Build RootCertStore from webpki roots instead of native roots
This commit is contained in:
parent
648cd21001
commit
88ebc9e399
|
@ -32,17 +32,19 @@ impl TungsteniteBackend {
|
||||||
pub async fn connect(
|
pub async fn connect(
|
||||||
websocket_url: &str,
|
websocket_url: &str,
|
||||||
) -> Result<(TungsteniteSink, TungsteniteStream), TungsteniteBackendError> {
|
) -> Result<(TungsteniteSink, TungsteniteStream), TungsteniteBackendError> {
|
||||||
let mut roots = rustls::RootCertStore::empty();
|
let certs = webpki_roots::TLS_SERVER_ROOTS;
|
||||||
let certs = rustls_native_certs::load_native_certs();
|
let roots = rustls::RootCertStore {
|
||||||
|
roots: certs
|
||||||
if let Err(e) = certs {
|
.iter()
|
||||||
log::error!("Failed to load platform native certs! {:?}", e);
|
.map(|cert| {
|
||||||
return Err(TungsteniteBackendError::FailedToLoadCerts { error: e });
|
rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
|
||||||
}
|
cert.subject.to_vec(),
|
||||||
|
cert.subject_public_key_info.to_vec(),
|
||||||
for cert in certs.unwrap() {
|
cert.name_constraints.as_ref().map(|der| der.to_vec()),
|
||||||
roots.add(&rustls::Certificate(cert.0)).unwrap();
|
)
|
||||||
}
|
})
|
||||||
|
.collect(),
|
||||||
|
};
|
||||||
let (websocket_stream, _) = match connect_async_tls_with_config(
|
let (websocket_stream, _) = match connect_async_tls_with_config(
|
||||||
websocket_url,
|
websocket_url,
|
||||||
None,
|
None,
|
||||||
|
@ -58,11 +60,7 @@ impl TungsteniteBackend {
|
||||||
.await
|
.await
|
||||||
{
|
{
|
||||||
Ok(websocket_stream) => websocket_stream,
|
Ok(websocket_stream) => websocket_stream,
|
||||||
Err(e) => {
|
Err(e) => return Err(TungsteniteBackendError::TungsteniteError { error: e }),
|
||||||
return Err(TungsteniteBackendError::TungsteniteError {
|
|
||||||
error: e,
|
|
||||||
})
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
|
|
||||||
Ok(websocket_stream.split())
|
Ok(websocket_stream.split())
|
||||||
|
|
Loading…
Reference in New Issue