[SM-1407] Use rustls-tls-native-roots on Windows (#990)

## 🎟️ Tracking https://bitwarden.atlassian.net/browse/SM-1407 ## 📔 Objective We are having TLS runtime issues for GitHub artifacts built on Windows when using `rustls-platform-verifier`. There is a repository with a simplified example showcasing this bug here: https://github.com/Thomas-Avery/test-rustls-platform-verifier The goal of this PR is to use a work-around on Windows until the bug is fixed. A GitHub issue for this has been created: rustls/rustls-platform-verifier#126 ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Protected functional changes with optionality (feature flags) - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team ## 🦮 Reviewer guidelines  - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes
bitwarden · Aug 22, 2024 · aab991f · aab991f
1 parent 4b17741
commit aab991f
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 2 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/bitwarden-core/Cargo.toml b/crates/bitwarden-core/Cargo.toml
@@ -64,14 +64,20 @@ validator = { version = "0.18.1", features = ["derive"] }
 zeroize = { version = ">=1.7.0, <2.0", features = ["derive", "aarch64"] }
 zxcvbn = ">=3.0.1, <4.0"
 
-[target.'cfg(not(target_arch="wasm32"))'.dependencies]
+[target.'cfg(all(not(target_arch="wasm32"), not(windows)))'.dependencies]
 # By default, we use rustls as the TLS stack and rust-platform-verifier to support user-installed root certificates
 # The only exception is WASM, as it just uses the browsers/node fetch
 reqwest = { version = ">=0.12.5, <0.13", features = [
     "rustls-tls-manual-roots",
 ], default-features = false }
 rustls-platform-verifier = "0.3.3"
 
+[target.'cfg(windows)'.dependencies]
+# We are having issues with rustls-platform-verifier on Windows GitHub runners
+reqwest = { version = ">=0.12.5, <0.13", features = [
+    "rustls-tls-native-roots",
+], default-features = false }
+
 [dev-dependencies]
 bitwarden-crypto = { workspace = true }
 rand_chacha = "0.3.1"

diff --git a/crates/bitwarden-core/src/client/client.rs b/crates/bitwarden-core/src/client/client.rs
@@ -25,7 +25,7 @@ impl Client {
             #[allow(unused_mut)]
             let mut client_builder = reqwest::Client::builder();
 
-            #[cfg(not(target_arch = "wasm32"))]
+            #[cfg(all(not(target_arch = "wasm32"), not(windows)))]
             {
                 client_builder =
                     client_builder.use_preconfigured_tls(rustls_platform_verifier::tls_config());
@@ -86,6 +86,7 @@ impl Client {
 
 #[cfg(test)]
 mod tests {
+    #[cfg(all(not(target_arch = "wasm32"), not(windows)))]
     #[test]
     fn test_reqwest_rustls_platform_verifier_are_compatible() {
         // rustls-platform-verifier is generating a rustls::ClientConfig,