From 6825a35213d604a7149265af2346a69143c0853b Mon Sep 17 00:00:00 2001
From: Benedikt Peetz <benedikt.peetz@b-peetz.de>
Date: Tue, 4 Mar 2025 19:15:06 +0100
Subject: [PATCH] crates/*: Use the platform CA bundle instead of the
bundled certificates
---
Cargo.lock | 284 ++++++++++++++++++++++++++++++-
crates/cli/Cargo.toml | 2 +-
crates/common/Cargo.toml | 4 +-
crates/directory/Cargo.toml | 4 +-
crates/imap/Cargo.toml | 2 +-
crates/jmap/Cargo.toml | 4 +-
crates/mail-send/Cargo.toml | 1 +
crates/mail-send/src/smtp/tls.rs | 22 +--
crates/managesieve/Cargo.toml | 2 +-
crates/pop3/Cargo.toml | 2 +-
crates/smtp/Cargo.toml | 4 +-
crates/spam-filter/Cargo.toml | 4 +-
crates/store/Cargo.toml | 2 +-
crates/trc/Cargo.toml | 2 +-
crates/utils/Cargo.toml | 5 +-
crates/utils/src/lib.rs | 16 +-
tests/Cargo.toml | 10 +-
17 files changed, 314 insertions(+), 56 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index be36759b..eca9699f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -440,6 +440,47 @@ dependencies = [
"url",
]
+[[package]]
+name = "aws-lc-fips-sys"
+version = "0.13.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "29003a681b2b9465c1139bfb726da452a841a8b025f35953f3bce71139f10b21"
+dependencies = [
+ "bindgen 0.69.5",
+ "cc",
+ "cmake",
+ "dunce",
+ "fs_extra",
+ "paste",
+ "regex",
+]
+
+[[package]]
+name = "aws-lc-rs"
+version = "1.12.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e4e8200b9a4a5801a769d50eeabc05670fec7e959a8cb7a63a93e4e519942ae"
+dependencies = [
+ "aws-lc-fips-sys",
+ "aws-lc-sys",
+ "paste",
+ "zeroize",
+]
+
+[[package]]
+name = "aws-lc-sys"
+version = "0.26.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0f9dd2e03ee80ca2822dd6ea431163d2ef259f2066a4d6ccaca6d9dcb386aa43"
+dependencies = [
+ "bindgen 0.69.5",
+ "cc",
+ "cmake",
+ "dunce",
+ "fs_extra",
+ "paste",
+]
+
[[package]]
name = "aws-region"
version = "0.25.5"
@@ -673,12 +714,15 @@ dependencies = [
"itertools 0.12.1",
"lazy_static",
"lazycell",
+ "log",
+ "prettyplease",
"proc-macro2",
"quote",
"regex",
"rustc-hash 1.1.0",
"shlex",
"syn 2.0.96",
+ "which",
]
[[package]]
@@ -1035,6 +1079,12 @@ dependencies = [
"smallvec",
]
+[[package]]
+name = "cesu8"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c"
+
[[package]]
name = "cexpr"
version = "0.6.0"
@@ -1347,6 +1397,16 @@ dependencies = [
"libc",
]
+[[package]]
+name = "core-foundation"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b55271e5c8c478ad3f38ad24ef34923091e0548492a266d19b3c0b4d82574c63"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
[[package]]
name = "core-foundation-sys"
version = "0.8.7"
@@ -1912,6 +1972,12 @@ dependencies = [
"zeroize",
]
+[[package]]
+name = "dunce"
+version = "1.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
+
[[package]]
name = "dyn-clone"
version = "1.0.17"
@@ -2117,6 +2183,29 @@ dependencies = [
"syn 2.0.96",
]
+[[package]]
+name = "env_filter"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "186e05a59d4c50738528153b83b0b0194d3a29507dfec16eccd4b342903397d0"
+dependencies = [
+ "log",
+ "regex",
+]
+
+[[package]]
+name = "env_logger"
+version = "0.11.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dcaee3d8e3cfc3fd92428d477bc97fc29ec8716d180c0d74c643bb26166660e0"
+dependencies = [
+ "anstream",
+ "anstyle",
+ "env_filter",
+ "humantime",
+ "log",
+]
+
[[package]]
name = "equivalent"
version = "1.0.1"
@@ -2423,6 +2512,12 @@ dependencies = [
"syn 2.0.96",
]
+[[package]]
+name = "fs_extra"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
+
[[package]]
name = "funty"
version = "2.0.0"
@@ -2974,6 +3069,12 @@ version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9994b79e8c1a39b3166c63ae7823bb2b00831e2a96a31399c50fe69df408eaeb"
+[[package]]
+name = "humantime"
+version = "2.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
+
[[package]]
name = "hyper"
version = "0.14.32"
@@ -3044,6 +3145,7 @@ dependencies = [
"hyper 1.6.0",
"hyper-util",
"rustls 0.23.21",
+ "rustls-native-certs 0.8.1",
"rustls-pki-types",
"tokio",
"tokio-rustls 0.26.1",
@@ -3607,6 +3709,28 @@ dependencies = [
"utils",
]
+[[package]]
+name = "jni"
+version = "0.21.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1a87aa2bb7d2af34197c04845522473242e1aa17c12f4935d5856491a7fb8c97"
+dependencies = [
+ "cesu8",
+ "cfg-if",
+ "combine",
+ "jni-sys",
+ "log",
+ "thiserror 1.0.69",
+ "walkdir",
+ "windows-sys 0.45.0",
+]
+
+[[package]]
+name = "jni-sys"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8eaf4bc02d17cbdd7ff4c7438cafcdf7fb9a4613313ad11b4f8fefe7d3fa0130"
+
[[package]]
name = "jobserver"
version = "0.1.32"
@@ -3959,14 +4083,18 @@ dependencies = [
[[package]]
name = "mail-send"
version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b12277cdcacfc15af67fe9cf155f31ff68ad8c301304573ea116ed8870f192d5"
dependencies = [
"base64 0.22.1",
+ "env_logger",
"gethostname",
+ "mail-auth",
+ "mail-builder",
+ "mail-parser",
"md5",
+ "rand 0.8.5",
"rustls 0.23.21",
"rustls-pki-types",
+ "rustls-platform-verifier",
"smtp-proto",
"tokio",
"tokio-rustls 0.26.1",
@@ -5552,6 +5680,7 @@ dependencies = [
"pin-project-lite",
"quinn",
"rustls 0.23.21",
+ "rustls-native-certs 0.8.1",
"rustls-pemfile 2.2.0",
"rustls-pki-types",
"serde",
@@ -5920,6 +6049,8 @@ version = "0.23.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8f287924602bf649d949c63dc8ac8b235fa5387d394020705b80c4eb597ce5b8"
dependencies = [
+ "aws-lc-rs",
+ "log",
"once_cell",
"ring 0.17.8",
"rustls-pki-types",
@@ -5937,7 +6068,7 @@ dependencies = [
"openssl-probe",
"rustls-pemfile 1.0.4",
"schannel",
- "security-framework",
+ "security-framework 2.11.1",
]
[[package]]
@@ -5950,7 +6081,19 @@ dependencies = [
"rustls-pemfile 2.2.0",
"rustls-pki-types",
"schannel",
- "security-framework",
+ "security-framework 2.11.1",
+]
+
+[[package]]
+name = "rustls-native-certs"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7fcff2dd52b58a8d98a70243663a0d234c4e2b79235637849d15913394a247d3"
+dependencies = [
+ "openssl-probe",
+ "rustls-pki-types",
+ "schannel",
+ "security-framework 3.2.0",
]
[[package]]
@@ -5980,6 +6123,33 @@ dependencies = [
"web-time",
]
+[[package]]
+name = "rustls-platform-verifier"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e012c45844a1790332c9386ed4ca3a06def221092eda277e6f079728f8ea99da"
+dependencies = [
+ "core-foundation 0.10.0",
+ "core-foundation-sys",
+ "jni",
+ "log",
+ "once_cell",
+ "rustls 0.23.21",
+ "rustls-native-certs 0.8.1",
+ "rustls-platform-verifier-android",
+ "rustls-webpki 0.102.8",
+ "security-framework 3.2.0",
+ "security-framework-sys",
+ "webpki-root-certs",
+ "windows-sys 0.52.0",
+]
+
+[[package]]
+name = "rustls-platform-verifier-android"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f87165f0995f63a9fbeea62b64d10b4d9d8e78ec6d7d51fb2125fda7bb36788f"
+
[[package]]
name = "rustls-webpki"
version = "0.101.7"
@@ -5996,6 +6166,7 @@ version = "0.102.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9"
dependencies = [
+ "aws-lc-rs",
"ring 0.17.8",
"rustls-pki-types",
"untrusted 0.9.0",
@@ -6125,7 +6296,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02"
dependencies = [
"bitflags 2.8.0",
- "core-foundation",
+ "core-foundation 0.9.4",
+ "core-foundation-sys",
+ "libc",
+ "security-framework-sys",
+]
+
+[[package]]
+name = "security-framework"
+version = "3.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "271720403f46ca04f7ba6f55d438f8bd878d6b8ca0a1046e8228c4145bcbb316"
+dependencies = [
+ "bitflags 2.8.0",
+ "core-foundation 0.10.0",
"core-foundation-sys",
"libc",
"security-framework-sys",
@@ -6817,7 +7001,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7"
dependencies = [
"bitflags 1.3.2",
- "core-foundation",
+ "core-foundation 0.9.4",
"system-configuration-sys",
]
@@ -7569,6 +7753,7 @@ dependencies = [
"rustls 0.23.21",
"rustls-pemfile 2.2.0",
"rustls-pki-types",
+ "rustls-platform-verifier",
"serde",
"serde_json",
"smtp-proto",
@@ -7764,6 +7949,15 @@ dependencies = [
"untrusted 0.9.0",
]
+[[package]]
+name = "webpki-root-certs"
+version = "0.26.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "09aed61f5e8d2c18344b3faa33a4c837855fe56642757754775548fee21386c4"
+dependencies = [
+ "rustls-pki-types",
+]
+
[[package]]
name = "webpki-roots"
version = "0.25.4"
@@ -7789,6 +7983,18 @@ dependencies = [
"once_cell",
]
+[[package]]
+name = "which"
+version = "4.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
+dependencies = [
+ "either",
+ "home",
+ "once_cell",
+ "rustix",
+]
+
[[package]]
name = "whoami"
version = "1.5.2"
@@ -7886,6 +8092,15 @@ dependencies = [
"windows-targets 0.52.6",
]
+[[package]]
+name = "windows-sys"
+version = "0.45.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0"
+dependencies = [
+ "windows-targets 0.42.2",
+]
+
[[package]]
name = "windows-sys"
version = "0.48.0"
@@ -7913,6 +8128,21 @@ dependencies = [
"windows-targets 0.52.6",
]
+[[package]]
+name = "windows-targets"
+version = "0.42.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071"
+dependencies = [
+ "windows_aarch64_gnullvm 0.42.2",
+ "windows_aarch64_msvc 0.42.2",
+ "windows_i686_gnu 0.42.2",
+ "windows_i686_msvc 0.42.2",
+ "windows_x86_64_gnu 0.42.2",
+ "windows_x86_64_gnullvm 0.42.2",
+ "windows_x86_64_msvc 0.42.2",
+]
+
[[package]]
name = "windows-targets"
version = "0.48.5"
@@ -7944,6 +8174,12 @@ dependencies = [
"windows_x86_64_msvc 0.52.6",
]
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.42.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8"
+
[[package]]
name = "windows_aarch64_gnullvm"
version = "0.48.5"
@@ -7956,6 +8192,12 @@ version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.42.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43"
+
[[package]]
name = "windows_aarch64_msvc"
version = "0.48.5"
@@ -7968,6 +8210,12 @@ version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
+[[package]]
+name = "windows_i686_gnu"
+version = "0.42.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f"
+
[[package]]
name = "windows_i686_gnu"
version = "0.48.5"
@@ -7986,6 +8234,12 @@ version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
+[[package]]
+name = "windows_i686_msvc"
+version = "0.42.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060"
+
[[package]]
name = "windows_i686_msvc"
version = "0.48.5"
@@ -7998,6 +8252,12 @@ version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.42.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36"
+
[[package]]
name = "windows_x86_64_gnu"
version = "0.48.5"
@@ -8010,6 +8270,12 @@ version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.42.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3"
+
[[package]]
name = "windows_x86_64_gnullvm"
version = "0.48.5"
@@ -8022,6 +8288,12 @@ version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.42.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0"
+
[[package]]
name = "windows_x86_64_msvc"
version = "0.48.5"
diff --git a/crates/cli/Cargo.toml b/crates/cli/Cargo.toml
index a2d19a06..76866b80 100644
--- a/crates/cli/Cargo.toml
+++ b/crates/cli/Cargo.toml
@@ -13,7 +13,7 @@ resolver = "2"
[dependencies]
jmap-client = { version = "0.3", features = ["async"] }
mail-parser = { version = "0.10", features = ["full_encoding", "serde_support"] }
-reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "http2"]}
+reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-native-roots", "http2"]}
tokio = { version = "1.23", features = ["full"] }
num_cpus = "1.13.1"
clap = { version = "4.1.6", features = ["derive"] }
diff --git a/crates/common/Cargo.toml b/crates/common/Cargo.toml
index 3da0183f..93c49bb5 100644
--- a/crates/common/Cargo.toml
+++ b/crates/common/Cargo.toml
@@ -16,7 +16,7 @@ sieve-rs = { version = "0.6" }
mail-parser = { version = "0.10", features = ["full_encoding"] }
mail-builder = { version = "0.4" }
mail-auth = { version = "0.6" }
-mail-send = { version = "0.5", default-features = false, features = ["cram-md5", "ring", "tls12"] }
+mail-send = { path = "../mail-send", default-features = false, features = ["cram-md5", "ring", "tls12"] }
smtp-proto = { version = "0.1", features = ["serde_support"] }
dns-update = { version = "0.1" }
ahash = { version = "0.8.2", features = ["serde"] }
@@ -32,7 +32,7 @@ tokio = { version = "1.23", features = ["net", "macros"] }
tokio-rustls = { version = "0.26", default-features = false, features = ["ring", "tls12"] }
futures = "0.3"
rcgen = "0.12"
-reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "http2", "stream"]}
+reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-native-roots", "http2", "stream"]}
serde = { version = "1.0", features = ["derive"]}
serde_json = "1.0"
base64 = "0.22"
diff --git a/crates/directory/Cargo.toml b/crates/directory/Cargo.toml
index dc022e7a..10e0c00a 100644
--- a/crates/directory/Cargo.toml
+++ b/crates/directory/Cargo.toml
@@ -12,7 +12,7 @@ trc = { path = "../trc" }
jmap_proto = { path = "../jmap-proto" }
smtp-proto = { version = "0.1" }
mail-parser = { version = "0.10", features = ["full_encoding", "serde_support"] }
-mail-send = { version = "0.5", default-features = false, features = ["cram-md5", "ring", "tls12"] }
+mail-send = { path = "../mail-send", default-features = false, features = ["cram-md5", "ring", "tls12"] }
mail-builder = { version = "0.4" }
tokio = { version = "1.23", features = ["net"] }
tokio-rustls = { version = "0.26", default-features = false, features = ["ring", "tls12"] }
@@ -34,7 +34,7 @@ futures = "0.3"
regex = "1.7.0"
serde = { version = "1.0", features = ["derive"]}
totp-rs = { version = "5.5.1", features = ["otpauth"] }
-reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "http2"] }
+reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-native-roots", "http2"] }
serde_json = "1.0"
base64 = "0.22"
diff --git a/crates/imap/Cargo.toml b/crates/imap/Cargo.toml
index 640ca4fd..d91931c1 100644
--- a/crates/imap/Cargo.toml
+++ b/crates/imap/Cargo.toml
@@ -16,7 +16,7 @@ email = { path = "../email" }
nlp = { path = "../nlp" }
utils = { path = "../utils" }
mail-parser = { version = "0.10", features = ["full_encoding"] }
-mail-send = { version = "0.5", default-features = false, features = ["cram-md5", "ring", "tls12"] }
+mail-send = { path = "../mail-send", default-features = false, features = ["cram-md5", "ring", "tls12"] }
rustls = { version = "0.23.5", default-features = false, features = ["std", "ring", "tls12"] }
rustls-pemfile = "2.0"
tokio = { version = "1.23", features = ["full"] }
diff --git a/crates/jmap/Cargo.toml b/crates/jmap/Cargo.toml
index 7be56e44..ad5ed795 100644
--- a/crates/jmap/Cargo.toml
+++ b/crates/jmap/Cargo.toml
@@ -18,7 +18,7 @@ email = { path = "../email" }
smtp-proto = { version = "0.1" }
mail-parser = { version = "0.10", features = ["full_encoding", "serde_support"] }
mail-builder = { version = "0.4" }
-mail-send = { version = "0.5", default-features = false, features = ["cram-md5", "ring", "tls12"] }
+mail-send = { path = "../mail-send", default-features = false, features = ["cram-md5", "ring", "tls12"] }
mail-auth = { version = "0.6", features = ["generate"] }
sieve-rs = { version = "0.6" }
serde = { version = "1.0", features = ["derive"]}
@@ -38,7 +38,7 @@ p256 = { version = "0.13", features = ["ecdh"] }
hkdf = "0.12.3"
sha1 = "0.10"
sha2 = "0.10"
-reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "http2"]}
+reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-native-roots", "http2"]}
tokio-tungstenite = "0.26"
tungstenite = "0.26"
chrono = "0.4"
diff --git a/crates/mail-send/Cargo.toml b/crates/mail-send/Cargo.toml
index fb5f402d..6760afab 100644
--- a/crates/mail-send/Cargo.toml
+++ b/crates/mail-send/Cargo.toml
@@ -27,6 +27,7 @@ rustls = { version = "0.23", default-features = false, features = ["std"]}
tokio-rustls = { version = "0.26", default-features = false }
webpki-roots = { version = "0.26"}
rustls-pki-types = { version = "1" }
+rustls-platform-verifier = "0.5"
gethostname = { version = "0.5"}
[dev-dependencies]
diff --git a/crates/mail-send/src/smtp/tls.rs b/crates/mail-send/src/smtp/tls.rs
index b15a6db8..7ddd0798 100644
--- a/crates/mail-send/src/smtp/tls.rs
+++ b/crates/mail-send/src/smtp/tls.rs
@@ -12,9 +12,9 @@ use std::{convert::TryFrom, io, sync::Arc};
use rustls::{
client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
- ClientConfig, ClientConnection, RootCertStore, SignatureScheme,
+ ClientConfig, ClientConnection, SignatureScheme,
};
-use rustls_pki_types::{ServerName, TrustAnchor};
+use rustls_pki_types::ServerName;
use tokio::net::TcpStream;
use tokio_rustls::{client::TlsStream, TlsConnector};
@@ -78,20 +78,14 @@ impl SmtpClient<TlsStream<TcpStream>> {
}
pub fn build_tls_connector(allow_invalid_certs: bool) -> TlsConnector {
+ use rustls_platform_verifier::BuilderVerifierExt;
+
+ let config = ClientConfig::builder();
+
let config = if !allow_invalid_certs {
- let mut root_cert_store = RootCertStore::empty();
-
- root_cert_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| TrustAnchor {
- subject: ta.subject.clone(),
- subject_public_key_info: ta.subject_public_key_info.clone(),
- name_constraints: ta.name_constraints.clone(),
- }));
-
- ClientConfig::builder()
- .with_root_certificates(root_cert_store)
- .with_no_client_auth()
+ config.with_platform_verifier().with_no_client_auth()
} else {
- ClientConfig::builder()
+ config
.dangerous()
.with_custom_certificate_verifier(Arc::new(DummyVerifier {}))
.with_no_client_auth()
diff --git a/crates/managesieve/Cargo.toml b/crates/managesieve/Cargo.toml
index 650ab23b..42738e68 100644
--- a/crates/managesieve/Cargo.toml
+++ b/crates/managesieve/Cargo.toml
@@ -15,7 +15,7 @@ store = { path = "../store" }
utils = { path = "../utils" }
trc = { path = "../trc" }
mail-parser = { version = "0.10", features = ["full_encoding"] }
-mail-send = { version = "0.5", default-features = false, features = ["cram-md5", "ring", "tls12"] }
+mail-send = { path = "../mail-send", default-features = false, features = ["cram-md5", "ring", "tls12"] }
sieve-rs = { version = "0.6" }
rustls = { version = "0.23.5", default-features = false, features = ["std", "ring", "tls12"] }
rustls-pemfile = "2.0"
diff --git a/crates/pop3/Cargo.toml b/crates/pop3/Cargo.toml
index 5f86ed00..89e7b732 100644
--- a/crates/pop3/Cargo.toml
+++ b/crates/pop3/Cargo.toml
@@ -15,7 +15,7 @@ trc = { path = "../trc" }
jmap_proto = { path = "../jmap-proto" }
email = { path = "../email" }
mail-parser = { version = "0.10", features = ["full_encoding"] }
-mail-send = { version = "0.5", default-features = false, features = ["cram-md5", "ring", "tls12"] }
+mail-send = { path = "../mail-send", default-features = false, features = ["cram-md5", "ring", "tls12"] }
rustls = { version = "0.23.5", default-features = false, features = ["std", "ring", "tls12"] }
tokio = { version = "1.23", features = ["full"] }
tokio-rustls = { version = "0.26", default-features = false, features = ["ring", "tls12"] }
diff --git a/crates/smtp/Cargo.toml b/crates/smtp/Cargo.toml
index 5997c1c3..5f5badc2 100644
--- a/crates/smtp/Cargo.toml
+++ b/crates/smtp/Cargo.toml
@@ -21,7 +21,7 @@ email = { path = "../email" }
spam-filter = { path = "../spam-filter" }
trc = { path = "../trc" }
mail-auth = { version = "0.6" }
-mail-send = { version = "0.5", default-features = false, features = ["cram-md5", "ring", "tls12"] }
+mail-send = { path = "../mail-send", default-features = false, features = ["cram-md5", "ring", "tls12"] }
mail-parser = { version = "0.10", features = ["full_encoding"] }
mail-builder = { version = "0.4" }
smtp-proto = { version = "0.1", features = ["serde_support"] }
@@ -47,7 +47,7 @@ blake3 = "1.3"
lru-cache = "0.1.2"
rand = "0.8.5"
x509-parser = "0.16.0"
-reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "http2"] }
+reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-native-roots", "http2"] }
serde = { version = "1.0", features = ["derive", "rc"] }
serde_json = "1.0"
num_cpus = "1.15.0"
diff --git a/crates/spam-filter/Cargo.toml b/crates/spam-filter/Cargo.toml
index f5b63353..c9176cf6 100644
--- a/crates/spam-filter/Cargo.toml
+++ b/crates/spam-filter/Cargo.toml
@@ -14,12 +14,12 @@ smtp-proto = { version = "0.1", features = ["serde_support"] }
mail-parser = { version = "0.10", features = ["full_encoding"] }
mail-builder = { version = "0.4" }
mail-auth = { version = "0.6" }
-mail-send = { version = "0.5", default-features = false, features = ["cram-md5", "ring", "tls12"] }
+mail-send = { path = "../mail-send", default-features = false, features = ["cram-md5", "ring", "tls12"] }
tokio = { version = "1.23", features = ["net", "macros"] }
psl = "2"
hyper = { version = "1.0.1", features = ["server", "http1", "http2"] }
idna = "1.0"
-reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "http2", "stream"]}
+reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-native-roots", "http2", "stream"]}
decancer = "3.0.1"
unicode-security = "0.1.0"
infer = "0.16"
diff --git a/crates/store/Cargo.toml b/crates/store/Cargo.toml
index b0cf7d77..67c2d742 100644
--- a/crates/store/Cargo.toml
+++ b/crates/store/Cargo.toml
@@ -15,7 +15,7 @@ rust-s3 = { version = "=0.35.0-alpha.2", default-features = false, features = ["
azure_core = { version = "0.21.0", optional = true }
azure_storage = { version = "0.21.0", default-features = false, features = ["enable_reqwest_rustls", "hmac_rust"], optional = true }
azure_storage_blobs = { version = "0.21.0", default-features = false, features = ["enable_reqwest_rustls", "hmac_rust"], optional = true }
-reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "http2", "stream"]}
+reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-native-roots", "http2", "stream"]}
tokio = { version = "1.23", features = ["sync", "fs", "io-util"] }
r2d2 = { version = "0.8.10", optional = true }
futures = { version = "0.3", optional = true }
diff --git a/crates/trc/Cargo.toml b/crates/trc/Cargo.toml
index e4f2ca7c..f294e469 100644
--- a/crates/trc/Cargo.toml
+++ b/crates/trc/Cargo.toml
@@ -11,7 +11,7 @@ mail-parser = { version = "0.10", features = ["full_encoding"] }
base64 = "0.22.1"
serde = "1.0"
serde_json = "1.0.120"
-reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "http2"]}
+reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-native-roots", "http2"]}
bincode = "1.3.3"
rtrb = "0.3.1"
parking_lot = "0.12.3"
diff --git a/crates/utils/Cargo.toml b/crates/utils/Cargo.toml
index e0a7ef9d..14b1d675 100644
--- a/crates/utils/Cargo.toml
+++ b/crates/utils/Cargo.toml
@@ -9,12 +9,13 @@ trc = { path = "../trc" }
rustls = { version = "0.23.5", default-features = false, features = ["std", "ring", "tls12"] }
rustls-pemfile = "2.0"
rustls-pki-types = { version = "1" }
+rustls-platform-verifier = "0.5"
tokio = { version = "1.23", features = ["net", "macros"] }
tokio-rustls = { version = "0.26", default-features = false, features = ["ring", "tls12"] }
serde = { version = "1.0", features = ["derive"]}
mail-auth = { version = "0.6" }
smtp-proto = { version = "0.1" }
-mail-send = { version = "0.5", default-features = false, features = ["cram-md5", "ring", "tls12"] }
+mail-send = { path = "../mail-send", default-features = false, features = ["cram-md5", "ring", "tls12"] }
ahash = { version = "0.8" }
chrono = "0.4"
rand = "0.8.5"
@@ -23,7 +24,7 @@ ring = { version = "0.17" }
base64 = "0.22"
serde_json = "1.0"
rcgen = "0.13"
-reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "http2", "stream"]}
+reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-native-roots", "http2", "stream"]}
x509-parser = "0.16.0"
pem = "3.0"
parking_lot = "0.12"
diff --git a/crates/utils/src/lib.rs b/crates/utils/src/lib.rs
index acec2f04..b2cdaf65 100644
--- a/crates/utils/src/lib.rs
+++ b/crates/utils/src/lib.rs
@@ -18,9 +18,9 @@ use futures::StreamExt;
use reqwest::Response;
use rustls::{
client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
- ClientConfig, RootCertStore, SignatureScheme,
+ ClientConfig, SignatureScheme,
};
-use rustls_pki_types::TrustAnchor;
+use rustls_platform_verifier::BuilderVerifierExt;
pub const BLOB_HASH_LEN: usize = 32;
@@ -280,17 +280,7 @@ pub fn rustls_client_config(allow_invalid_certs: bool) -> ClientConfig {
let config = ClientConfig::builder();
if !allow_invalid_certs {
- let mut root_cert_store = RootCertStore::empty();
-
- root_cert_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| TrustAnchor {
- subject: ta.subject.clone(),
- subject_public_key_info: ta.subject_public_key_info.clone(),
- name_constraints: ta.name_constraints.clone(),
- }));
-
- config
- .with_root_certificates(root_cert_store)
- .with_no_client_auth()
+ config.with_platform_verifier().with_no_client_auth()
} else {
config
.dangerous()
diff --git a/tests/Cargo.toml b/tests/Cargo.toml
index 6aa6d35b..256a574b 100644
--- a/tests/Cargo.toml
+++ b/tests/Cargo.toml
@@ -34,12 +34,12 @@ spam-filter = { path = "../crates/spam-filter", features = ["test_mode", "enterp
trc = { path = "../crates/trc" }
managesieve = { path = "../crates/managesieve", features = ["test_mode", "enterprise"] }
smtp-proto = { version = "0.1" }
-mail-send = { version = "0.5", default-features = false, features = ["cram-md5", "ring", "tls12"] }
+mail-send = { path = "../crates/mail-send", default-features = false, features = ["cram-md5", "ring", "tls12"] }
mail-auth = { version = "0.6", features = ["test"] }
-sieve-rs = { version = "0.6" }
+sieve-rs = { version = "0.6" }
utils = { path = "../crates/utils", features = ["test_mode"] }
-jmap-client = { version = "0.3", features = ["websockets", "debug", "async"] }
-mail-parser = { version = "0.10", features = ["full_encoding", "serde_support"] }
+jmap-client = { version = "0.3", features = ["websockets", "debug", "async"] }
+mail-parser = { version = "0.10", features = ["full_encoding", "serde_support"] }
tokio = { version = "1.23", features = ["full"] }
tokio-rustls = { version = "0.26", default-features = false, features = ["ring", "tls12"] }
rustls = { version = "0.23.5", default-features = false, features = ["std", "ring", "tls12"] }
@@ -50,7 +50,7 @@ rayon = { version = "1.5.1" }
flate2 = { version = "1.0.17", features = ["zlib"], default-features = false }
serde = { version = "1.0", features = ["derive"]}
serde_json = "1.0"
-reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-webpki-roots", "multipart", "http2"]}
+reqwest = { version = "0.12", default-features = false, features = ["rustls-tls-native-roots", "multipart", "http2"]}
bytes = "1.4.0"
futures = "0.3"
ece = "2.2"
--
2.47.2