From 64b86350595f9ba546a4202ca2bd2ac0c66af319 Mon Sep 17 00:00:00 2001 From: asonix Date: Wed, 1 May 2024 14:40:08 -0500 Subject: [PATCH] Update rustls for tokio-postgres This doesn't update rustls for actix-web (0.22), or rustls for reqwest (0.21) --- Cargo.lock | 49 +++++++++++++++++++++++++++----------------- Cargo.toml | 4 +++- src/repo/postgres.rs | 6 +++--- 3 files changed, 36 insertions(+), 23 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 39d3fcb..d161fca 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -958,20 +958,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "futures" -version = "0.3.30" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "645c6916888f6cb6350d2550b80fb63e734897a8498abe35cfb732b6487804b0" -dependencies = [ - "futures-channel", - "futures-core", - "futures-io", - "futures-sink", - "futures-task", - "futures-util", -] - [[package]] name = "futures-channel" version = "0.3.30" @@ -1843,6 +1829,7 @@ dependencies = [ "reqwest-middleware", "reqwest-tracing", "rustls 0.22.4", + "rustls 0.23.5", "rustls-channel-resolver", "rustls-pemfile 2.1.2", "rusty-s3", @@ -2353,6 +2340,20 @@ dependencies = [ "zeroize", ] +[[package]] +name = "rustls" +version = "0.23.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "afabcee0551bd1aa3e18e5adbf2c0544722014b899adb31bd186ec638d3da97e" +dependencies = [ + "once_cell", + "ring", + "rustls-pki-types", + "rustls-webpki 0.102.3", + "subtle", + "zeroize", +] + [[package]] name = "rustls-channel-resolver" version = "0.2.0" @@ -2928,16 +2929,15 @@ dependencies = [ [[package]] name = "tokio-postgres-rustls" -version = "0.11.1" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ea13f22eda7127c827983bdaf0d7fff9df21c8817bab02815ac277a21143677" +checksum = "04fb792ccd6bbcd4bba408eb8a292f70fc4a3589e5d793626f45190e6454b6ab" dependencies = [ - "futures", "ring", - "rustls 0.22.4", + "rustls 0.23.5", "tokio", "tokio-postgres", - "tokio-rustls 0.25.0", + "tokio-rustls 0.26.0", "x509-certificate", ] @@ -2962,6 +2962,17 @@ dependencies = [ "tokio", ] +[[package]] +name = "tokio-rustls" +version = "0.26.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c7bc40d0e5a97695bb96e27995cd3a08538541b0a846f65bba7a359f36700d4" +dependencies = [ + "rustls 0.23.5", + "rustls-pki-types", + "tokio", +] + [[package]] name = "tokio-stream" version = "0.1.15" diff --git a/Cargo.toml b/Cargo.toml index b939483..af8b042 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -50,6 +50,8 @@ reqwest = { version = "0.11.18", default-features = false, features = ["json", " reqwest-middleware = "0.2.2" reqwest-tracing = "0.4.5" # pinned to tokio-postgres-rustls +rustls023 = { package = "rustls", version = "0.23", default-features = false, features = ["ring"] } +# pinned to actix-web rustls = "0.22.0" # pinned to rustls rustls-channel-resolver = "0.2.0" @@ -68,7 +70,7 @@ thiserror = "1.0" time = { version = "0.3.0", features = ["serde", "serde-well-known"] } tokio = { version = "1", features = ["full", "tracing"] } tokio-postgres = { version = "0.7.10", features = ["with-uuid-1", "with-time-0_3", "with-serde_json-1"] } -tokio-postgres-rustls = "0.11.0" +tokio-postgres-rustls = "0.12.0" tokio-uring = { version = "0.4", optional = true, features = ["bytes"] } tokio-util = { version = "0.7", default-features = false, features = [ "codec", diff --git a/src/repo/postgres.rs b/src/repo/postgres.rs index cae7d09..0627a65 100644 --- a/src/repo/postgres.rs +++ b/src/repo/postgres.rs @@ -142,7 +142,7 @@ pub(crate) enum TlsError { Invalid, #[error("Couldn't add certificate to root store")] - Add(#[source] rustls::Error), + Add(#[source] rustls023::Error), } impl PostgresError { @@ -174,7 +174,7 @@ impl PostgresError { async fn build_tls_connector( certificate_file: Option, ) -> Result { - let mut cert_store = rustls::RootCertStore { + let mut cert_store = rustls023::RootCertStore { roots: Vec::from(webpki_roots::TLS_SERVER_ROOTS), }; @@ -195,7 +195,7 @@ async fn build_tls_connector( cert_store.add(cert).map_err(TlsError::Add)?; } - let config = rustls::ClientConfig::builder() + let config = rustls023::ClientConfig::builder() .with_root_certificates(cert_store) .with_no_client_auth();