From c5289c02c942c6902e2e7fb8a379f56425f47676 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Wed, 19 Feb 2025 09:27:19 -0500
Subject: [PATCH] Cache openssl cert lookup and don't bail on error

---
 .github/workflows/ci.yml |  4 ++--
 Cargo.toml               |  2 +-
 build.rs                 |  2 ++
 src/imp/openssl.rs       | 17 +++++++++++++++--
 4 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 29e22df7..4a47b9bb 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,7 +20,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: sfackler/actions/rustup@master
       - uses: sfackler/actions/rustfmt@master
-  
+
   windows:
     strategy:
       fail-fast: false
@@ -35,7 +35,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: sfackler/actions/rustup@master
         with:
-          version: 1.65.0
+          version: 1.80.0
       - run: echo "::set-output name=version::$(rustc --version)"
         id: rust-version
       - uses: actions/cache@v1
diff --git a/Cargo.toml b/Cargo.toml
index 8485c77a..f6804375 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -6,7 +6,7 @@ license = "MIT OR Apache-2.0"
 description = "A wrapper over a platform's native TLS implementation"
 repository = "https://github.com/sfackler/rust-native-tls"
 readme = "README.md"
-rust-version = "1.53.0"
+rust-version = "1.80.0"
 
 [package.metadata.docs.rs]
 features = ["alpn"]
diff --git a/build.rs b/build.rs
index b7a41f45..357d5dc3 100644
--- a/build.rs
+++ b/build.rs
@@ -17,4 +17,6 @@ fn main() {
             println!("cargo:rustc-cfg=have_min_max_version");
         }
     }
+
+    println!("cargo::rustc-check-cfg=cfg(have_min_max_version)")
 }
diff --git a/src/imp/openssl.rs b/src/imp/openssl.rs
index 7d7e39c6..4e096c1a 100644
--- a/src/imp/openssl.rs
+++ b/src/imp/openssl.rs
@@ -11,12 +11,16 @@ use self::openssl::ssl::{
     SslVerifyMode,
 };
 use self::openssl::x509::{store::X509StoreBuilder, X509VerifyResult, X509};
+use self::openssl_probe::ProbeResult;
 use std::error;
 use std::fmt;
 use std::io;
+use std::sync::LazyLock;
 
 use {Protocol, TlsAcceptorBuilder, TlsConnectorBuilder};
 
+static PROBE_RESULT: LazyLock<ProbeResult> = LazyLock::new(openssl_probe::probe);
+
 #[cfg(have_min_max_version)]
 fn supported_protocols(
     min: Option<Protocol>,
@@ -268,8 +272,17 @@ impl TlsConnector {
     pub fn new(builder: &TlsConnectorBuilder) -> Result<TlsConnector, Error> {
         let mut connector = SslConnector::builder(SslMethod::tls())?;
 
-        let probe = openssl_probe::probe();
-        connector.load_verify_locations(probe.cert_file.as_deref(), probe.cert_dir.as_deref())?;
+        // We need to load these separately so an error on one doesn't prevent the other from loading.
+        if let Some(cert_file) = &PROBE_RESULT.cert_file {
+            if let Err(e) = connector.load_verify_locations(Some(cert_file), None) {
+                debug!("load_verify_locations cert file error: {:?}", e);
+            }
+        }
+        if let Some(cert_dir) = &PROBE_RESULT.cert_dir {
+            if let Err(e) = connector.load_verify_locations(None, Some(cert_dir)) {
+                debug!("load_verify_locations cert dir error: {:?}", e);
+            }
+        }
 
         if let Some(ref identity) = builder.identity {
             connector.set_certificate(&identity.0.cert)?;