fix(local): dns-over-tls/https with rustls add dependencies to certs

- fix #1378 - hickory-dns/hickory-dns#2108 - updated rustls dependencies to the latest
2026-02-09 01:59:16 +08:00 · 2023-12-11 21:17:14 +08:00
parent ad4a96f14f
commit 3b2cd405d0
5 changed files with 202 additions and 149 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -93,9 +93,9 @@ dependencies = [

 [[package]]
 name = "anstream"
-version = "0.6.4"
+version = "0.6.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2ab91ebe16eb252986481c5b62f6098f3b698a45e34b5b98200cf20dd2484a44"
+checksum = "d664a92ecae85fd0a7392615844904654d1d5f5514837f471ddef4a057aba1b6"
 dependencies = [
 "anstyle",
 "anstyle-parse",
@@ -113,30 +113,30 @@ checksum = "7079075b41f533b8c61d2a4d073c4676e1f8b249ff94a393b0595db304e0dd87"

 [[package]]
 name = "anstyle-parse"
-version = "0.2.2"
+version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "317b9a89c1868f5ea6ff1d9539a69f45dffc21ce321ac1fd1160dfa48c8e2140"
+checksum = "c75ac65da39e5fe5ab759307499ddad880d724eed2f6ce5b5e8a26f4f387928c"
 dependencies = [
 "utf8parse",
 ]

 [[package]]
 name = "anstyle-query"
-version = "1.0.0"
+version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ca11d4be1bab0c8bc8734a9aa7bf4ee8316d462a08c6ac5052f888fef5b494b"
+checksum = "e28923312444cdd728e4738b3f9c9cac739500909bb3d3c94b43551b16517648"
 dependencies = [
- "windows-sys 0.48.0",
+ "windows-sys 0.52.0",
 ]

 [[package]]
 name = "anstyle-wincon"
-version = "3.0.1"
+version = "3.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0699d10d2f4d628a98ee7b57b289abbc98ff3bad977cb3152709d4bf2330628"
+checksum = "1cd54b81ec8d6180e24654d0b371ad22fc3dd083b6ff8ba325b72e00c87660a7"
 dependencies = [
 "anstyle",
- "windows-sys 0.48.0",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@@ -171,14 +171,14 @@ checksum = "a66537f1bb974b254c98ed142ff995236e81b9d0fe4db0575f46612cb15eb0f9"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.40",
 ]

 [[package]]
 name = "atomic-polyfill"
-version = "0.1.11"
+version = "1.0.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e3ff7eb3f316534d83a8a2c3d1674ace8a5a71198eba31e2e2b597833f699b28"
+checksum = "8cf2bce30dfe09ef0bfaef228b9d414faaf7e563035494d7fe092dba54b300f4"
 dependencies = [
 "critical-section",
 ]
@@ -283,7 +283,7 @@ dependencies = [
 "once_cell",
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.40",
 ]

 [[package]]
@@ -391,12 +391,6 @@ dependencies = [
 "zeroize",
 ]

-[[package]]
-name = "checked_int_cast"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "17cc5e6b5ab06331c33589842070416baa137e8b0eb912b008cfd4a78ada7919"
-
 [[package]]
 name = "chrono"
 version = "0.4.31"
@@ -424,18 +418,18 @@ dependencies = [

 [[package]]
 name = "clap"
-version = "4.4.10"
+version = "4.4.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "41fffed7514f420abec6d183b1d3acfd9099c79c3a10a06ade4f8203f1411272"
+checksum = "bfaff671f6b22ca62406885ece523383b9b64022e341e53e009a62ebc47a45f2"
 dependencies = [
 "clap_builder",
 ]

 [[package]]
 name = "clap_builder"
-version = "4.4.9"
+version = "4.4.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "63361bae7eef3771745f02d8d892bec2fee5f6e34af316ba556e7f97a7069ff1"
+checksum = "a216b506622bb1d316cd51328dce24e07bdff4a6128a47c7e7fad11878d5adbb"
 dependencies = [
 "anstream",
 "anstyle",
@@ -594,7 +588,7 @@ dependencies = [
 "proc-macro-error",
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.40",
 ]

 [[package]]
@@ -722,7 +716,7 @@ dependencies = [
 "heck",
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.40",
 ]

 [[package]]
@@ -790,14 +784,14 @@ dependencies = [

 [[package]]
 name = "filetime"
-version = "0.2.22"
+version = "0.2.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d4029edd3e734da6fe05b6cd7bd2960760a616bd2ddd0d59a0124746d6272af0"
+checksum = "1ee447700ac8aa0b2f2bd7bc4462ad686ba06baa6727ac149a2d6277f0d240fd"
 dependencies = [
 "cfg-if",
 "libc",
- "redox_syscall 0.3.5",
- "windows-sys 0.48.0",
+ "redox_syscall",
+ "windows-sys 0.52.0",
 ]

 [[package]]
@@ -895,7 +889,7 @@ checksum = "53b153fd91e4b0147f4aced87be237c98248656bb01050b96bf3ee89220a8ddb"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.40",
 ]

 [[package]]
@@ -1066,9 +1060,9 @@ checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604"

 [[package]]
 name = "heapless"
-version = "0.7.16"
+version = "0.7.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db04bc24a18b9ea980628ecf00e6c0264f3c1426dac36c00cb49b6fbad8b0743"
+checksum = "cdc6457c0eb62c71aac4bc17216026d8410337c4126773b9c5daba343f17964f"
 dependencies = [
 "atomic-polyfill",
 "hash32",
@@ -1113,16 +1107,18 @@ dependencies = [
 "once_cell",
 "quinn",
 "rand",
- "rustls",
- "rustls-pemfile",
+ "rustls 0.21.10",
+ "rustls-native-certs 0.6.3",
+ "rustls-pemfile 1.0.4",
 "serde",
 "thiserror",
 "tinyvec",
 "tokio",
 "tokio-native-tls",
- "tokio-rustls",
+ "tokio-rustls 0.24.1",
 "tracing",
 "url",
+ "webpki-roots 0.25.3",
 ]

 [[package]]
@@ -1140,14 +1136,16 @@ dependencies = [
 "parking_lot",
 "rand",
 "resolv-conf",
- "rustls",
+ "rustls 0.21.10",
+ "rustls-native-certs 0.6.3",
 "serde",
 "smallvec",
 "thiserror",
 "tokio",
 "tokio-native-tls",
- "tokio-rustls",
+ "tokio-rustls 0.24.1",
 "tracing",
+ "webpki-roots 0.25.3",
 ]

 [[package]]
@@ -1203,9 +1201,9 @@ dependencies = [

 [[package]]
 name = "http-body"
-version = "0.4.5"
+version = "0.4.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d5f38f16d184e36f2408a55281cd658ecbd3ca05cce6d6510a176eca393e26d1"
+checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2"
 dependencies = [
 "bytes",
 "http 0.2.11",
@@ -1265,7 +1263,7 @@ dependencies = [
 "futures-util",
 "h2 0.3.22",
 "http 0.2.11",
- "http-body 0.4.5",
+ "http-body 0.4.6",
 "httparse",
 "httpdate",
 "itoa",
@@ -1306,9 +1304,9 @@ dependencies = [
 "futures-util",
 "http 0.2.11",
 "hyper 0.14.27",
- "rustls",
+ "rustls 0.21.10",
 "tokio",
- "tokio-rustls",
+ "tokio-rustls 0.24.1",
 ]

 [[package]]
@@ -1471,9 +1469,9 @@ dependencies = [

 [[package]]
 name = "itoa"
-version = "1.0.9"
+version = "1.0.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38"
+checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c"

 [[package]]
 name = "jemalloc-sys"
@@ -1543,9 +1541,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"

 [[package]]
 name = "libc"
-version = "0.2.150"
+version = "0.2.151"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c"
+checksum = "302d7ab3130588088d277783b1e2d2e10c9e9e4a16dd9050e6ec93fb3e7048f4"

 [[package]]
 name = "libloading"
@@ -1575,7 +1573,7 @@ checksum = "85c833ca1e66078851dba29046874e38f08b2c883700aa29a03ddd3b23814ee8"
 dependencies = [
 "bitflags 2.4.1",
 "libc",
- "redox_syscall 0.4.1",
+ "redox_syscall",
 ]

 [[package]]
@@ -1710,9 +1708,9 @@ dependencies = [

 [[package]]
 name = "mio"
-version = "0.8.9"
+version = "0.8.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3dce281c5e46beae905d4de1870d8b1509a9142b62eedf18b443b011ca8343d0"
+checksum = "8f3d0b296e374a4e6f3c7b0a1f5a51d748a0d34c85e7dc48fc3fa9a87657fe09"
 dependencies = [
 "libc",
 "log",
@@ -1798,9 +1796,9 @@ dependencies = [

 [[package]]
 name = "once_cell"
-version = "1.18.0"
+version = "1.19.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d"
+checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"

 [[package]]
 name = "opaque-debug"
@@ -1810,9 +1808,9 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"

 [[package]]
 name = "openssl"
-version = "0.10.60"
+version = "0.10.61"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "79a4c6c3a2b158f7f8f2a2fc5a969fa3a068df6fc9dbb4a43845436e3af7c800"
+checksum = "6b8419dc8cc6d866deb801274bba2e6f8f6108c1bb7fcc10ee5ab864931dbb45"
 dependencies = [
 "bitflags 2.4.1",
 "cfg-if",
@@ -1831,7 +1829,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.40",
 ]

 [[package]]
@@ -1842,18 +1840,18 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"

 [[package]]
 name = "openssl-src"
-version = "300.1.6+3.1.4"
+version = "300.2.0+3.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "439fac53e092cd7442a3660c85dde4643ab3b5bd39040912388dcdabf6b88085"
+checksum = "b1ebed1d188c4cd64c2bcd73d6c1fe1092f3d98c111831923cc1b706c3859fca"
 dependencies = [
 "cc",
 ]

 [[package]]
 name = "openssl-sys"
-version = "0.9.96"
+version = "0.9.97"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3812c071ba60da8b5677cc12bcb1d42989a65553772897a7e0355545a819838f"
+checksum = "c3eaad34cdd97d81de97964fc7f29e2d104f483840d906ef56daa1912338460b"
 dependencies = [
 "cc",
 "libc",
@@ -1916,7 +1914,7 @@ checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e"
 dependencies = [
 "cfg-if",
 "libc",
- "redox_syscall 0.4.1",
+ "redox_syscall",
 "smallvec",
 "windows-targets 0.48.5",
 ]
@@ -1958,7 +1956,7 @@ dependencies = [
 "pest_meta",
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.40",
 ]

 [[package]]
@@ -1989,7 +1987,7 @@ checksum = "4359fd9c9171ec6e8c62926d6faaf553a8dc3f64e1507e76da7911b4f6a04405"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.40",
 ]

 [[package]]
@@ -2093,12 +2091,9 @@ dependencies = [

 [[package]]
 name = "qrcode"
-version = "0.12.0"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "16d2f1455f3630c6e5107b4f2b94e74d76dea80736de0981fd27644216cff57f"
-dependencies = [
- "checked_int_cast",
-]
+checksum = "166f136dfdb199f98186f3649cf7a0536534a61417a1a30221b492b4fb60ce3f"

 [[package]]
 name = "quick-error"
@@ -2117,7 +2112,7 @@ dependencies = [
 "quinn-proto",
 "quinn-udp",
 "rustc-hash",
- "rustls",
+ "rustls 0.21.10",
 "thiserror",
 "tokio",
 "tracing",
@@ -2133,7 +2128,7 @@ dependencies = [
 "rand",
 "ring 0.16.20",
 "rustc-hash",
- "rustls",
+ "rustls 0.21.10",
 "slab",
 "thiserror",
 "tinyvec",
@@ -2192,15 +2187,6 @@ dependencies = [
 "getrandom",
 ]

-[[package]]
-name = "redox_syscall"
-version = "0.3.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29"
-dependencies = [
- "bitflags 1.3.2",
-]
-
 [[package]]
 name = "redox_syscall"
 version = "0.4.1"
@@ -2263,7 +2249,7 @@ dependencies = [
 "futures-util",
 "h2 0.3.22",
 "http 0.2.11",
- "http-body 0.4.5",
+ "http-body 0.4.6",
 "hyper 0.14.27",
 "hyper-rustls",
 "hyper-tls",
@@ -2275,22 +2261,22 @@ dependencies = [
 "once_cell",
 "percent-encoding",
 "pin-project-lite",
- "rustls",
- "rustls-native-certs",
- "rustls-pemfile",
+ "rustls 0.21.10",
+ "rustls-native-certs 0.6.3",
+ "rustls-pemfile 1.0.4",
 "serde",
 "serde_json",
 "serde_urlencoded",
 "system-configuration",
 "tokio",
 "tokio-native-tls",
- "tokio-rustls",
+ "tokio-rustls 0.24.1",
 "tower-service",
 "url",
 "wasm-bindgen",
 "wasm-bindgen-futures",
 "web-sys",
- "webpki-roots",
+ "webpki-roots 0.25.3",
 "winreg",
 ]

@@ -2321,9 +2307,9 @@ dependencies = [

 [[package]]
 name = "ring"
-version = "0.17.6"
+version = "0.17.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "684d5e6e18f669ccebf64a92236bb7db9a34f07be010e3627368182027180866"
+checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74"
 dependencies = [
 "cc",
 "getrandom",
@@ -2348,7 +2334,7 @@ dependencies = [
 "p384",
 "pkcs8",
 "rand_core",
- "ring 0.17.6",
+ "ring 0.17.7",
 "signature",
 ]

@@ -2416,9 +2402,9 @@ dependencies = [

 [[package]]
 name = "rustix"
-version = "0.38.26"
+version = "0.38.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9470c4bf8246c8daf25f9598dca807fb6510347b1e1cfa55749113850c79d88a"
+checksum = "72e572a5e8ca657d7366229cdde4bd14c4eb5499a9573d4d366fe1b599daa316"
 dependencies = [
 "bitflags 2.4.1",
 "errno",
@@ -2429,16 +2415,30 @@ dependencies = [

 [[package]]
 name = "rustls"
-version = "0.21.9"
+version = "0.21.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "629648aced5775d558af50b2b4c7b02983a04b312126d45eeead26e7caa498b9"
+checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba"
 dependencies = [
 "log",
- "ring 0.17.6",
- "rustls-webpki",
+ "ring 0.17.7",
+ "rustls-webpki 0.101.7",
 "sct",
 ]

+[[package]]
+name = "rustls"
+version = "0.22.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fe6b63262c9fcac8659abfaa96cac103d28166d3ff3eaf8f412e19f3ae9e5a48"
+dependencies = [
+ "log",
+ "ring 0.17.7",
+ "rustls-pki-types",
+ "rustls-webpki 0.102.0",
+ "subtle",
+ "zeroize",
+]
+
 [[package]]
 name = "rustls-native-certs"
 version = "0.6.3"
@@ -2446,7 +2446,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00"
 dependencies = [
 "openssl-probe",
- "rustls-pemfile",
+ "rustls-pemfile 1.0.4",
+ "schannel",
+ "security-framework",
+]
+
+[[package]]
+name = "rustls-native-certs"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8f1fb85efa936c42c6d5fc28d2629bb51e4b2f4b8a5211e297d599cc5a093792"
+dependencies = [
+ "openssl-probe",
+ "rustls-pemfile 2.0.0",
+ "rustls-pki-types",
 "schannel",
 "security-framework",
 ]
@@ -2460,21 +2473,48 @@ dependencies = [
 "base64",
 ]

+[[package]]
+name = "rustls-pemfile"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "35e4980fa29e4c4b212ffb3db068a564cbf560e51d3944b7c88bd8bf5bec64f4"
+dependencies = [
+ "base64",
+ "rustls-pki-types",
+]
+
+[[package]]
+name = "rustls-pki-types"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e7673e0aa20ee4937c6aacfc12bb8341cfbf054cdd21df6bec5fd0629fe9339b"
+
 [[package]]
 name = "rustls-webpki"
 version = "0.101.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
 dependencies = [
- "ring 0.17.6",
+ "ring 0.17.7",
+ "untrusted 0.9.0",
+]
+
+[[package]]
+name = "rustls-webpki"
+version = "0.102.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "de2635c8bc2b88d367767c5de8ea1d8db9af3f6219eba28442242d9ab81d1b89"
+dependencies = [
+ "ring 0.17.7",
+ "rustls-pki-types",
 "untrusted 0.9.0",
 ]

 [[package]]
 name = "ryu"
-version = "1.0.15"
+version = "1.0.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ad4cc8da4ef723ed60bced201181d83791ad433213d8c24efffda1eec85d741"
+checksum = "f98d2aa92eebf49b69786be48e4477826b256916e84a57ff2a4f21923b48eb4c"

 [[package]]
 name = "same-file"
@@ -2506,7 +2546,7 @@ version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
 dependencies = [
- "ring 0.17.6",
+ "ring 0.17.7",
 "untrusted 0.9.0",
 ]

@@ -2589,7 +2629,7 @@ checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.40",
 ]

 [[package]]
@@ -2651,7 +2691,7 @@ dependencies = [

 [[package]]
 name = "shadowsocks"
-version = "1.17.1"
+version = "1.17.2"
 dependencies = [
 "aes",
 "arc-swap",
@@ -2717,7 +2757,7 @@ dependencies = [

 [[package]]
 name = "shadowsocks-rust"
-version = "1.17.1"
+version = "1.17.2"
 dependencies = [
 "base64",
 "build-time",
@@ -2755,7 +2795,7 @@ dependencies = [

 [[package]]
 name = "shadowsocks-service"
-version = "1.17.1"
+version = "1.17.2"
 dependencies = [
 "arc-swap",
 "async-trait",
@@ -2782,7 +2822,7 @@ dependencies = [
 "pin-project",
 "rand",
 "regex",
- "rustls-native-certs",
+ "rustls-native-certs 0.7.0",
 "serde",
 "shadowsocks",
 "smoltcp",
@@ -2791,9 +2831,9 @@ dependencies = [
 "thiserror",
 "tokio",
 "tokio-native-tls",
- "tokio-rustls",
+ "tokio-rustls 0.25.0",
 "tun",
- "webpki-roots",
+ "webpki-roots 0.26.0",
 "windows-sys 0.52.0",
 ]

@@ -2954,9 +2994,9 @@ dependencies = [

 [[package]]
 name = "syn"
-version = "2.0.39"
+version = "2.0.40"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a"
+checksum = "13fa70a4ee923979ffb522cacce59d34421ebdea5625e1073c4326ef9d2dd42e"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -2965,9 +3005,9 @@ dependencies = [

 [[package]]
 name = "sysexits"
-version = "0.7.6"
+version = "0.7.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e724941c9890385558cc069867fd6e42f5432018a5de81d7e3c3c66755d12f5"
+checksum = "863d0ebf4f8f10e7e33c82f7fe18e2a09952028011bf0cc7a9a3b8df9bb1cf56"

 [[package]]
 name = "system-configuration"
@@ -3013,7 +3053,7 @@ checksum = "7ef1adac450ad7f4b3c28589471ade84f25f731a7a0fe30d71dfa9f60fd808e5"
 dependencies = [
 "cfg-if",
 "fastrand 2.0.1",
- "redox_syscall 0.4.1",
+ "redox_syscall",
 "rustix",
 "windows-sys 0.48.0",
 ]
@@ -3054,7 +3094,7 @@ checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.40",
 ]

 [[package]]
@@ -3084,9 +3124,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"

 [[package]]
 name = "tokio"
-version = "1.34.0"
+version = "1.35.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d0c014766411e834f7af5b8f4cf46257aab4036ca95e9d2c144a10f59ad6f5b9"
+checksum = "841d45b238a16291a4e1584e61820b8ae57d696cc5015c459c229ccc6990cc1c"
 dependencies = [
 "backtrace",
 "bytes",
@@ -3109,7 +3149,7 @@ checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.40",
 ]

 [[package]]
@@ -3128,7 +3168,18 @@ version = "0.24.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
 dependencies = [
- "rustls",
+ "rustls 0.21.10",
+ "tokio",
+]
+
+[[package]]
+name = "tokio-rustls"
+version = "0.25.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f"
+dependencies = [
+ "rustls 0.22.1",
+ "rustls-pki-types",
 "tokio",
 ]

@@ -3189,7 +3240,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.40",
 ]

 [[package]]
@@ -3203,9 +3254,9 @@ dependencies = [

 [[package]]
 name = "try-lock"
-version = "0.2.4"
+version = "0.2.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3528ecfd12c466c6f163363caf2d02a71161dd5e1cc6ae7b34207ea2d42d81ed"
+checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"

 [[package]]
 name = "tun"
@@ -3248,9 +3299,9 @@ checksum = "ed646292ffc8188ef8ea4d1e0e0150fb15a5c2e12ad9b8fc191ae7a8a7f3c4b9"

 [[package]]
 name = "unicode-bidi"
-version = "0.3.13"
+version = "0.3.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460"
+checksum = "6f2528f27a9eb2b21e69c95319b30bd0efd85d09c379741b0f78ea1d86be2416"

 [[package]]
 name = "unicode-ident"
@@ -3374,7 +3425,7 @@ dependencies = [
 "once_cell",
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.40",
 "wasm-bindgen-shared",
 ]

@@ -3408,7 +3459,7 @@ checksum = "f0eb82fcb7930ae6219a7ecfd55b217f5f0893484b7a13022ebb2b2bf20b5283"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.39",
+ "syn 2.0.40",
 "wasm-bindgen-backend",
 "wasm-bindgen-shared",
 ]
@@ -3435,6 +3486,15 @@ version = "0.25.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1778a42e8b3b90bff8d0f5032bf22250792889a5cdc752aa0020c84abe3aaf10"

+[[package]]
+name = "webpki-roots"
+version = "0.26.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0de2cfda980f21be5a7ed2eadb3e6fe074d56022bea2cdeb1a62eb220fc04188"
+dependencies = [
+ "rustls-pki-types",
+]
+
 [[package]]
 name = "widestring"
 version = "1.0.2"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "shadowsocks-rust"
-version = "1.17.1"
+version = "1.17.2"
 authors = ["Shadowsocks Contributors"]
 description = "shadowsocks is a fast tunnel proxy that helps you bypass firewalls."
 repository = "https://github.com/shadowsocks/shadowsocks-rust"
@@ -171,7 +171,7 @@ base64 = "0.21"

 clap = { version = "4.4", features = ["wrap_help", "suggestions"] }
 cfg-if = "1"
-qrcode = { version = "0.12", default-features = false, optional = true }
+qrcode = { version = "0.13", default-features = false, optional = true }
 sysexits = "0.7"
 build-time = "0.1"
 directories = "5.0"
@@ -192,7 +192,7 @@ jemallocator = { version = "0.5", optional = true }
 snmalloc-rs = { version = "0.3", optional = true }
 rpmalloc = { version = "0.2", optional = true }

-shadowsocks-service = { version = "1.17.1", path = "./crates/shadowsocks-service" }
+shadowsocks-service = { version = "1.17.2", path = "./crates/shadowsocks-service" }

 windows-service = { version = "0.6", optional = true }

--- a/crates/shadowsocks-service/Cargo.toml
+++ b/crates/shadowsocks-service/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "shadowsocks-service"
-version = "1.17.1"
+version = "1.17.2"
 authors = ["Shadowsocks Contributors"]
 description = "shadowsocks is a fast tunnel proxy that helps you bypass firewalls."
 repository = "https://github.com/shadowsocks/shadowsocks-rust"
@@ -40,6 +40,8 @@ dns-over-tls = [
    "hickory-dns",
    "hickory-resolver/dns-over-tls",
    "hickory-resolver/dns-over-rustls",
+    "hickory-resolver/webpki-roots",
+    "hickory-resolver/native-certs",
 ]
 dns-over-native-tls = [
    "hickory-dns",
@@ -56,6 +58,8 @@ dns-over-https = [
    "hickory-dns",
    "hickory-resolver/dns-over-https",
    "hickory-resolver/dns-over-https-rustls",
+    "hickory-resolver/webpki-roots",
+    "hickory-resolver/native-certs",
 ]
 dns-over-h3 = ["hickory-dns", "hickory-resolver/dns-over-h3"]

@@ -136,9 +140,9 @@ tokio = { version = "1.5", features = [
 ] }
 tokio-native-tls = { version = "0.3", optional = true }
 native-tls = { version = "0.2.8", optional = true, features = ["alpn"] }
-tokio-rustls = { version = "0.24", optional = true }
-webpki-roots = { version = "0.25", optional = true }
-rustls-native-certs = { version = "0.6.3", optional = true }
+tokio-rustls = { version = "0.25", optional = true }
+webpki-roots = { version = "0.26", optional = true }
+rustls-native-certs = { version = "0.7", optional = true }
 async-trait = "0.1"

 socket2 = { version = "0.5", features = ["all"] }
@@ -172,7 +176,7 @@ smoltcp = { version = "0.10", optional = true, default-features = false, feature
 serde = { version = "1.0", features = ["derive"] }
 json5 = "0.4"

-shadowsocks = { version = "1.17.1", path = "../shadowsocks", default-features = false }
+shadowsocks = { version = "1.17.2", path = "../shadowsocks", default-features = false }

 # Just for the ioctl call macro
 [target.'cfg(any(target_os = "macos", target_os = "ios", target_os = "freebsd", target_os = "netbsd", target_os = "openbsd"))'.dependencies]
--- a/crates/shadowsocks-service/src/local/http/http_stream.rs
+++ b/crates/shadowsocks-service/src/local/http/http_stream.rs
@@ -60,45 +60,34 @@ impl ProxyHttpStream {

    #[cfg(feature = "local-http-rustls")]
    pub async fn connect_https(stream: AutoProxyClientStream, domain: &str) -> io::Result<ProxyHttpStream> {
-        use byte_string::ByteStr;
        use log::warn;
        use once_cell::sync::Lazy;
        use std::sync::Arc;
        use tokio_rustls::{
-            rustls::{Certificate, ClientConfig, OwnedTrustAnchor, RootCertStore, ServerName},
+            rustls::pki_types::ServerName,
+            rustls::{ClientConfig, RootCertStore},
            TlsConnector,
        };

        static TLS_CONFIG: Lazy<Arc<ClientConfig>> = Lazy::new(|| {
            let mut config = ClientConfig::builder()
-                .with_safe_defaults()
                .with_root_certificates(match rustls_native_certs::load_native_certs() {
                    Ok(certs) => {
                        let mut store = RootCertStore::empty();

                        for cert in certs {
-                            let rcert = Certificate(cert.0);
-                            if let Err(err) = store.add(&rcert) {
-                                warn!("failed to add cert, error: {}, cert: {:?}", err, ByteStr::new(&rcert.0));
+                            if let Err(err) = store.add(cert) {
+                                warn!("failed to add cert (native), error: {}", err);
                            }
                        }

                        store
                    }
                    Err(err) => {
-                        warn!("failed to load native certs, {}", err);
-
-                        let mut roots = Vec::with_capacity(webpki_roots::TLS_SERVER_ROOTS.len());
-                        for root in webpki_roots::TLS_SERVER_ROOTS {
-                            roots.push(OwnedTrustAnchor::from_subject_spki_name_constraints(
-                                root.subject,
-                                root.spki,
-                                root.name_constraints,
-                            ));
-                        }
+                        warn!("failed to load native certs, {}, going to load from webpki-roots", err);

                        let mut store = RootCertStore::empty();
-                        store.add_trust_anchors(roots.into_iter());
+                        store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());

                        store
                    }
@@ -122,7 +111,7 @@ impl ProxyHttpStream {
            }
        };

-        let tls_stream = connector.connect(host, stream).await?;
+        let tls_stream = connector.connect(host.to_owned(), stream).await?;

        let (_, session) = tls_stream.get_ref();
        let negotiated_http2 = matches!(session.alpn_protocol(), Some(b"h2"));
--- a/crates/shadowsocks/Cargo.toml
+++ b/crates/shadowsocks/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "shadowsocks"
-version = "1.17.1"
+version = "1.17.2"
 authors = ["Shadowsocks Contributors"]
 description = "shadowsocks is a fast tunnel proxy that helps you bypass firewalls."
 repository = "https://github.com/shadowsocks/shadowsocks-rust"