File: use-native-certs.patch

package info (click to toggle)
rust-trust-dns-resolver 0.22.0-2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 672 kB
  • sloc: makefile: 2
file content (81 lines) | stat: -rw-r--r-- 3,030 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
Index: trust-dns-resolver/Cargo.toml
===================================================================
--- trust-dns-resolver.orig/Cargo.toml
+++ trust-dns-resolver/Cargo.toml
@@ -107,8 +107,8 @@ version = "0.1.30"
 version = "0.22.0"
 default-features = false
 
-[dependencies.webpki-roots]
-version = "0.22.1"
+[dependencies.rustls-native-certs]
+version = "0.6"
 optional = true
 
 [dev-dependencies.futures-executor]
@@ -155,7 +155,6 @@ dns-over-rustls = [
     "rustls",
     "tokio-rustls",
     "trust-dns-proto/dns-over-rustls",
-    "webpki-roots",
 ]
 dns-over-tls = []
 dnssec = []
Index: trust-dns-resolver/src/config.rs
===================================================================
--- trust-dns-resolver.orig/src/config.rs
+++ trust-dns-resolver/src/config.rs
@@ -227,16 +227,12 @@ impl ResolverConfig {
     ///
     /// use rustls::{ClientConfig, ProtocolVersion, RootCertStore, OwnedTrustAnchor};
     /// use trust_dns_resolver::config::ResolverConfig;
-    /// use webpki_roots;
-    ///
     /// let mut root_store = RootCertStore::empty();
-    /// root_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
-    ///     OwnedTrustAnchor::from_subject_spki_name_constraints(
-    ///         ta.subject,
-    ///         ta.spki,
-    ///         ta.name_constraints,
-    ///     )
-    /// }));
+    /// for cert in rustls_native_certs::load_native_certs().expect("could not load platform certs") {
+    ///     root_store
+    ///         .add(&rustls::Certificate(cert.0))
+    ///         .unwrap();
+    /// }
     ///
     /// let mut client_config = ClientConfig::builder()
     ///     .with_safe_default_cipher_suites()
Index: trust-dns-resolver/src/tls/dns_over_rustls.rs
===================================================================
--- trust-dns-resolver.orig/src/tls/dns_over_rustls.rs
+++ trust-dns-resolver/src/tls/dns_over_rustls.rs
@@ -13,7 +13,7 @@ use std::pin::Pin;
 use std::sync::Arc;
 
 use futures_util::future::Future;
-use rustls::{ClientConfig, OwnedTrustAnchor, RootCertStore};
+use rustls::{ClientConfig, RootCertStore};
 
 use proto::error::ProtoError;
 use proto::rustls::{tls_client_connect_with_bind_addr, TlsClientStream};
@@ -28,13 +28,11 @@ lazy_static! {
     // using the mozilla default root store
     pub(crate) static ref CLIENT_CONFIG: Arc<ClientConfig> = {
         let mut root_store = RootCertStore::empty();
-        root_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
-            OwnedTrustAnchor::from_subject_spki_name_constraints(
-                ta.subject,
-                ta.spki,
-                ta.name_constraints,
-            )
-        }));
+        for cert in rustls_native_certs::load_native_certs().expect("could not load platform certs") {
+            root_store
+                .add(&rustls::Certificate(cert.0))
+                .unwrap();
+        }
 
         let mut client_config = ClientConfig::builder()
             .with_safe_default_cipher_suites()