diff --git a/Cargo.lock b/Cargo.lock index c96cd1a7..ad1d28d3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -396,6 +396,7 @@ dependencies = [ "rand", "rand_chacha", "reqwest", + "rustls", "rustls-platform-verifier", "schemars", "serde", @@ -2300,7 +2301,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34" dependencies = [ "cfg-if", - "windows-targets 0.48.5", + "windows-targets 0.52.6", ] [[package]] @@ -3196,9 +3197,9 @@ dependencies = [ [[package]] name = "rustls-platform-verifier" -version = "0.3.4" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "afbb878bdfdf63a336a5e63561b1835e7a8c91524f51621db870169eac84b490" +checksum = "a4c7dc240fec5517e6c4eab3310438636cfe6391dfc345ba013109909a90d136" dependencies = [ "core-foundation", "core-foundation-sys", @@ -3211,8 +3212,8 @@ dependencies = [ "rustls-webpki", "security-framework", "security-framework-sys", - "webpki-roots", - "winapi", + "webpki-root-certs", + "windows-sys 0.52.0", ] [[package]] @@ -4556,10 +4557,10 @@ dependencies = [ ] [[package]] -name = "webpki-roots" +name = "webpki-root-certs" version = "0.26.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d642ff16b7e79272ae451b7322067cdc17cadf68c23264be9d94a32319efe7e" +checksum = "9cd5da49bdf1f30054cfe0b8ce2958b8fbeb67c4d82c8967a598af481bef255c" dependencies = [ "rustls-pki-types", ] diff --git a/crates/bitwarden-core/Cargo.toml b/crates/bitwarden-core/Cargo.toml index 8f6338ad..e4e629c8 100644 --- a/crates/bitwarden-core/Cargo.toml +++ b/crates/bitwarden-core/Cargo.toml @@ -59,7 +59,8 @@ zxcvbn = { version = ">=3.0.1, <4.0", optional = true } # By default, we use rustls as the TLS stack and rust-platform-verifier to support user-installed root certificates # The only exception is WASM, as it just uses the browsers/node fetch reqwest = { workspace = true, features = ["rustls-tls-manual-roots"] } -rustls-platform-verifier = "0.3.4" +rustls = { version = "0.23.19", default-features = false } +rustls-platform-verifier = "0.4.0" [dev-dependencies] bitwarden-crypto = { workspace = true } diff --git a/crates/bitwarden-core/src/client/client.rs b/crates/bitwarden-core/src/client/client.rs index b9bf4c51..8b8182cd 100644 --- a/crates/bitwarden-core/src/client/client.rs +++ b/crates/bitwarden-core/src/client/client.rs @@ -27,8 +27,10 @@ impl Client { #[cfg(not(target_arch = "wasm32"))] { + use rustls::ClientConfig; + use rustls_platform_verifier::ConfigVerifierExt; client_builder = - client_builder.use_preconfigured_tls(rustls_platform_verifier::tls_config()); + client_builder.use_preconfigured_tls(ClientConfig::with_platform_verifier()); } client_builder @@ -83,24 +85,3 @@ impl Client { } } } - -#[cfg(test)] -mod tests { - #[cfg(not(target_arch = "wasm32"))] - #[test] - fn test_reqwest_rustls_platform_verifier_are_compatible() { - // rustls-platform-verifier is generating a rustls::ClientConfig, - // which reqwest accepts as a &dyn Any and then downcasts it to a - // rustls::ClientConfig. - - // This means that if the rustls version of the two crates don't match, - // the downcast will fail and we will get a runtime error. - - // This tests is added to ensure that it doesn't happen. - - let _ = reqwest::ClientBuilder::new() - .use_preconfigured_tls(rustls_platform_verifier::tls_config()) - .build() - .unwrap(); - } -} diff --git a/crates/bitwarden-uniffi/Cargo.toml b/crates/bitwarden-uniffi/Cargo.toml index 2e57e23b..6575e6ad 100644 --- a/crates/bitwarden-uniffi/Cargo.toml +++ b/crates/bitwarden-uniffi/Cargo.toml @@ -39,7 +39,7 @@ android_logger = "0.14" # The use of rustls-platform-verifier requires some extra support to communicate with the Android platform jni = ">=0.19, <0.20" libloading = ">=0.8.1, <0.9" -rustls-platform-verifier = "0.3.4" +rustls-platform-verifier = "0.4.0" [target.'cfg(target_os = "ios")'.dependencies] oslog = "0.2.0"