From c5289c02c942c6902e2e7fb8a379f56425f47676 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Wed, 19 Feb 2025 09:27:19 -0500 Subject: [PATCH] Cache openssl cert lookup and don't bail on error --- .github/workflows/ci.yml | 4 ++-- Cargo.toml | 2 +- build.rs | 2 ++ src/imp/openssl.rs | 17 +++++++++++++++-- 4 files changed, 20 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 29e22df7..4a47b9bb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,7 +20,7 @@ jobs: - uses: actions/checkout@v2 - uses: sfackler/actions/rustup@master - uses: sfackler/actions/rustfmt@master - + windows: strategy: fail-fast: false @@ -35,7 +35,7 @@ jobs: - uses: actions/checkout@v2 - uses: sfackler/actions/rustup@master with: - version: 1.65.0 + version: 1.80.0 - run: echo "::set-output name=version::$(rustc --version)" id: rust-version - uses: actions/cache@v1 diff --git a/Cargo.toml b/Cargo.toml index 8485c77a..f6804375 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -6,7 +6,7 @@ license = "MIT OR Apache-2.0" description = "A wrapper over a platform's native TLS implementation" repository = "https://github.com/sfackler/rust-native-tls" readme = "README.md" -rust-version = "1.53.0" +rust-version = "1.80.0" [package.metadata.docs.rs] features = ["alpn"] diff --git a/build.rs b/build.rs index b7a41f45..357d5dc3 100644 --- a/build.rs +++ b/build.rs @@ -17,4 +17,6 @@ fn main() { println!("cargo:rustc-cfg=have_min_max_version"); } } + + println!("cargo::rustc-check-cfg=cfg(have_min_max_version)") } diff --git a/src/imp/openssl.rs b/src/imp/openssl.rs index 7d7e39c6..4e096c1a 100644 --- a/src/imp/openssl.rs +++ b/src/imp/openssl.rs @@ -11,12 +11,16 @@ use self::openssl::ssl::{ SslVerifyMode, }; use self::openssl::x509::{store::X509StoreBuilder, X509VerifyResult, X509}; +use self::openssl_probe::ProbeResult; use std::error; use std::fmt; use std::io; +use std::sync::LazyLock; use {Protocol, TlsAcceptorBuilder, TlsConnectorBuilder}; +static PROBE_RESULT: LazyLock = LazyLock::new(openssl_probe::probe); + #[cfg(have_min_max_version)] fn supported_protocols( min: Option, @@ -268,8 +272,17 @@ impl TlsConnector { pub fn new(builder: &TlsConnectorBuilder) -> Result { let mut connector = SslConnector::builder(SslMethod::tls())?; - let probe = openssl_probe::probe(); - connector.load_verify_locations(probe.cert_file.as_deref(), probe.cert_dir.as_deref())?; + // We need to load these separately so an error on one doesn't prevent the other from loading. + if let Some(cert_file) = &PROBE_RESULT.cert_file { + if let Err(e) = connector.load_verify_locations(Some(cert_file), None) { + debug!("load_verify_locations cert file error: {:?}", e); + } + } + if let Some(cert_dir) = &PROBE_RESULT.cert_dir { + if let Err(e) = connector.load_verify_locations(None, Some(cert_dir)) { + debug!("load_verify_locations cert dir error: {:?}", e); + } + } if let Some(ref identity) = builder.identity { connector.set_certificate(&identity.0.cert)?;