Updates for the released version of rustls 0.20

g2p · g2p · commit 5d30d126b180 · 2021-10-15T18:03:23.000+02:00
Disables sct validation with certificate transparency logs,
which can't be enabled without a bunch of intrusive policies
to deal with validity/expiration.
diff --git a/Cargo.toml b/Cargo.toml
@@ -13,11 +13,11 @@ repository = "https://github.com/ctz/hyper-rustls"
 log = "0.4.4"
 ct-logs = { version = "^0.9", optional = true }
 hyper = { version = "0.14", default-features = false, features = ["client", "http1"] }
-rustls = { git = "https://github.com/ctz/rustls" }
-rustls-native-certs = { git = "https://github.com/djc/rustls-native-certs", rev = "6116ef59f5825b0ec74a38807635a70433d68c27", optional = true }
+rustls = "0.20"
+rustls-native-certs = { git = "https://github.com/djc/rustls-native-certs", branch = "no-rustls", optional = true }
 rustls-pemfile = { version = "0.2.1" }
 tokio = "1.0"
-tokio-rustls = { version = "0.23", git = "https://github.com/tokio-rs/tls", rev = "b433932bf1025960e5b99f353cf8eee4ce2f08f3" }
+tokio-rustls = { version = "0.23", git = "https://github.com/tokio-rs/tls" }
 webpki = "0.22.0"
 webpki-roots = { version = "0.22", optional = true }
 
diff --git a/examples/client.rs b/examples/client.rs
@@ -56,7 +56,7 @@ async fn run_client() -> io::Result<()> {
             // Build a TLS client, using the custom CA store for lookups.
             let tls = rustls::ClientConfig::builder()
                 .with_safe_defaults()
-                .with_root_certificates(roots, &ct_logs::LOGS)
+                .with_root_certificates(roots)
                 .with_no_client_auth();
             // Join the above part into an HTTPS connector.
             hyper_rustls::HttpsConnector::from((http, tls))
diff --git a/src/connector.rs b/src/connector.rs
@@ -81,6 +81,12 @@ impl HttpsConnector<HttpConnector> {
             config.alpn_protocols.push(b"http/1.1".to_vec());
         }
 
+        //let mut config = ClientConfig::builder()
+        //    .with_safe_defaults()
+        //    .with_root_certificates(roots)
+        //    //.with_certificate_transparency_logs(ct_logs::LOGS, XXX)
+        //    .with_no_client_auth();
+
         (http, config).into()
     }
 }
diff --git a/src/stream.rs b/src/stream.rs
@@ -8,7 +8,6 @@ use hyper::client::connect::{Connected, Connection};
 
 use tokio::io::{AsyncRead, AsyncWrite, ReadBuf};
 use tokio_rustls::client::TlsStream;
-use tokio_rustls::rustls::{Connection as _};
 
 /// A stream that might be protected with TLS.
 pub enum MaybeHttpsStream<T> {

Original file line number	Diff line number	Diff line change
`@@ -81,6 +81,12 @@ impl HttpsConnector<HttpConnector> {`
`81`	`81`	`config.alpn_protocols.push(b"http/1.1".to_vec());`
`82`	`82`	`}`
`83`	`83`
	`84`	`+ //let mut config = ClientConfig::builder()`
	`85`	`+ // .with_safe_defaults()`
	`86`	`+ // .with_root_certificates(roots)`
	`87`	`+ // //.with_certificate_transparency_logs(ct_logs::LOGS, XXX)`
	`88`	`+ // .with_no_client_auth();`
	`89`	`+`
`84`	`90`	`(http, config).into()`
`85`	`91`	`}`
`86`	`92`	`}`