fix non-desktop tls roots (#23)

holochain · May 13, 2024 · 8f76229 · 8f76229
1 parent 705c73a
commit 8f76229
Show file tree

Hide file tree

Showing 9 changed files with 34 additions and 36 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -14,12 +14,12 @@ panic = "abort"
 
 [workspace.dependencies]
 # workspace member deps
-sbd-bench = { version = "0.0.2-alpha", path = "rust/sbd-bench" }
-sbd-client = { version = "0.0.2-alpha", path = "rust/sbd-client" }
-sbd-e2e-crypto-client = { version = "0.0.2-alpha", path = "rust/sbd-e2e-crypto-client" }
-sbd-o-bahn-client-tester = { version = "0.0.2-alpha", path = "rust/sbd-o-bahn-client-tester" }
-sbd-o-bahn-server-tester = { version = "0.0.2-alpha", path = "rust/sbd-o-bahn-server-tester" }
-sbd-server = { version = "0.0.2-alpha", path = "rust/sbd-server" }
+sbd-bench = { version = "0.0.3-alpha", path = "rust/sbd-bench" }
+sbd-client = { version = "0.0.3-alpha", path = "rust/sbd-client" }
+sbd-e2e-crypto-client = { version = "0.0.3-alpha", path = "rust/sbd-e2e-crypto-client" }
+sbd-o-bahn-client-tester = { version = "0.0.3-alpha", path = "rust/sbd-o-bahn-client-tester" }
+sbd-o-bahn-server-tester = { version = "0.0.3-alpha", path = "rust/sbd-o-bahn-server-tester" }
+sbd-server = { version = "0.0.3-alpha", path = "rust/sbd-server" }
 # crate deps
 anstyle = "1.0.6"
 base64 = "0.22.0"

diff --git a/rust/sbd-bench/Cargo.toml b/rust/sbd-bench/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "sbd-bench"
-version = "0.0.2-alpha"
+version = "0.0.3-alpha"
 edition = "2021"
 
 [dependencies]

diff --git a/rust/sbd-client/Cargo.toml b/rust/sbd-client/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "sbd-client"
-version = "0.0.2-alpha"
+version = "0.0.3-alpha"
 description = "simple websocket-based message relay client"
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/holochain/sbd"
@@ -23,6 +23,7 @@ tokio-tungstenite = { workspace = true, default-features = false, features = [ "
 # optional
 ed25519-dalek = { workspace = true, features = [ "rand_core" ], optional = true }
 rand = { workspace = true, optional = true }
+webpki-roots = { workspace = true, optional = true }
 
 [target.'cfg(not(any(target_os = "windows", target_os = "linux", target_os = "macos")))'.dependencies]
 webpki-roots = { workspace = true }
@@ -44,5 +45,8 @@ crypto = [ "dep:ed25519-dalek", "dep:rand" ]
 # expose the raw client (used in server test suite)
 raw_client = []
 
+# force webpki roots instead of native certs
+force_webpki_roots = [ "dep:webpki-roots" ]
+
 [package.metadata.docs.rs]
 all-features = true
diff --git a/rust/sbd-client/src/raw_client.rs b/rust/sbd-client/src/raw_client.rs
@@ -210,27 +210,21 @@ fn priv_system_tls(
 ) -> Arc<rustls::ClientConfig> {
     let mut roots = rustls::RootCertStore::empty();
 
-    #[cfg(not(any(
-        target_os = "windows",
-        target_os = "linux",
-        target_os = "macos"
-    )))]
+    #[cfg(any(
+        feature = "force_webpki_roots",
+        not(any(
+            target_os = "windows",
+            target_os = "linux",
+            target_os = "macos",
+        )),
+    ))]
     {
-        roots.add_server_trust_anchors(
-            webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|a| {
-                rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
-                    a.subject.to_vec(),
-                    a.spki.to_vec(),
-                    a.name_constraints.map(|c| c.to_vec()),
-                )
-            }),
-        );
+        roots.roots = webpki_roots::TLS_SERVER_ROOTS.iter().cloned().collect();
     }
 
-    #[cfg(any(
-        target_os = "windows",
-        target_os = "linux",
-        target_os = "macos"
+    #[cfg(all(
+        not(feature = "force_webpki_roots"),
+        any(target_os = "windows", target_os = "linux", target_os = "macos",),
     ))]
     for cert in rustls_native_certs::load_native_certs()
         .expect("failed to load system tls certs")

diff --git a/rust/sbd-e2e-crypto-client/Cargo.toml b/rust/sbd-e2e-crypto-client/Cargo.toml
@@ -7,7 +7,7 @@ documentation = "https://docs.rs/sbd-e2e-crypto-client"
 authors = ["Holochain Core Dev Team <[email protected]>"]
 keywords = ["holochain", "holo", "p2p", "networking"]
 categories = ["network-programming"]
-version = "0.0.2-alpha"
+version = "0.0.3-alpha"
 edition = "2021"
 
 [dependencies]

diff --git a/rust/sbd-o-bahn-client-tester/Cargo.toml b/rust/sbd-o-bahn-client-tester/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "sbd-o-bahn-client-tester"
-version = "0.0.2-alpha"
+version = "0.0.3-alpha"
 description = "simple websocket-based message relay client tester"
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/holochain/sbd"

diff --git a/rust/sbd-o-bahn-server-tester/Cargo.toml b/rust/sbd-o-bahn-server-tester/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "sbd-o-bahn-server-tester"
-version = "0.0.2-alpha"
+version = "0.0.3-alpha"
 description = "simple websocket-based message relay server tester"
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/holochain/sbd"

diff --git a/rust/sbd-server/Cargo.toml b/rust/sbd-server/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "sbd-server"
-version = "0.0.2-alpha"
+version = "0.0.3-alpha"
 description = "simple websocket-based message relay server"
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/holochain/sbd"