diff options
| author | Matt Mastracci <matthew@mastracci.com> | 2023-08-25 15:40:25 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-25 23:40:25 +0200 |
| commit | 8bb4e10881730576bbb82e54ede1ebf5931194c3 (patch) | |
| tree | 39e093f85237557be498efad55bfc3af922c274a /ext | |
| parent | 907d9bb4d720a7b01bffb098c72c789665f2415b (diff) | |
fix(ext/tls): upgrade webpki version (#20285)
This removes a webpki version that was showing up as vulnerable to
https://github.com/briansmith/webpki/issues/69.
Needed to upgrade `reqwest` as part of this.
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/tls/Cargo.toml | 6 | ||||
| -rw-r--r-- | ext/tls/lib.rs | 12 |
2 files changed, 9 insertions, 9 deletions
diff --git a/ext/tls/Cargo.toml b/ext/tls/Cargo.toml index 4dfc045f6..a06af68ac 100644 --- a/ext/tls/Cargo.toml +++ b/ext/tls/Cargo.toml @@ -17,8 +17,8 @@ path = "lib.rs" deno_core.workspace = true once_cell.workspace = true rustls = { workspace = true, features = ["dangerous_configuration"] } -rustls-native-certs = "0.6.2" +rustls-native-certs.workspace = true rustls-pemfile.workspace = true +rustls-webpki.workspace = true serde.workspace = true -webpki = "0.22" -webpki-roots = "0.22" +webpki-roots.workspace = true diff --git a/ext/tls/lib.rs b/ext/tls/lib.rs index dded1b385..78ad243c1 100644 --- a/ext/tls/lib.rs +++ b/ext/tls/lib.rs @@ -145,15 +145,15 @@ pub struct BasicAuth { pub fn create_default_root_cert_store() -> RootCertStore { let mut root_cert_store = RootCertStore::empty(); // TODO(@justinmchase): Consider also loading the system keychain here - root_cert_store.add_server_trust_anchors( - webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| { + root_cert_store.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map( + |ta| { rustls::OwnedTrustAnchor::from_subject_spki_name_constraints( ta.subject, ta.spki, ta.name_constraints, ) - }), - ); + }, + )); root_cert_store } @@ -187,7 +187,7 @@ pub fn create_client_config( let client = if let Some((cert_chain, private_key)) = maybe_cert_chain_and_key { client_config - .with_single_cert(cert_chain, private_key) + .with_client_auth_cert(cert_chain, private_key) .expect("invalid client key or certificate") } else { client_config.with_no_client_auth() @@ -223,7 +223,7 @@ pub fn create_client_config( let client = if let Some((cert_chain, private_key)) = maybe_cert_chain_and_key { client_config - .with_single_cert(cert_chain, private_key) + .with_client_auth_cert(cert_chain, private_key) .expect("invalid client key or certificate") } else { client_config.with_no_client_auth() |