate bundles to not be respected. --------- Co-authored-by: Bennet <bennet@zed.dev> Co-authored-by: Mikayla Maki <mikayla.c.maki@gmail.com>
This commit is contained in:
Antonio Scandurra
GitHub
parent
1ce6e8d0e3
commit
2b7d3726b4
7 changed files with 69 additions and 26 deletions
|
|
@ -33,8 +33,6 @@ postage.workspace = true
|
|||
rand.workspace = true
|
||||
release_channel.workspace = true
|
||||
rpc = { workspace = true, features = ["gpui"] }
|
||||
rustls-native-certs.workspace = true
|
||||
rustls.workspace = true
|
||||
schemars.workspace = true
|
||||
serde.workspace = true
|
||||
serde_json.workspace = true
|
||||
|
|
|
|||
|
|
@ -146,8 +146,6 @@ pub fn init_settings(cx: &mut App) {
|
|||
}
|
||||
|
||||
pub fn init(client: &Arc<Client>, cx: &mut App) {
|
||||
let _ = rustls::crypto::aws_lc_rs::default_provider().install_default();
|
||||
|
||||
let client = Arc::downgrade(client);
|
||||
cx.on_action({
|
||||
let client = client.clone();
|
||||
|
|
@ -1126,24 +1124,11 @@ impl Client {
|
|||
|
||||
match url_scheme {
|
||||
Https => {
|
||||
let client_config = {
|
||||
let mut root_store = rustls::RootCertStore::empty();
|
||||
|
||||
let root_certs = rustls_native_certs::load_native_certs();
|
||||
for error in root_certs.errors {
|
||||
log::warn!("error loading native certs: {:?}", error);
|
||||
}
|
||||
root_store.add_parsable_certificates(root_certs.certs);
|
||||
rustls::ClientConfig::builder()
|
||||
.with_root_certificates(root_store)
|
||||
.with_no_client_auth()
|
||||
};
|
||||
|
||||
let (stream, _) =
|
||||
async_tungstenite::async_tls::client_async_tls_with_connector(
|
||||
request,
|
||||
stream,
|
||||
Some(client_config.into()),
|
||||
Some(http_client::tls_config().into()),
|
||||
)
|
||||
.await?;
|
||||
Ok(Connection::new(
|
||||
|
|
|
|||
|
|
@ -25,3 +25,5 @@ log.workspace = true
|
|||
serde.workspace = true
|
||||
serde_json.workspace = true
|
||||
url.workspace = true
|
||||
rustls.workspace = true
|
||||
rustls-platform-verifier.workspace = true
|
||||
|
|
|
|||
|
|
@ -8,14 +8,33 @@ pub use http::{self, Method, Request, Response, StatusCode, Uri};
|
|||
|
||||
use futures::future::BoxFuture;
|
||||
use http::request::Builder;
|
||||
use rustls::ClientConfig;
|
||||
use rustls_platform_verifier::ConfigVerifierExt;
|
||||
#[cfg(feature = "test-support")]
|
||||
use std::fmt;
|
||||
use std::{
|
||||
any::type_name,
|
||||
sync::{Arc, Mutex},
|
||||
sync::{Arc, Mutex, OnceLock},
|
||||
};
|
||||
pub use url::Url;
|
||||
|
||||
static TLS_CONFIG: OnceLock<rustls::ClientConfig> = OnceLock::new();
|
||||
|
||||
pub fn tls_config() -> ClientConfig {
|
||||
TLS_CONFIG
|
||||
.get_or_init(|| {
|
||||
// rustls uses the `aws_lc_rs` provider by default
|
||||
// This only errors if the default provider has already
|
||||
// been installed. We can ignore this `Result`.
|
||||
rustls::crypto::aws_lc_rs::default_provider()
|
||||
.install_default()
|
||||
.ok();
|
||||
|
||||
ClientConfig::with_platform_verifier()
|
||||
})
|
||||
.clone()
|
||||
}
|
||||
|
||||
#[derive(Default, Debug, Clone, PartialEq, Eq, Hash)]
|
||||
pub enum RedirectPolicy {
|
||||
#[default]
|
||||
|
|
|
|||
|
|
@ -51,7 +51,10 @@ impl ReqwestClient {
|
|||
}) {
|
||||
client = client.proxy(proxy);
|
||||
}
|
||||
let client = client.build()?;
|
||||
|
||||
let client = client
|
||||
.use_preconfigured_tls(http_client::tls_config())
|
||||
.build()?;
|
||||
let mut client: ReqwestClient = client.into();
|
||||
client.proxy = proxy;
|
||||
Ok(client)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue