polyphony-chat · bitfl0wer · Nov 12, 2023 · Nov 12, 2023 · Nov 12, 2023 · Nov 12, 2023
diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml
@@ -4,7 +4,7 @@ on:
   push:
     branches: [ "main", "dev" ]
   pull_request:
-    branches: [ "main" ]
+    branches: [ "main", "dev" ]
 
 env:
   CARGO_TERM_COLOR: always
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Clone spacebar server
       run: |
         git clone https://github.com/bitfl0wer/server.git

diff --git a/.github/workflows/rust-clippy.yml b/.github/workflows/rust-clippy.yml
@@ -14,7 +14,7 @@ on:
     branches: [ "main", "preserve/*", "dev" ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "main" ]
+    branches: [ "main", "dev" ]
 
 jobs:
   rust-clippy-analyze:
@@ -26,10 +26,10 @@ jobs:
       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install Rust toolchain
-        uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af #@v1
+        uses: actions-rs/toolchain@v1
         with:
           profile: minimal
           toolchain: stable

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "chorus"
 description = "A library for interacting with multiple Spacebar-compatible Instances at once."
-version = "0.9.0"
+version = "0.10.0"
 license = "AGPL-3.0"
 edition = "2021"
 repository = "https://github.com/polyphony-chat/chorus"
@@ -28,10 +28,12 @@ chrono = { version = "0.4.26", features = ["serde"] }
 regex = "1.9.4"
 custom_error = "1.9.2"
 native-tls = "0.2.11"
-tokio-tungstenite = { version = "0.20.0", features = ["native-tls"] }
+tokio-tungstenite = { version = "0.20.0", features = [
+    "rustls-tls-native-roots",
+    "rustls-native-certs",
+] }
 futures-util = "0.3.28"
 http = "0.2.9"
-openssl = "0.10.56"
 base64 = "0.21.3"
 hostname = "0.3.1"
 bitflags = { version = "2.4.0", features = ["serde"] }
@@ -51,6 +53,9 @@ jsonwebtoken = "8.3.0"
 log = "0.4.20"
 async-trait = "0.1.73"
 chorus-macros = "0.2.0"
+rustls = "0.21.8"
+rustls-native-certs = "0.6.3"
+rand = "0.8.5"
 
 [dev-dependencies]
 tokio = { version = "1.32.0", features = ["full"] }

diff --git a/src/gateway.rs b/src/gateway.rs
@@ -20,7 +20,6 @@ use futures_util::stream::SplitStream;
 use futures_util::SinkExt;
 use futures_util::StreamExt;
 use log::{info, trace, warn};
-use native_tls::TlsConnector;
 use tokio::net::TcpStream;
 use tokio::sync::mpsc::Sender;
 use tokio::sync::Mutex;
@@ -349,12 +348,21 @@ pub struct Gateway {
 impl Gateway {
     #[allow(clippy::new_ret_no_self)]
     pub async fn new(websocket_url: String) -> Result<GatewayHandle, GatewayError> {
+        let mut roots = rustls::RootCertStore::empty();
+        for cert in rustls_native_certs::load_native_certs().expect("could not load platform certs")
+        {
+            roots.add(&rustls::Certificate(cert.0)).unwrap();
+        }
         let (websocket_stream, _) = match connect_async_tls_with_config(
             &websocket_url,
             None,
             false,
-            Some(Connector::NativeTls(
-                TlsConnector::builder().build().unwrap(),
+            Some(Connector::Rustls(
+                rustls::ClientConfig::builder()
+                    .with_safe_defaults()
+                    .with_root_certificates(roots)
+                    .with_no_client_auth()
+                    .into(),
             )),
         )
         .await

diff --git a/src/types/config/types/security_configuration.rs b/src/types/config/types/security_configuration.rs
@@ -1,4 +1,5 @@
 use base64::Engine;
+use rand::Fill;
 use serde::{Deserialize, Serialize};
 
 use crate::types::config::types::subconfigs::security::{
@@ -22,10 +23,15 @@ pub struct SecurityConfiguration {
 
 impl Default for SecurityConfiguration {
     fn default() -> Self {
+        let mut rng: rand::rngs::ThreadRng = rand::thread_rng();
         let mut req_sig: [u8; 32] = [0; 32];
-        let _ = openssl::rand::rand_bytes(&mut req_sig);
         let mut jwt_secret: [u8; 256] = [0; 256];
-        let _ = openssl::rand::rand_bytes(&mut jwt_secret);
+        req_sig
+            .try_fill(&mut rng)
+            .expect("Unable to generate cryptographically safe secrets.");
+        jwt_secret
+            .try_fill(&mut rng)
+            .expect("Unable to generate cryptographically safe secrets.");
         Self {
             captcha: Default::default(),
             two_factor: Default::default(),