|
|
|
@ -111,19 +111,16 @@ async fn pass() -> io::Result<()> { |
|
|
|
|
tokio::time::sleep(Duration::from_secs(1)).await; |
|
|
|
|
|
|
|
|
|
let chain = certs(&mut std::io::Cursor::new(*chain)).unwrap(); |
|
|
|
|
let trust_anchors = chain |
|
|
|
|
.iter() |
|
|
|
|
.map(|cert| { |
|
|
|
|
let ta = webpki::TrustAnchor::try_from_cert_der(&cert[..]).unwrap(); |
|
|
|
|
OwnedTrustAnchor::from_subject_spki_name_constraints( |
|
|
|
|
ta.subject, |
|
|
|
|
ta.spki, |
|
|
|
|
ta.name_constraints, |
|
|
|
|
) |
|
|
|
|
}) |
|
|
|
|
.collect::<Vec<_>>(); |
|
|
|
|
let mut root_store = rustls::RootCertStore::empty(); |
|
|
|
|
root_store.add_server_trust_anchors(trust_anchors.into_iter()); |
|
|
|
|
root_store.add_server_trust_anchors(chain.iter().map(|cert| { |
|
|
|
|
let ta = webpki::TrustAnchor::try_from_cert_der(&cert[..]).unwrap(); |
|
|
|
|
OwnedTrustAnchor::from_subject_spki_name_constraints( |
|
|
|
|
ta.subject, |
|
|
|
|
ta.spki, |
|
|
|
|
ta.name_constraints, |
|
|
|
|
) |
|
|
|
|
})); |
|
|
|
|
|
|
|
|
|
let config = rustls::ClientConfig::builder() |
|
|
|
|
.with_safe_defaults() |
|
|
|
|
.with_root_certificates(root_store) |
|
|
|
@ -140,19 +137,16 @@ async fn fail() -> io::Result<()> { |
|
|
|
|
let (addr, domain, chain) = start_server(); |
|
|
|
|
|
|
|
|
|
let chain = certs(&mut std::io::Cursor::new(*chain)).unwrap(); |
|
|
|
|
let trust_anchors = chain |
|
|
|
|
.iter() |
|
|
|
|
.map(|cert| { |
|
|
|
|
let ta = webpki::TrustAnchor::try_from_cert_der(&cert[..]).unwrap(); |
|
|
|
|
OwnedTrustAnchor::from_subject_spki_name_constraints( |
|
|
|
|
ta.subject, |
|
|
|
|
ta.spki, |
|
|
|
|
ta.name_constraints, |
|
|
|
|
) |
|
|
|
|
}) |
|
|
|
|
.collect::<Vec<_>>(); |
|
|
|
|
let mut root_store = rustls::RootCertStore::empty(); |
|
|
|
|
root_store.add_server_trust_anchors(trust_anchors.into_iter()); |
|
|
|
|
root_store.add_server_trust_anchors(chain.iter().map(|cert| { |
|
|
|
|
let ta = webpki::TrustAnchor::try_from_cert_der(&cert[..]).unwrap(); |
|
|
|
|
OwnedTrustAnchor::from_subject_spki_name_constraints( |
|
|
|
|
ta.subject, |
|
|
|
|
ta.spki, |
|
|
|
|
ta.name_constraints, |
|
|
|
|
) |
|
|
|
|
})); |
|
|
|
|
|
|
|
|
|
let config = rustls::ClientConfig::builder() |
|
|
|
|
.with_safe_defaults() |
|
|
|
|
.with_root_certificates(root_store) |
|
|
|
@ -190,7 +184,7 @@ async fn test_lazy_config_acceptor() -> io::Result<()> { |
|
|
|
|
assert_eq!( |
|
|
|
|
ch.alpn() |
|
|
|
|
.map(|protos| protos.collect::<Vec<_>>()) |
|
|
|
|
.unwrap_or(Vec::new()), |
|
|
|
|
.unwrap_or_default(), |
|
|
|
|
Vec::<&[u8]>::new() |
|
|
|
|
); |
|
|
|
|
|
|
|
|
|