From eee7f11d9f508ee104e4cec8d63954361c0b134d Mon Sep 17 00:00:00 2001 From: Owen Leung Date: Tue, 7 Nov 2023 15:01:44 +0800 Subject: [PATCH] Add support for reading custom cert paths (#104) * Add support to env variables REQUESTS_CA_BUNDLE and CURL_CA_BUNDLE * Fix failing cargo fmt and clippy * Fix deny --------- Co-authored-by: Jake Shadle --- Cargo.lock | 138 +++++++++++------------------------------------------ Cargo.toml | 5 +- deny.toml | 2 - src/ctx.rs | 17 ++++++- 4 files changed, 47 insertions(+), 115 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8ce6d68..19bbbea 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -104,12 +104,6 @@ dependencies = [ "generic-array", ] -[[package]] -name = "bumpalo" -version = "3.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1" - [[package]] name = "byteorder" version = "1.4.3" @@ -553,15 +547,6 @@ version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" -[[package]] -name = "js-sys" -version = "0.3.64" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a" -dependencies = [ - "wasm-bindgen", -] - [[package]] name = "lazy_static" version = "1.4.0" @@ -570,9 +555,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.147" +version = "0.2.150" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3" +checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" [[package]] name = "linked-hash-map" @@ -947,17 +932,16 @@ checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da" [[package]] name = "ring" -version = "0.16.20" +version = "0.17.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" +checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b" dependencies = [ "cc", + "getrandom", "libc", - "once_cell", "spin", "untrusted", - "web-sys", - "winapi", + "windows-sys 0.48.0", ] [[package]] @@ -989,31 +973,30 @@ dependencies = [ [[package]] name = "rustls" -version = "0.21.7" +version = "0.21.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8" +checksum = "446e14c5cda4f3f30fe71863c34ec70f5ac79d6087097ad0bb433e1be5edf04c" dependencies = [ "log", "ring", - "rustls-webpki 0.101.4", + "rustls-webpki", "sct", ] [[package]] -name = "rustls-webpki" -version = "0.100.2" +name = "rustls-pemfile" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e98ff011474fa39949b7e5c0428f9b4937eda7da7848bbb947786b7be0b27dab" +checksum = "2d3987094b1d07b653b7dfdc3f70ce9a1da9c51ac18c1b06b662e4f9a0e9f4b2" dependencies = [ - "ring", - "untrusted", + "base64", ] [[package]] name = "rustls-webpki" -version = "0.101.4" +version = "0.101.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d" +checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" dependencies = [ "ring", "untrusted", @@ -1051,9 +1034,9 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "sct" -version = "0.7.0" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" +checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" dependencies = [ "ring", "untrusted", @@ -1156,9 +1139,9 @@ checksum = "62bb4feee49fdd9f707ef802e22365a35de4b7b299de4763d44bfea899442ff9" [[package]] name = "spin" -version = "0.5.2" +version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" [[package]] name = "static_assertions" @@ -1398,15 +1381,15 @@ checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" [[package]] name = "untrusted" -version = "0.7.1" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "ureq" -version = "2.7.1" +version = "2.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b11c96ac7ee530603dcdf68ed1557050f374ce55a5a07193ebf8cbc9f8927e9" +checksum = "f5ccd538d4a604753ebc2f17cd9946e89b77bf87f6a8e2309667c6f2e87855e3" dependencies = [ "base64", "flate2", @@ -1414,7 +1397,7 @@ dependencies = [ "native-tls", "once_cell", "rustls", - "rustls-webpki 0.100.2", + "rustls-webpki", "url", "webpki-roots", ] @@ -1486,78 +1469,11 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" -[[package]] -name = "wasm-bindgen" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342" -dependencies = [ - "cfg-if", - "wasm-bindgen-macro", -] - -[[package]] -name = "wasm-bindgen-backend" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd" -dependencies = [ - "bumpalo", - "log", - "once_cell", - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-macro" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d" -dependencies = [ - "quote", - "wasm-bindgen-macro-support", -] - -[[package]] -name = "wasm-bindgen-macro-support" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-backend", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-shared" -version = "0.2.87" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1" - -[[package]] -name = "web-sys" -version = "0.3.64" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b85cbef8c220a6abc02aefd892dfc0fc23afb1c6a426316ec33253a3877249b" -dependencies = [ - "js-sys", - "wasm-bindgen", -] - [[package]] name = "webpki-roots" -version = "0.23.1" +version = "0.25.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b03058f88386e5ff5310d9111d53f48b17d732b401aeb83a8d5190f2ac459338" -dependencies = [ - "rustls-webpki 0.100.2", -] +checksum = "14247bb57be4f377dfb94c72830b8ce8fc6beac03cf4bf7b9732eadd414123fc" [[package]] name = "winapi" @@ -1751,6 +1667,8 @@ dependencies = [ "parking_lot", "rayon", "regex", + "rustls", + "rustls-pemfile", "serde", "serde_json", "sha2", diff --git a/Cargo.toml b/Cargo.toml index a45c9a1..86ba095 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -16,7 +16,7 @@ default = ["rustls-tls"] rustls-tls = ["ureq/tls"] # If this feature is enabled we instead use the native TLS implementation for the # target platform -native-tls = ["ureq/native-tls", "native-tls-crate/vendored"] +native-tls = ["ureq/native-tls", "native-tls-crate/vendored", "rustls-pemfile", "rustls"] [dependencies] # Easy errors @@ -47,6 +47,9 @@ regex = "1.0" ureq = { version = "2.4", default-features = false, features = ["gzip"] } memchr = "2.6" native-tls-crate = { package = "native-tls", version = "0.2", optional = true } +# CA Cert for HTTP requests +rustls = { version = "0.21.8", optional = true } +rustls-pemfile = { version = "1.0.3", optional = true } # SHA-256 verification sha2 = "0.10" # Deserialization diff --git a/deny.toml b/deny.toml index 4dd3b93..14cf700 100644 --- a/deny.toml +++ b/deny.toml @@ -43,8 +43,6 @@ skip = [ { name = "regex-syntax", version = "=0.6.29" }, # ditto :( { name = "regex-automata", version = "=0.1.10" }, - # ureq - { name = "rustls-webpki", version = "=0.100.2" }, ] skip-tree = [ # clap -> terminal_size diff --git a/src/ctx.rs b/src/ctx.rs index 21160a7..cfd62ad 100644 --- a/src/ctx.rs +++ b/src/ctx.rs @@ -27,11 +27,24 @@ pub struct Ctx { impl Ctx { fn http_client(read_timeout: Option) -> Result { let mut builder = ureq::builder(); - #[cfg(feature = "native-tls")] { + use std::env; + use std::fs::File; + use std::io::BufReader; use std::sync::Arc; - builder = builder.tls_connector(Arc::new(native_tls_crate::TlsConnector::new()?)); + + let mut tls_builder = native_tls_crate::TlsConnector::builder(); + if let Some(custom_ca) = + env::var_os("REQUESTS_CA_BUNDLE").or_else(|| env::var_os("CURL_CA_BUNDLE")) + { + let mut reader = BufReader::new(File::open(custom_ca)?); + for cert in rustls_pemfile::certs(&mut reader)? { + tls_builder + .add_root_certificate(native_tls_crate::Certificate::from_pem(&cert)?); + } + } + builder = builder.tls_connector(Arc::new(tls_builder.build()?)); } // Allow user to specify timeout values in the case of bad/slow proxies