From 8d3c7a3bd646d3183cacd2891488bd024d8fd080 Mon Sep 17 00:00:00 2001 From: Paul Fariello Date: Mon, 15 Feb 2021 20:45:58 +0100 Subject: [PATCH] Add TLS server roots from webpki --- tokio-xmpp/Cargo.toml | 3 ++- tokio-xmpp/src/starttls.rs | 30 +++++++++++++++++++----------- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/tokio-xmpp/Cargo.toml b/tokio-xmpp/Cargo.toml index 6e6eeee3..251e8e02 100644 --- a/tokio-xmpp/Cargo.toml +++ b/tokio-xmpp/Cargo.toml @@ -28,12 +28,13 @@ trust-dns-resolver = "0.20" xml5ever = "0.16" xmpp-parsers = "0.18" webpki = { version = "0.21", optional = true } +webpki-roots = { version = "0.21", optional = true } [build-dependencies] rustc_version = "0.3" [features] default = ["tls-native"] -tls-rust = ["tokio-rustls", "webpki"] +tls-rust = ["tokio-rustls", "webpki", "webpki-roots"] tls-native = ["tokio-native-tls", "native-tls"] serde = ["xmpp-parsers/serde"] diff --git a/tokio-xmpp/src/starttls.rs b/tokio-xmpp/src/starttls.rs index 26985e0d..a6c95951 100644 --- a/tokio-xmpp/src/starttls.rs +++ b/tokio-xmpp/src/starttls.rs @@ -1,17 +1,21 @@ use futures::{sink::SinkExt, stream::StreamExt}; + #[cfg(feature = "tls-rust")] -use idna; +use { + idna, + std::sync::Arc, + tokio_rustls::{client::TlsStream, rustls::ClientConfig, TlsConnector}, + webpki::DNSNameRef, + webpki_roots, +}; + #[cfg(feature = "tls-native")] -use native_tls::TlsConnector as NativeTlsConnector; -#[cfg(feature = "tls-rust")] -use std::sync::Arc; +use { + native_tls::TlsConnector as NativeTlsConnector, + tokio_native_tls::{TlsConnector, TlsStream}, +}; + use tokio::io::{AsyncRead, AsyncWrite}; -#[cfg(feature = "tls-native")] -use tokio_native_tls::{TlsConnector, TlsStream}; -#[cfg(feature = "tls-rust")] -use tokio_rustls::{client::TlsStream, rustls::ClientConfig, TlsConnector}; -#[cfg(feature = "tls-rust")] -use webpki::DNSNameRef; use xmpp_parsers::{ns, Element}; use crate::xmpp_codec::Packet; @@ -38,7 +42,11 @@ async fn get_tls_stream( let ascii_domain = idna::domain_to_ascii(domain).map_err(|_| Error::Idna)?; let domain = DNSNameRef::try_from_ascii_str(&ascii_domain).unwrap(); let stream = xmpp_stream.into_inner(); - let tls_stream = TlsConnector::from(Arc::new(ClientConfig::new())) + let mut config = ClientConfig::new(); + config + .root_store + .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS); + let tls_stream = TlsConnector::from(Arc::new(config)) .connect(domain, stream) .await?; Ok(tls_stream)