diff --git a/tokio-xmpp/Cargo.toml b/tokio-xmpp/Cargo.toml index ea271682..a967a513 100644 --- a/tokio-xmpp/Cargo.toml +++ b/tokio-xmpp/Cargo.toml @@ -20,21 +20,20 @@ native-tls = { version = "0.2", optional = true } sasl = "0.5" tokio = { version = "1", features = ["net", "rt", "rt-multi-thread", "macros"] } tokio-native-tls = { version = "0.3", optional = true } -tokio-rustls = { version = "0.22", optional = true } +tokio-rustls = { version = "0.23", optional = true } tokio-stream = { version = "0.1", features = [] } tokio-util = { version = "0.6", features = ["codec"] } trust-dns-proto = "0.20" trust-dns-resolver = "0.20" xml5ever = "0.16" xmpp-parsers = "0.18" -webpki = { version = "0.21", optional = true } -webpki-roots = { version = "0.21", optional = true } +webpki-roots = { version = "0.22", optional = true } [build-dependencies] -rustc_version = "0.3" +rustc_version = "0.4" [features] default = ["tls-native"] -tls-rust = ["tokio-rustls", "webpki", "webpki-roots"] +tls-rust = ["tokio-rustls", "webpki-roots"] tls-native = ["tokio-native-tls", "native-tls"] serde = ["xmpp-parsers/serde"] diff --git a/tokio-xmpp/src/error.rs b/tokio-xmpp/src/error.rs index 42d1f9ea..85d0ba29 100644 --- a/tokio-xmpp/src/error.rs +++ b/tokio-xmpp/src/error.rs @@ -7,7 +7,7 @@ use std::fmt; use std::io::Error as IoError; use std::str::Utf8Error; #[cfg(feature = "tls-rust")] -use tokio_rustls::rustls::TLSError as TlsError; +use tokio_rustls::rustls::Error as TlsError; use trust_dns_proto::error::ProtoError; use trust_dns_resolver::error::ResolveError; diff --git a/tokio-xmpp/src/starttls.rs b/tokio-xmpp/src/starttls.rs index a6c95951..7c91f15d 100644 --- a/tokio-xmpp/src/starttls.rs +++ b/tokio-xmpp/src/starttls.rs @@ -2,10 +2,13 @@ use futures::{sink::SinkExt, stream::StreamExt}; #[cfg(feature = "tls-rust")] use { - idna, + std::convert::TryFrom, std::sync::Arc, - tokio_rustls::{client::TlsStream, rustls::ClientConfig, TlsConnector}, - webpki::DNSNameRef, + tokio_rustls::{ + client::TlsStream, + rustls::{ClientConfig, OwnedTrustAnchor, RootCertStore, ServerName}, + TlsConnector, + }, webpki_roots, }; @@ -39,13 +42,20 @@ async fn get_tls_stream( xmpp_stream: XMPPStream, ) -> Result, Error> { let domain = &xmpp_stream.jid.clone().domain(); - let ascii_domain = idna::domain_to_ascii(domain).map_err(|_| Error::Idna)?; - let domain = DNSNameRef::try_from_ascii_str(&ascii_domain).unwrap(); + let domain = ServerName::try_from(domain.as_str()).unwrap(); let stream = xmpp_stream.into_inner(); - let mut config = ClientConfig::new(); - config - .root_store - .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS); + let mut root_store = RootCertStore::empty(); + root_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| { + OwnedTrustAnchor::from_subject_spki_name_constraints( + ta.subject, + ta.spki, + ta.name_constraints, + ) + })); + let config = ClientConfig::builder() + .with_safe_defaults() + .with_root_certificates(root_store) + .with_no_client_auth(); let tls_stream = TlsConnector::from(Arc::new(config)) .connect(domain, stream) .await?;