Merge pull request #238 from JuliaLang/jq/mozilla_jll

Switch default cert to MozillaCACerts_jll
JuliaLang · Jul 1, 2022 · 0c02e44 · 0c02e44 · quinnj · Jul 1, 2022
2 parents d4261df + 4bfad89
commit 0c02e44
Show file tree

Hide file tree

Showing 6 changed files with 58 additions and 25 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,48 @@
+name: CI
+on:
+  pull_request:
+  push:
+    branches: [master]
+    tags: ["*"]
+jobs:
+  test:
+    name: Julia ${{ matrix.version }} - ${{ matrix.os }} - ${{ matrix.arch }} - ${{ github.event_name }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        version:
+          - '1.6'
+          - '1' # automatically expands to the latest stable 1.x release of Julia
+          - 'nightly'
+        os:
+          - ubuntu-latest
+        arch:
+          - x64
+          - x86
+        include:
+          - os: windows-latest
+            version: '1'
+            arch: x64
+    steps:
+      - uses: actions/checkout@v2
+      - uses: julia-actions/setup-julia@v1
+        with:
+          version: ${{ matrix.version }}
+          arch: ${{ matrix.arch }}
+      - uses: actions/cache@v1
+        env:
+          cache-name: cache-artifacts
+        with:
+          path: ~/.julia/artifacts
+          key: ${{ runner.os }}-test-${{ env.cache-name }}-${{ hashFiles('**/Project.toml') }}
+          restore-keys: |
+            ${{ runner.os }}-test-${{ env.cache-name }}-
+            ${{ runner.os }}-test-
+            ${{ runner.os }}-
+      - uses: julia-actions/julia-buildpkg@v1
+      - uses: julia-actions/julia-runtest@v1
+      - uses: julia-actions/julia-processcoverage@v1
+      - uses: codecov/codecov-action@v1
+        with:
+          file: lcov.info
diff --git a/.gitignore b/.gitignore
@@ -6,3 +6,4 @@ deps/src
 deps/deps.jl
 deps/usr
 deps/build.log
+Manifest.toml
diff --git a/.travis.yml b/.travis.yml
diff --git a/Project.toml b/Project.toml
@@ -1,17 +1,19 @@
 name = "MbedTLS"
 uuid = "739be429-bea8-5141-9913-cc70e7f3736d"
 authors = ["Jacob Quinn <quinn.jacobd@gmail.com>"]
-version = "1.0.3"
+version = "1.1.0"
 
 [deps]
 Dates = "ade2ca70-3891-5945-98fb-dc099432e06a"
 MbedTLS_jll = "c8ffd9c3-330d-5841-b78e-0817d7145fa1"
+MozillaCACerts_jll = "14a3606d-f60d-562e-9121-12d972cd8159"
 Random = "9a3f8284-a2c9-5f02-9a11-845980a1fd5c"
 Sockets = "6462fe0b-24de-5631-8697-dd941f90decc"
 
 [compat]
-julia = "1.3"
 MbedTLS_jll = "2"
+MozillaCACerts_jll = ">= 2020"
+julia = "1.6"
 
 [extras]
 Distributed = "8ba89e20-285c-5b6f-9357-94700520ee1b"

diff --git a/src/MbedTLS.jl b/src/MbedTLS.jl
@@ -1,6 +1,6 @@
 module MbedTLS
 
-using Random, Sockets, MbedTLS_jll
+using Random, Sockets, MbedTLS_jll, MozillaCACerts_jll
 import Sockets: TCPSocket
 
 export

diff --git a/src/ssl.jl b/src/ssl.jl
@@ -511,7 +511,7 @@ function rng!(config::SSLConfig, rng::AbstractRNG)
     rng!(config, c_rng[], rng)
 end
 
-function ca_chain!(config::SSLConfig, chain=crt_parse(DEFAULT_CERT))
+function ca_chain!(config::SSLConfig, chain=crt_parse(DEFAULT_CERT[]))
     config.chain = chain
     ccall((:mbedtls_ssl_conf_ca_chain, libmbedtls), Cvoid,
         (Ptr{Cvoid}, Ptr{Cvoid}, Ptr{Cvoid}),
@@ -775,10 +775,12 @@ end
 const c_send = Ref{Ptr{Cvoid}}(C_NULL)
 const c_recv = Ref{Ptr{Cvoid}}(C_NULL)
 const c_dbg = Ref{Ptr{Cvoid}}(C_NULL)
-const DEFAULT_CERT = read(joinpath(@__DIR__, "cacert.pem"), String)
+const DEFAULT_CERT = Ref{String}()
 
 function __sslinit__()
     c_send[] = @cfunction(f_send, Cint, (Ptr{Cvoid}, Ptr{UInt8}, Csize_t))
     c_recv[] = @cfunction(f_recv, Cint, (Ptr{Cvoid}, Ptr{UInt8}, Csize_t))
     c_dbg[] = @cfunction(f_dbg, Cvoid, (Any, Cint, Ptr{UInt8}, Cint, Ptr{UInt8}))
+    # Note: `MozillaCACerts_jll.cacert` is filled by `__init__`
+    DEFAULT_CERT[] = read(MozillaCACerts_jll.cacert, String)
 end