Skip to content

Commit

Permalink
Update tokio-rustls to 0.24 (Fix RUSTSEC-2023-0052 when "tls" feature…
Browse files Browse the repository at this point in the history
… enabled) (#1063)
  • Loading branch information
AldaronLau authored Aug 25, 2023
1 parent 4d3a534 commit 2f2c744
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 4 deletions.
2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ tower-service = "0.3"
tokio-tungstenite = { version = "0.18", optional = true }
percent-encoding = "2.1"
pin-project = "1.0"
tokio-rustls = { version = "0.23", optional = true }
tokio-rustls = { version = "0.24", optional = true }
rustls-pemfile = "1.0"

[dev-dependencies]
Expand Down
7 changes: 4 additions & 3 deletions src/tls.rs
Original file line number Diff line number Diff line change
Expand Up @@ -221,18 +221,19 @@ impl TlsConfigBuilder {
}

let client_auth = match self.client_auth {
TlsClientAuth::Off => NoClientAuth::new(),
TlsClientAuth::Off => NoClientAuth::boxed(),
TlsClientAuth::Optional(trust_anchor) => {
AllowAnyAnonymousOrAuthenticatedClient::new(read_trust_anchor(trust_anchor)?)
.boxed()
}
TlsClientAuth::Required(trust_anchor) => {
AllowAnyAuthenticatedClient::new(read_trust_anchor(trust_anchor)?)
AllowAnyAuthenticatedClient::new(read_trust_anchor(trust_anchor)?).boxed()
}
};

let mut config = ServerConfig::builder()
.with_safe_defaults()
.with_client_cert_verifier(client_auth.into())
.with_client_cert_verifier(client_auth)
.with_single_cert_with_ocsp_and_sct(cert, key, self.ocsp_resp, Vec::new())
.map_err(TlsConfigError::InvalidKey)?;
config.alpn_protocols = vec!["h2".into(), "http/1.1".into()];
Expand Down

0 comments on commit 2f2c744

Please sign in to comment.