Bump to webpki-roots 0.25

stalwartlabs · Aug 15, 2023 · ffa60e3 · ffa60e3
1 parent d5ac9b3
commit ffa60e3
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 16 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -22,13 +22,14 @@ base64 = "0.20.0"
 rand = { version = "0.8.5", optional = true }
 md5 = { version = "0.7.0", optional = true }
 tokio = { version = "1.23", features = ["net", "io-util", "time"]}
-rustls = { version = "0.21", features = ["dangerous_configuration"]}
+rustls = { version = "0.21", features = ["tls12", "dangerous_configuration"]}
 tokio-rustls = { version = "0.24"}
-webpki-roots = { version = "0.23"}
+webpki-roots = { version = "0.25.2"}
 gethostname = { version = "0.4"}
 
 [dev-dependencies]
 tokio = { version = "1.16", features = ["net", "io-util", "time", "rt-multi-thread", "macros"] }
+env_logger = "0.10.0"
 
 [features]
 default = ["digest-md5", "cram-md5", "builder", "dkim"]

diff --git a/src/smtp/client.rs b/src/smtp/client.rs
@@ -160,6 +160,7 @@ mod test {
     #[tokio::test]
     async fn smtp_basic() {
         // StartTLS test
+        env_logger::init();
         let client = SmtpClientBuilder::new("mail.smtp2go.com", 2525)
             .implicit_tls(false)
             .connect()

diff --git a/src/smtp/tls.rs b/src/smtp/tls.rs
@@ -11,7 +11,7 @@
 use std::{convert::TryFrom, io, sync::Arc};
 
 use rustls::{
-    client::{ServerCertVerified, ServerCertVerifier, WebPkiVerifier},
+    client::{ServerCertVerified, ServerCertVerifier},
     Certificate, ClientConfig, ClientConnection, OwnedTrustAnchor, RootCertStore, ServerName,
 };
 use tokio::net::TcpStream;
@@ -80,22 +80,25 @@ pub fn build_tls_connector(allow_invalid_certs: bool) -> TlsConnector {
     let config = if !allow_invalid_certs {
         let mut root_cert_store = RootCertStore::empty();
 
-        root_cert_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(
-            |ta| {
-                OwnedTrustAnchor::from_subject_spki_name_constraints(
-                    ta.subject,
-                    ta.spki,
-                    ta.name_constraints,
-                )
-            },
-        ));
+        root_cert_store.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| {
+            OwnedTrustAnchor::from_subject_spki_name_constraints(
+                ta.subject,
+                ta.spki,
+                ta.name_constraints,
+            )
+        }));
+
+        //config
+        //    .with_custom_certificate_verifier(Arc::new(WebPkiVerifier::new(root_cert_store, None)))
 
         config
-            .with_custom_certificate_verifier(Arc::new(WebPkiVerifier::new(root_cert_store, None)))
+            .with_root_certificates(root_cert_store)
+            .with_no_client_auth()
     } else {
-        config.with_custom_certificate_verifier(Arc::new(DummyVerifier {}))
-    }
-    .with_no_client_auth();
+        config
+            .with_custom_certificate_verifier(Arc::new(DummyVerifier {}))
+            .with_no_client_auth()
+    };
 
     TlsConnector::from(Arc::new(config))
 }