Update to rustls 0.22

Cargo.toml

@@ -17,7 +17,7 @@ rustdoc-args = ["--cfg", "docsrs"]
 
 [features]
 default = ["tls", "gzip"]
-tls = ["dep:webpki", "dep:webpki-roots", "dep:rustls"]
+tls = ["dep:webpki", "dep:webpki-roots", "dep:rustls", "dep:rustls-pki-types"]
 native-certs = ["dep:rustls-native-certs"]
 json = ["dep:serde", "dep:serde_json"]
 charset = ["dep:encoding_rs"]
@@ -43,9 +43,10 @@ serde_json = { version = ">=1.0.97", optional = true }
 encoding_rs = { version = "0.8", optional = true }
 cookie_store = { version = "0.20", optional = true, default-features = false, features = ["preserve_order"] }
 log = "0.4"
-webpki = { package = "rustls-webpki", version = "0.101", optional = true }
-webpki-roots = { version = "0.25", optional = true }
-rustls = { version = "0.21.6", optional = true }
+webpki = { package = "rustls-webpki", version = "0.102", optional = true }
+webpki-roots = { version = "0.26", optional = true }
+rustls = { version = "0.22.0", optional = true }
+rustls-pki-types = { version = "1", optional = true }
 rustls-native-certs = { version = "0.6", optional = true }
 native-tls = { version = "0.2", optional = true }
 flate2 = { version = "1.0.22", optional = true }
@@ -56,8 +57,8 @@ http = { version = "1.0", optional = true }
 [dev-dependencies]
 serde = { version = "1", features = ["derive"] }
 env_logger = "0.10"
-rustls = { version = ">=0.21.6, <0.22", features = ["dangerous_configuration"] }
-rustls-pemfile = { version = "1.0" }
+rustls = { version = "0.22.0" }
+rustls-pemfile = { version = "2.0" }
 
 [[example]]
 name = "cureq"

examples/cureq/main.rs

@@ -3,13 +3,11 @@ use std::fmt;
 use std::io;
 use std::thread;
 use std::time::Duration;
-use std::time::SystemTime;
 use std::{env, sync::Arc};
 
-use rustls::client::ServerCertVerified;
-use rustls::client::ServerCertVerifier;
-use rustls::ServerName;
-use rustls::{Certificate, ClientConfig};
+use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier};
+use rustls::ClientConfig;
+use rustls_pki_types::{CertificateDer, ServerName, UnixTime};
 use ureq;
 
 #[derive(Debug)]
@@ -96,20 +94,42 @@ fn perform(
     Ok(())
 }
 
+#[derive(Debug)]
 struct AcceptAll {}
 
 impl ServerCertVerifier for AcceptAll {
     fn verify_server_cert(
         &self,
-        _end_entity: &Certificate,
-        _intermediates: &[Certificate],
+        _end_entity: &CertificateDer,
+        _intermediates: &[CertificateDer],
         _server_name: &ServerName,
-        _scts: &mut dyn Iterator<Item = &[u8]>,
         _ocsp_response: &[u8],
-        _now: SystemTime,
+        _now: UnixTime,
     ) -> Result<ServerCertVerified, rustls::Error> {
         Ok(ServerCertVerified::assertion())
     }
+
+    fn verify_tls12_signature(
+        &self,
+        _message: &[u8],
+        _cert: &CertificateDer<'_>,
+        _dss: &rustls::DigitallySignedStruct,
+    ) -> Result<HandshakeSignatureValid, rustls::Error> {
+        Ok(HandshakeSignatureValid::assertion())
+    }
+
+    fn verify_tls13_signature(
+        &self,
+        _message: &[u8],
+        _cert: &CertificateDer<'_>,
+        _dss: &rustls::DigitallySignedStruct,
+    ) -> Result<HandshakeSignatureValid, rustls::Error> {
+        Ok(HandshakeSignatureValid::assertion())
+    }
+
+    fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
+        todo!()
+    }
 }
 
 fn main() {
@@ -165,7 +185,7 @@ Fetch url and copy it to stdout.
             }
             "-k" => {
                 let client_config = ClientConfig::builder()
-                    .with_safe_defaults()
+                    .dangerous()
                     .with_custom_certificate_verifier(Arc::new(AcceptAll {}))
                     .with_no_client_auth();
                 builder = builder.tls_config(Arc::new(client_config));