From 0f00a0c11b2f1b23e148339a2fcdb3634545022c Mon Sep 17 00:00:00 2001
From: "John T. Wodder II" <jwodder@users.noreply.github.com>
Date: Sun, 16 Apr 2023 21:51:11 -0400
Subject: [PATCH] tokio-rustls: Fix "Basic Structure of a Client" code in
 README (#142)

---
 tokio-rustls/README.md | 26 +++++++++++++++++++-------
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/tokio-rustls/README.md b/tokio-rustls/README.md
index d3c6c77..87d226f 100644
--- a/tokio-rustls/README.md
+++ b/tokio-rustls/README.md
@@ -11,18 +11,30 @@ Asynchronous TLS/SSL streams for [Tokio](https://tokio.rs/) using
 ### Basic Structure of a Client
 
 ```rust
-use webpki::DNSNameRef;
-use tokio_rustls::{ TlsConnector, rustls::ClientConfig };
+use std::sync::Arc;
+use tokio::net::TcpStream;
+use tokio_rustls::rustls::{ClientConfig, OwnedTrustAnchor, RootCertStore, ServerName};
+use tokio_rustls::TlsConnector;
 
 // ...
 
-let mut config = ClientConfig::new();
-config.root_store.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
-let config = TlsConnector::from(Arc::new(config));
-let dnsname = DNSNameRef::try_from_ascii_str("www.rust-lang.org").unwrap();
+let mut root_cert_store = RootCertStore::empty();
+root_cert_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
+    OwnedTrustAnchor::from_subject_spki_name_constraints(
+        ta.subject,
+        ta.spki,
+        ta.name_constraints,
+    )
+}));
+let config = ClientConfig::builder()
+    .with_safe_defaults()
+    .with_root_certificates(root_cert_store)
+    .with_no_client_auth();
+let connector = TlsConnector::from(Arc::new(config));
+let dnsname = ServerName::try_from("www.rust-lang.org").unwrap();
 
 let stream = TcpStream::connect(&addr).await?;
-let mut stream = config.connect(dnsname, stream).await?;
+let mut stream = connector.connect(dnsname, stream).await?;
 
 // ...
 ```