Merge branch 'master' into master

Author: ssrlive

.github/workflows/ci.yml

@@ -20,7 +20,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: sfackler/actions/rustup@master
       - uses: sfackler/actions/rustfmt@master
-  
+
   windows:
     strategy:
       fail-fast: false
@@ -35,7 +35,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: sfackler/actions/rustup@master
         with:
-          version: 1.65.0
+          version: 1.80.0
       - run: echo "::set-output name=version::$(rustc --version)"
         id: rust-version
       - uses: actions/cache@v1

CHANGELOG.md

@@ -2,6 +2,12 @@
 
 ## [Unreleased]
 
+## [v0.2.12]
+
+### Fixed
+
+* Stopped using a deprecated openssl-probe API.
+
 ## [v0.2.11]
 
 ### Fixed

Cargo.toml

@@ -1,13 +1,12 @@
 [package]
 name = "native-tls"
-version = "0.2.12"
-edition = "2018"
+version = "0.2.14"
 authors = ["Steven Fackler <sfackler@gmail.com>"]
 license = "MIT OR Apache-2.0"
 description = "A wrapper over a platform's native TLS implementation"
 repository = "https://github.com/sfackler/rust-native-tls"
 readme = "README.md"
-rust-version = "1.53.0"
+rust-version = "1.80.0"
 
 [package.metadata.docs.rs]
 features = ["alpn"]
@@ -34,7 +33,7 @@ schannel = "0.1.17"
 
 [target.'cfg(not(any(target_os = "windows", target_vendor = "apple")))'.dependencies]
 log = "0.4.5"
-openssl = "0.10.46"
+openssl = "0.10.69"
 openssl-sys = "0.9.81"
 openssl-probe = "0.1"
 

build.rs

@@ -17,4 +17,6 @@ fn main() {
             println!("cargo:rustc-cfg=have_min_max_version");
         }
     }
+
+    println!("cargo::rustc-check-cfg=cfg(have_min_max_version)")
 }

src/imp/openssl.rs

@@ -11,13 +11,16 @@ use self::openssl::ssl::{
     SslVerifyMode,
 };
 use self::openssl::x509::{store::X509StoreBuilder, X509VerifyResult, X509};
+use self::openssl_probe::ProbeResult;
 use std::error;
 use std::fmt;
 use std::io;
-use std::sync::Once;
+use std::sync::LazyLock;
 
 use crate::{Protocol, TlsAcceptorBuilder, TlsConnectorBuilder};
 
+static PROBE_RESULT: LazyLock<ProbeResult> = LazyLock::new(openssl_probe::probe);
+
 #[cfg(feature = "have_min_max_version")]
 fn supported_protocols(
     min: Option<Protocol>,
@@ -85,11 +88,6 @@ fn supported_protocols(
     Ok(())
 }
 
-fn init_trust() {
-    static ONCE: Once = Once::new();
-    ONCE.call_once(openssl_probe::init_ssl_cert_env_vars);
-}
-
 #[cfg(target_os = "android")]
 fn load_android_root_certs(connector: &mut SslContextBuilder) -> Result<(), Error> {
     use std::fs;
@@ -272,9 +270,20 @@ pub struct TlsConnector {
 
 impl TlsConnector {
     pub fn new(builder: &TlsConnectorBuilder) -> Result<TlsConnector, Error> {
-        init_trust();
-
         let mut connector = SslConnector::builder(SslMethod::tls())?;
+
+        // We need to load these separately so an error on one doesn't prevent the other from loading.
+        if let Some(cert_file) = &PROBE_RESULT.cert_file {
+            if let Err(e) = connector.load_verify_locations(Some(cert_file), None) {
+                debug!("load_verify_locations cert file error: {:?}", e);
+            }
+        }
+        if let Some(cert_dir) = &PROBE_RESULT.cert_dir {
+            if let Err(e) = connector.load_verify_locations(None, Some(cert_dir)) {
+                debug!("load_verify_locations cert dir error: {:?}", e);
+            }
+        }
+
         if let Some(ref identity) = builder.identity {
             connector.set_certificate(&identity.0.cert)?;
             connector.set_private_key(&identity.0.pkey)?;

src/lib.rs

@@ -103,7 +103,7 @@ use std::fmt;
 use std::io;
 use std::result;
 
-#[cfg(not(any(target_os = "windows", target_vendor = "apple",)))]
+#[cfg(not(any(target_os = "windows", target_vendor = "apple")))]
 #[macro_use]
 extern crate log;
 #[cfg(target_vendor = "apple")]
@@ -112,7 +112,7 @@ mod imp;
 #[cfg(target_os = "windows")]
 #[path = "imp/schannel.rs"]
 mod imp;
-#[cfg(not(any(target_vendor = "apple", target_os = "windows",)))]
+#[cfg(not(any(target_vendor = "apple", target_os = "windows")))]
 #[path = "imp/openssl.rs"]
 mod imp;