bitreq: deps: bump rustls to version 0.23

hydra-yse · hydra-yse · commit 7df187761925 · 2026-03-28T16:39:40.000+01:00
diff --git a/bitreq/Cargo.toml b/bitreq/Cargo.toml
@@ -21,7 +21,7 @@ serde_json = { version = "1.0.0", default-features = false, features = ["std"],
 base64 = { version = "0.22", default-features = false, features = ["alloc"], optional = true }
 
 # For rustls-based TLS:
-rustls = { version = "0.21.1", default-features = false, optional = true }
+rustls = { version = "0.23.37", default-features = false, optional = true }
 rustls-native-certs = { version = "0.6.1", default-features = false, optional = true }
 webpki-roots = { version = "0.25.2", default-features = false, optional = true }
 rustls-webpki = { version = "0.101.0", default-features = false, optional = true }
@@ -31,7 +31,7 @@ native-tls = { version = "0.2", default-features = false, optional = true }
 
 # For the async feature:
 tokio = { version = "1.0", default-features = false, features = ["rt", "net", "io-util", "time", "sync"], optional = true }
-tokio-rustls = { version = "0.24", default-features = false, optional = true }
+tokio-rustls = { version = "0.26", default-features = false, optional = true }
 tokio-native-tls = { version = "0.3", default-features = false, optional = true }
 
 log = { version = "0.4.0", default-features = false, optional = true }
diff --git a/bitreq/src/connection/rustls_stream.rs b/bitreq/src/connection/rustls_stream.rs
@@ -12,7 +12,11 @@ use std::sync::OnceLock;
 #[cfg(all(feature = "native-tls", not(feature = "rustls")))]
 use native_tls::{HandshakeError, TlsConnector, TlsStream};
 #[cfg(feature = "rustls")]
-use rustls::{self, ClientConfig, ClientConnection, RootCertStore, ServerName, StreamOwned};
+use rustls::{
+    self,
+    pki_types::{ServerName, TrustAnchor},
+    ClientConfig, ClientConnection, RootCertStore, StreamOwned,
+};
 #[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
 use tokio_native_tls::TlsConnector as AsyncTlsConnector;
 #[cfg(feature = "tokio-rustls")]
@@ -47,19 +51,14 @@ fn build_client_config() -> Arc<ClientConfig> {
     }
 
     #[cfg(feature = "rustls-webpki")]
-    #[allow(deprecated)] // Need to use add_server_trust_anchors to compile with rustls 0.21.1
-    root_certificates.add_server_trust_anchors(TLS_SERVER_ROOTS.iter().map(|ta| {
-        rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
-            ta.subject,
-            ta.spki,
-            ta.name_constraints,
-        )
+    root_certificates.extend(TLS_SERVER_ROOTS.iter().map(|ta| TrustAnchor {
+        subject: ta.subject.into(),
+        subject_public_key_info: ta.spki.into(),
+        name_constraints: ta.name_constraints.map(Into::into),
     }));
 
-    let config = ClientConfig::builder()
-        .with_safe_defaults()
-        .with_root_certificates(root_certificates)
-        .with_no_client_auth();
+    let config =
+        ClientConfig::builder().with_root_certificates(root_certificates).with_no_client_auth();
     Arc::new(config)
 }
 
@@ -71,8 +70,9 @@ pub(super) fn wrap_stream(tcp: TcpStream, host: &str) -> Result<SecuredStream, E
         Ok(result) => result,
         Err(err) => return Err(Error::IoError(io::Error::new(io::ErrorKind::Other, err))),
     };
-    let sess = ClientConnection::new(CONFIG.get_or_init(build_client_config).clone(), dns_name)
-        .map_err(Error::RustlsCreateConnection)?;
+    let sess =
+        ClientConnection::new(CONFIG.get_or_init(build_client_config).clone(), dns_name.to_owned())
+            .map_err(Error::RustlsCreateConnection)?;
 
     #[cfg(feature = "log")]
     log::trace!("Establishing TLS session to {host}.");
@@ -101,7 +101,7 @@ pub(super) async fn wrap_async_stream(
     #[cfg(feature = "log")]
     log::trace!("Establishing TLS session to {host}.");
 
-    let tls = connector.connect(dns_name, tcp).await.map_err(Error::IoError)?;
+    let tls = connector.connect(dns_name.to_owned(), tcp).await.map_err(Error::IoError)?;
 
     Ok(AsyncHttpStream::Secured(Box::new(tls)))
 }
