From fb1f73b01a6aee6641bb22eb8c8deb892110120e Mon Sep 17 00:00:00 2001 From: nickelc Date: Wed, 4 Sep 2024 12:23:01 +0200 Subject: [PATCH] deps: update `rustls-native-certs` to 0.8 (#440) The `load_native_certs()` function now returns all errors instead of raising only the first error. Not finding any native root CA certificates is not fatal if the "rustls-tls-webpki-roots" feature is enabled. --- Cargo.toml | 2 +- src/tls.rs | 22 +++++++++++++++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 51902d9a..84fb8349 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -57,7 +57,7 @@ version = "1.0" [dependencies.rustls-native-certs] optional = true -version = "0.7.0" +version = "0.8.0" [dependencies.webpki-roots] optional = true diff --git a/src/tls.rs b/src/tls.rs index 836b7aef..42fb5c41 100644 --- a/src/tls.rs +++ b/src/tls.rs @@ -105,10 +105,26 @@ mod encryption { #[cfg(feature = "rustls-tls-native-roots")] { - let native_certs = rustls_native_certs::load_native_certs()?; - let total_number = native_certs.len(); + let rustls_native_certs::CertificateResult { + certs, errors, .. + } = rustls_native_certs::load_native_certs(); + + if !errors.is_empty() { + log::warn!( + "native root CA certificate loading errors: {errors:?}" + ); + } + + // Not finding any native root CA certificates is not fatal if the + // "rustls-tls-webpki-roots" feature is enabled. + #[cfg(not(feature = "rustls-tls-webpki-roots"))] + if certs.is_empty() { + return Err(std::io::Error::new(std::io::ErrorKind::NotFound, format!("no native root CA certificates found (errors: {errors:?})")).into()); + } + + let total_number = certs.len(); let (number_added, number_ignored) = - root_store.add_parsable_certificates(native_certs); + root_store.add_parsable_certificates(certs); log::debug!("Added {number_added}/{total_number} native root certificates (ignored {number_ignored})"); } #[cfg(feature = "rustls-tls-webpki-roots")]