diff --git a/.github/workflows/build-test-rustls-platform-verifier.yml b/.github/workflows/build-test-rustls-platform-verifier.yml deleted file mode 100644 index 5c37ef3b8..000000000 --- a/.github/workflows/build-test-rustls-platform-verifier.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- - name: Build Test rustls-platform-verifier - - on: - pull_request: - push: - branches: - - "main" - - "rc" - - "hotfix-rc" - workflow_dispatch: - - defaults: - run: - shell: bash - - jobs: - build-windows: - name: Build Windows - runs-on: windows-2022 - steps: - - name: Checkout repo - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - - name: Build - run: cargo build -p test-rustls-platform-verifier --release --target=x86_64-pc-windows-msvc - - - name: Upload artifact - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - with: - name: test-rustls-platform-verifier - path: ./target/x86_64-pc-windows-msvc/release/test-rustls-platform-verifier.exe diff --git a/Cargo.lock b/Cargo.lock index d6ca7b17b..74c2911f0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -440,6 +440,7 @@ dependencies = [ "rand", "rand_chacha", "reqwest", + "rustls-platform-verifier", "schemars", "security-framework", "serde", @@ -1983,7 +1984,6 @@ dependencies = [ "hyper", "hyper-util", "rustls", - "rustls-native-certs", "rustls-pki-types", "tokio", "tokio-rustls", @@ -3155,7 +3155,6 @@ dependencies = [ "pin-project-lite", "quinn", "rustls", - "rustls-native-certs", "rustls-pemfile", "rustls-pki-types", "serde", @@ -3892,16 +3891,6 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "test-rustls-platform-verifier" -version = "0.5.0" -dependencies = [ - "env_logger", - "reqwest", - "rustls-platform-verifier", - "tokio", -] - [[package]] name = "textwrap" version = "0.16.1" diff --git a/Cargo.toml b/Cargo.toml index 87255eeea..e721d9090 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [workspace] resolver = "2" -members = ["crates/*", "test-rustls-platform-verifier"] +members = ["crates/*"] # Global settings for all crates should be defined here [workspace.package] diff --git a/crates/bitwarden-core/Cargo.toml b/crates/bitwarden-core/Cargo.toml index 0cf0a327d..a3aef7e84 100644 --- a/crates/bitwarden-core/Cargo.toml +++ b/crates/bitwarden-core/Cargo.toml @@ -70,8 +70,9 @@ zxcvbn = ">=3.0.1, <4.0" # - WASM doesn't require a TLS stack, as it just uses the browsers/node fetch # - Android uses webpki-roots for the moment reqwest = { version = ">=0.12.5, <0.13", features = [ - "rustls-tls-native-roots", + "rustls-tls-manual-roots", ], default-features = false } +rustls-platform-verifier = "0.3.3" [target.'cfg(target_os = "android")'.dependencies] # On android, the use of rustls-platform-verifier is more complicated and going through some changes at the moment, so we fall back to using webpki-roots diff --git a/crates/bitwarden-core/src/client/client.rs b/crates/bitwarden-core/src/client/client.rs index f4c4caeaf..3ea4ae7e8 100644 --- a/crates/bitwarden-core/src/client/client.rs +++ b/crates/bitwarden-core/src/client/client.rs @@ -24,6 +24,13 @@ impl Client { fn new_client_builder() -> reqwest::ClientBuilder { #[allow(unused_mut)] let mut client_builder = reqwest::Client::builder(); + + #[cfg(all(not(target_os = "android"), not(target_arch = "wasm32")))] + { + client_builder = + client_builder.use_preconfigured_tls(rustls_platform_verifier::tls_config()); + } + client_builder } diff --git a/crates/bws/Cargo.toml b/crates/bws/Cargo.toml index 6686b5e1e..c226f9930 100644 --- a/crates/bws/Cargo.toml +++ b/crates/bws/Cargo.toml @@ -40,7 +40,7 @@ serde_json = "1.0.113" serde_yaml = "0.9" supports-color = "3.0.0" thiserror = "1.0.57" -tokio = { version = "1.36.0", features = ["rt-multi-thread", "macros"] } +tokio = { version = "1.39.2", features = ["rt-multi-thread", "macros"] } toml = "0.8.10" uuid = { version = "1.7.0", features = ["serde"] } diff --git a/test-rustls-platform-verifier/Cargo.toml b/test-rustls-platform-verifier/Cargo.toml deleted file mode 100644 index 6db4f37d5..000000000 --- a/test-rustls-platform-verifier/Cargo.toml +++ /dev/null @@ -1,21 +0,0 @@ -[package] -name = "test-rustls-platform-verifier" -version.workspace = true -authors.workspace = true -edition.workspace = true -rust-version.workspace = true -homepage.workspace = true -repository.workspace = true -license-file.workspace = true -keywords.workspace = true - -[dependencies] -reqwest = { version = "0.12.5", features = [ - "rustls-tls-manual-roots", -], default-features = false } -rustls-platform-verifier = "0.3.3" -tokio = { version = "1.36.0", features = ["rt-multi-thread", "macros"] } -env_logger = "0.11.5" - -[lints] -workspace = true diff --git a/test-rustls-platform-verifier/src/main.rs b/test-rustls-platform-verifier/src/main.rs deleted file mode 100644 index 95664f6e2..000000000 --- a/test-rustls-platform-verifier/src/main.rs +++ /dev/null @@ -1,19 +0,0 @@ -#[tokio::main] -async fn main() -> Result<(), Box> { - env_logger::init(); - - let client = reqwest::Client::builder() - .use_preconfigured_tls(rustls_platform_verifier::tls_config()) - .build() - .expect("Build should not fail"); - let request = client.get("https://httpbin.org/ip").build()?; - let response = client.execute(request).await?; - - let status_code = response.status(); - let content = response.text().await?; - - println!("status_code = {status_code:?}"); - println!("content = {content:?}"); - - Ok(()) -}