diff --git a/Cargo.lock b/Cargo.lock index f238a74c..000b3ff1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1464,7 +1464,7 @@ dependencies = [ "hyper", "hyper-util", "rustls 0.23.12", - "rustls-native-certs 0.7.2", + "rustls-native-certs 0.7.3", "rustls-pki-types", "tokio", "tokio-rustls 0.26.0", @@ -2745,7 +2745,7 @@ dependencies = [ "pin-project-lite", "quinn 0.11.2", "rustls 0.23.12", - "rustls-native-certs 0.7.2", + "rustls-native-certs 0.7.3", "rustls-pemfile 2.1.2", "rustls-pki-types", "serde", @@ -2932,9 +2932,22 @@ dependencies = [ [[package]] name = "rustls-native-certs" -version = "0.7.2" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04182dffc9091a404e0fc069ea5cd60e5b866c3adf881eff99a32d048242dffa" +checksum = "e5bfb394eeed242e909609f56089eecfe5fda225042e8b171791b9c95f5931e5" +dependencies = [ + "openssl-probe", + "rustls-pemfile 2.1.2", + "rustls-pki-types", + "schannel", + "security-framework", +] + +[[package]] +name = "rustls-native-certs" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fcaf18a4f2be7326cd874a5fa579fae794320a0f388d365dca7e480e55f83f8a" dependencies = [ "openssl-probe", "rustls-pemfile 2.1.2", @@ -3322,7 +3335,7 @@ dependencies = [ "pin-project", "rand", "regex", - "rustls-native-certs 0.7.2", + "rustls-native-certs 0.8.0", "serde", "shadowsocks", "sled", diff --git a/crates/shadowsocks-service/Cargo.toml b/crates/shadowsocks-service/Cargo.toml index 287965b2..366db40b 100644 --- a/crates/shadowsocks-service/Cargo.toml +++ b/crates/shadowsocks-service/Cargo.toml @@ -161,7 +161,7 @@ tokio-rustls = { version = "0.26", optional = true, default-features = false, fe "tls12", "ring", ] } -rustls-native-certs = { version = "0.7", optional = true } +rustls-native-certs = { version = "0.8", optional = true } async-trait = "0.1" socket2 = { version = "0.5", features = ["all"] } diff --git a/crates/shadowsocks-service/src/local/http/http_stream.rs b/crates/shadowsocks-service/src/local/http/http_stream.rs index 607e119e..c8875030 100644 --- a/crates/shadowsocks-service/src/local/http/http_stream.rs +++ b/crates/shadowsocks-service/src/local/http/http_stream.rs @@ -62,6 +62,7 @@ impl ProxyHttpStream { pub async fn connect_https(stream: AutoProxyClientStream, domain: &str) -> io::Result { use log::warn; use once_cell::sync::Lazy; + use rustls_native_certs::CertificateResult; use std::sync::Arc; use tokio_rustls::{ rustls::{pki_types::ServerName, ClientConfig, RootCertStore}, @@ -75,11 +76,16 @@ impl ProxyHttpStream { let mut store = RootCertStore::empty(); store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned()); - if let Ok(certs) = rustls_native_certs::load_native_certs() { - for cert in certs { - if let Err(err) = store.add(cert) { - warn!("failed to add cert (native), error: {}", err); - } + let CertificateResult { certs, errors, .. } = rustls_native_certs::load_native_certs(); + if !errors.is_empty() { + for error in errors { + warn!("failed to load cert (native), error: {}", error); + } + } + + for cert in certs { + if let Err(err) = store.add(cert) { + warn!("failed to add cert (native), error: {}", err); } }