From faaec9e29443f7c7557f6c7c91011040911e1f5c Mon Sep 17 00:00:00 2001 From: "Dustin J. Mitchell" Date: Sun, 27 Oct 2024 09:33:27 -0400 Subject: [PATCH] Support ENABLE_TLS_NATIVE_ROOTS to use system TLS CAs --- Cargo.lock | 63 ++++++++++++++++++++++++++++- src/taskchampion-cpp/CMakeLists.txt | 10 ++++- src/taskchampion-cpp/Cargo.toml | 4 ++ 3 files changed, 75 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 109187613..5e45aa173 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -912,6 +912,12 @@ version = "1.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775" +[[package]] +name = "openssl-probe" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" + [[package]] name = "parking_lot" version = "0.12.3" @@ -1075,7 +1081,7 @@ dependencies = [ "percent-encoding", "pin-project-lite", "rustls 0.21.12", - "rustls-pemfile", + "rustls-pemfile 1.0.4", "serde", "serde_json", "serde_urlencoded", @@ -1156,6 +1162,19 @@ dependencies = [ "zeroize", ] +[[package]] +name = "rustls-native-certs" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5bfb394eeed242e909609f56089eecfe5fda225042e8b171791b9c95f5931e5" +dependencies = [ + "openssl-probe", + "rustls-pemfile 2.2.0", + "rustls-pki-types", + "schannel", + "security-framework", +] + [[package]] name = "rustls-pemfile" version = "1.0.4" @@ -1165,6 +1184,15 @@ dependencies = [ "base64 0.21.7", ] +[[package]] +name = "rustls-pemfile" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50" +dependencies = [ + "rustls-pki-types", +] + [[package]] name = "rustls-pki-types" version = "1.9.0" @@ -1204,6 +1232,15 @@ version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" +[[package]] +name = "schannel" +version = "0.1.26" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "01227be5826fa0690321a2ba6c5cd57a19cf3f6a09e76973b58e61de6ab9d1c1" +dependencies = [ + "windows-sys 0.59.0", +] + [[package]] name = "scopeguard" version = "1.2.0" @@ -1226,6 +1263,29 @@ dependencies = [ "untrusted", ] +[[package]] +name = "security-framework" +version = "2.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" +dependencies = [ + "bitflags 2.6.0", + "core-foundation", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + +[[package]] +name = "security-framework-sys" +version = "2.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea4a292869320c0272d7bc55a5a6aafaff59b4f63404a003887b679a2e05b4b6" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "serde" version = "1.0.210" @@ -1665,6 +1725,7 @@ dependencies = [ "log", "once_cell", "rustls 0.23.14", + "rustls-native-certs", "rustls-pki-types", "url", "webpki-roots 0.26.6", diff --git a/src/taskchampion-cpp/CMakeLists.txt b/src/taskchampion-cpp/CMakeLists.txt index 241273d6c..a0d4a42ab 100644 --- a/src/taskchampion-cpp/CMakeLists.txt +++ b/src/taskchampion-cpp/CMakeLists.txt @@ -7,12 +7,20 @@ else() add_subdirectory(${CMAKE_SOURCE_DIR}/src/taskchampion-cpp/corrosion) endif() +OPTION (ENABLE_TLS_NATIVE_ROOTS "Use the system's TLS root certificates" OFF) + +if (ENABLE_TLS_NATIVE_ROOTS) + message ("Enabling native TLS roots") + set(TASKCHAMPION_FEATURES "tls-native-roots") +endif (ENABLE_TLS_NATIVE_ROOTS) + # Import taskchampion-lib as a CMake library. This implements the Rust side of # the cxxbridge, and depends on the `taskchampion` crate. corrosion_import_crate( MANIFEST_PATH "${CMAKE_SOURCE_DIR}/Cargo.toml" LOCKED - CRATES "taskchampion-lib") + CRATES "taskchampion-lib" + FEATURES "${TASKCHAMPION_FEATURES}") # Set up `taskchampion-cpp`, the C++ side of the bridge. corrosion_add_cxxbridge(taskchampion-cpp diff --git a/src/taskchampion-cpp/Cargo.toml b/src/taskchampion-cpp/Cargo.toml index fb352ad94..a298eaa05 100644 --- a/src/taskchampion-cpp/Cargo.toml +++ b/src/taskchampion-cpp/Cargo.toml @@ -11,5 +11,9 @@ crate-type = ["staticlib"] taskchampion = "0.8.0" cxx = "1.0.124" +[features] +# use native CA roots, instead of bundled +tls-native-roots = ["taskchampion/tls-native-roots"] + [build-dependencies] cxx-build = "1.0"