Merge pull request #316 from sfackler/verify-locations

Stop using deprecated openssl-probe APIs
sfackler · Jan 25, 2025 · 55aff8e · 55aff8e
2 parents a0e6f18 + 4a88faf
commit 55aff8e
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 12 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -29,7 +29,7 @@ schannel = "0.1.17"
 
 [target.'cfg(not(any(target_os = "windows", target_vendor = "apple")))'.dependencies]
 log = "0.4.5"
-openssl = "0.10.46"
+openssl = "0.10.69"
 openssl-sys = "0.9.81"
 openssl-probe = "0.1"
 

diff --git a/src/imp/openssl.rs b/src/imp/openssl.rs
@@ -14,7 +14,6 @@ use self::openssl::x509::{store::X509StoreBuilder, X509VerifyResult, X509};
 use std::error;
 use std::fmt;
 use std::io;
-use std::sync::Once;
 
 use {Protocol, TlsAcceptorBuilder, TlsConnectorBuilder};
 
@@ -85,11 +84,6 @@ fn supported_protocols(
     Ok(())
 }
 
-fn init_trust() {
-    static ONCE: Once = Once::new();
-    ONCE.call_once(openssl_probe::init_ssl_cert_env_vars);
-}
-
 #[cfg(target_os = "android")]
 fn load_android_root_certs(connector: &mut SslContextBuilder) -> Result<(), Error> {
     use std::fs;
@@ -272,9 +266,11 @@ pub struct TlsConnector {
 
 impl TlsConnector {
     pub fn new(builder: &TlsConnectorBuilder) -> Result<TlsConnector, Error> {
-        init_trust();
-
         let mut connector = SslConnector::builder(SslMethod::tls())?;
+
+        let probe = openssl_probe::probe();
+        connector.load_verify_locations(probe.cert_file.as_deref(), probe.cert_dir.as_deref())?;
+
         if let Some(ref identity) = builder.identity {
             connector.set_certificate(&identity.0.cert)?;
             connector.set_private_key(&identity.0.pkey)?;

diff --git a/src/lib.rs b/src/lib.rs
@@ -103,16 +103,16 @@ use std::fmt;
 use std::io;
 use std::result;
 
-#[cfg(not(any(target_os = "windows", target_vendor = "apple",)))]
+#[cfg(not(any(target_os = "windows", target_vendor = "apple")))]
 #[macro_use]
 extern crate log;
-#[cfg(any(target_vendor = "apple",))]
+#[cfg(target_vendor = "apple")]
 #[path = "imp/security_framework.rs"]
 mod imp;
 #[cfg(target_os = "windows")]
 #[path = "imp/schannel.rs"]
 mod imp;
-#[cfg(not(any(target_vendor = "apple", target_os = "windows",)))]
+#[cfg(not(any(target_vendor = "apple", target_os = "windows")))]
 #[path = "imp/openssl.rs"]
 mod imp;