Merge pull request #139 from adamreichold/bump-rustls

Bump rustls and webpki to enable connecting to IP addresses over TLS.

Author: sbstp

Cargo.toml

@@ -24,13 +24,13 @@ mime = {version = "0.3.16", optional = true}
 multipart = {version = "0.18.0", default-features = false, features = ["client"], optional = true}
 native-tls = {version = "0.2.10", optional = true}
 rustls-native-certs = { version = "0.6", optional = true}
-rustls-opt-dep = {package = "rustls", version = "0.20.6", features = ["dangerous_configuration"], optional = true}
+rustls-opt-dep = {package = "rustls", version = "0.21.0", features = ["dangerous_configuration"], optional = true}
 serde = {version = "1.0.143", optional = true}
 serde_json = {version = "1.0.83", optional = true}
 serde_urlencoded = {version = "0.7.1", optional = true}
 url = "2.2.2"
 webpki = {version = "0.22.0", optional = true}
-webpki-roots = {version = "0.22.4", optional = true}
+webpki-roots = {version = "0.23.0", optional = true}
 
 [dev-dependencies]
 anyhow = "1.0.61"
@@ -39,6 +39,7 @@ futures = "0.3.23"
 futures-util = "0.3.23"
 hyper = "0.14.20"
 lazy_static = "1.4.0"
+multipart = {version = "0.18.0", default-features = false, features = ["server"]}
 tokio = {version = "1.20.1", features = ["full"]}
 tokio-rustls = "0.22.0"
 tokio-stream = {version = "0.1.9", features = ["net"]}

src/error.rs

@@ -89,9 +89,6 @@ pub enum ErrorKind {
     InvalidMimeType(String),
     /// TLS was not enabled by features.
     TlsDisabled,
-    /// WebPKI error.
-    #[cfg(feature = "__rustls")]
-    WebPKI(webpki::Error),
 }
 
 /// A type that contains all the errors that can possibly occur while accessing an HTTP server.
@@ -135,8 +132,6 @@ impl Display for Error {
             InvalidDNSName(ref e) => write!(w, "Invalid DNS name: {e}"),
             InvalidMimeType(ref e) => write!(w, "Invalid mime type: {e}"),
             TlsDisabled => write!(w, "TLS is disabled, activate one of the tls- features"),
-            #[cfg(feature = "__rustls")]
-            WebPKI(ref e) => write!(w, "WebPKI error: {e}"),
         }
     }
 }
@@ -152,8 +147,6 @@ impl StdError for Error {
             Json(ref e) => Some(e),
             #[cfg(any(feature = "tls-native", feature = "__rustls"))]
             Tls(ref e) => Some(e),
-            #[cfg(feature = "__rustls")]
-            WebPKI(ref e) => Some(e),
             _ => None,
         }
     }
@@ -235,12 +228,5 @@ impl From<InvalidResponseKind> for io::Error {
     }
 }
 
-#[cfg(feature = "__rustls")]
-impl From<webpki::Error> for Error {
-    fn from(err: webpki::Error) -> Error {
-        Error(Box::new(ErrorKind::WebPKI(err)))
-    }
-}
-
 /// Wrapper for the `Result` type with an `Error`.
 pub type Result<T = ()> = result::Result<T, Error>;

src/request/proxy.rs

@@ -78,8 +78,11 @@ impl ProxySettings {
 
         if !disable_proxies {
             if let Some(no_proxy) = no_proxy {
-                no_proxy_hosts.extend(no_proxy.split(',').map(|s|
-                    s.trim().trim_start_matches('.').to_lowercase()));
+                no_proxy_hosts.extend(
+                    no_proxy
+                        .split(',')
+                        .map(|s| s.trim().trim_start_matches('.').to_lowercase()),
+                );
             }
         }
 
@@ -101,7 +104,11 @@ impl ProxySettings {
         }
 
         if let Some(host) = url.host_str() {
-            if !self.no_proxy_hosts.iter().any(|x| host.ends_with(x.to_lowercase().as_str())) {
+            if !self
+                .no_proxy_hosts
+                .iter()
+                .any(|x| host.ends_with(x.to_lowercase().as_str()))
+            {
                 return match url.scheme() {
                     "http" => self.http_proxy.as_ref(),
                     "https" => self.https_proxy.as_ref(),

src/tls/rustls_impl.rs

@@ -198,17 +198,14 @@ impl ServerCertVerifier for CustomCertVerifier {
             .upstream
             .verify_server_cert(end_entity, intermediates, server_name, scts, ocsp_response, now)
         {
-            Err(
-                rustls::Error::NoCertificatesPresented
-                | rustls::Error::InvalidCertificateEncoding
-                | rustls::Error::InvalidCertificateSignatureType
-                | rustls::Error::InvalidCertificateSignature
-                | rustls::Error::InvalidCertificateData(_),
-            ) if self.accept_invalid_certs => Ok(ServerCertVerified::assertion()),
-
-            // c.f. https://github.com/rustls/rustls/blob/2f90c1bf7339e7862dfc850f2b23e2010c795ddb/rustls/tests/api.rs#L801
-            Err(rustls::Error::InvalidCertificateData(msg))
-                if self.accept_invalid_hostnames && msg.contains("CertNotValidForName") =>
+            Err(rustls::Error::NoCertificatesPresented | rustls::Error::InvalidCertificate(_))
+                if self.accept_invalid_certs =>
+            {
+                Ok(ServerCertVerified::assertion())
+            }
+
+            Err(rustls::Error::InvalidCertificate(rustls::CertificateError::NotValidForName))
+                if self.accept_invalid_hostnames =>
             {
                 Ok(ServerCertVerified::assertion())
             }