Switch from OpenSSL to Rustls (#19104)

This PR also includes a downgrade of our async_tungstenite version to 0.24 Release Notes: - N/A
2024-10-11 18:18:09 -07:00 · 2024-10-11 18:18:09 -07:00 · c85a3cc117
commit c85a3cc117
parent 22ac178f9d
8 changed files with 118 additions and 106 deletions
--- a/crates/client/Cargo.toml
+++ b/crates/client/Cargo.toml
@ -18,7 +18,6 @@ test-support = ["clock/test-support", "collections/test-support", "gpui/test-sup
 [dependencies]
 anyhow.workspace = true
 async-recursion = "0.3"
-async-tls = "0.13"
 async-tungstenite = { workspace = true, features = ["async-std", "async-tls"] }
 chrono = { workspace = true, features = ["serde"] }
 clock.workspace = true
@ -35,6 +34,8 @@ postage.workspace = true
 rand.workspace = true
 release_channel.workspace = true
 rpc = { workspace = true, features = ["gpui"] }
+rustls-native-certs.workspace = true
+rustls.workspace = true
 schemars.workspace = true
 serde.workspace = true
 serde_json.workspace = true
--- a/crates/client/src/client.rs
+++ b/crates/client/src/client.rs
@ -1137,13 +1137,31 @@ impl Client {

            match url_scheme {
                Https => {
+                    let client_config = {
+                        let mut root_store = rustls::RootCertStore::empty();
+
+                        let root_certs = rustls_native_certs::load_native_certs();
+                        for error in root_certs.errors {
+                            log::warn!("error loading native certs: {:?}", error);
+                        }
+                        root_store.add_parsable_certificates(
+                            &root_certs
+                                .certs
+                                .into_iter()
+                                .map(|cert| cert.as_ref().to_owned())
+                                .collect::<Vec<_>>(),
+                        );
+                        rustls::ClientConfig::builder()
+                            .with_safe_defaults()
+                            .with_root_certificates(root_store)
+                            .with_no_client_auth()
+                    };
+
                    let (stream, _) =
                        async_tungstenite::async_tls::client_async_tls_with_connector(
                            request,
                            stream,
-                            Some(async_tls::TlsConnector::from(
-                                http_client::TLS_CONFIG.clone(),
-                            )),
+                            Some(client_config.into()),
                        )
                        .await?;
                    Ok(Connection::new(