diff options
Diffstat (limited to 'cli')
| -rw-r--r-- | cli/args/mod.rs | 18 | ||||
| -rw-r--r-- | cli/http_util.rs | 2 |
2 files changed, 14 insertions, 6 deletions
diff --git a/cli/args/mod.rs b/cli/args/mod.rs index c0172e80b..742249835 100644 --- a/cli/args/mod.rs +++ b/cli/args/mod.rs @@ -696,13 +696,21 @@ pub fn get_root_cert_store( for store in ca_stores.iter() { match store.as_str() { "mozilla" => { - root_cert_store.extend(webpki_roots::TLS_SERVER_ROOTS.to_vec()); + root_cert_store.add_trust_anchors( + webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| { + rustls::OwnedTrustAnchor::from_subject_spki_name_constraints( + ta.subject, + ta.spki, + ta.name_constraints, + ) + }), + ); } "system" => { let roots = load_native_certs().expect("could not load platform certs"); for root in roots { root_cert_store - .add(rustls::pki_types::CertificateDer::from(root.0)) + .add(&rustls::Certificate(root.0)) .expect("Failed to add platform cert to root cert store"); } } @@ -726,17 +734,17 @@ pub fn get_root_cert_store( RootCertStoreLoadError::CaFileOpenError(err.to_string()) })?; let mut reader = BufReader::new(certfile); - rustls_pemfile::certs(&mut reader).collect::<Result<Vec<_>, _>>() + rustls_pemfile::certs(&mut reader) } CaData::Bytes(data) => { let mut reader = BufReader::new(Cursor::new(data)); - rustls_pemfile::certs(&mut reader).collect::<Result<Vec<_>, _>>() + rustls_pemfile::certs(&mut reader) } }; match result { Ok(certs) => { - root_cert_store.add_parsable_certificates(certs); + root_cert_store.add_parsable_certificates(&certs); } Err(e) => { return Err(RootCertStoreLoadError::FailedAddPemFile(e.to_string())); diff --git a/cli/http_util.rs b/cli/http_util.rs index 18c0687bd..7fcce616b 100644 --- a/cli/http_util.rs +++ b/cli/http_util.rs @@ -587,7 +587,7 @@ mod test { use std::collections::HashSet; use std::hash::RandomState; - use deno_runtime::deno_tls::rustls::RootCertStore; + use deno_runtime::deno_tls::RootCertStore; use crate::version; |