update rustls_native_certs dependency

FeraeLabs · Sep 3, 2024 · 7d7e8ad · 7d7e8ad
1 parent 15d05d9
commit 7d7e8ad
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 6 deletions.
diff --git a/skunk/Cargo.toml b/skunk/Cargo.toml
@@ -71,7 +71,7 @@ pin-project-lite = "0.2.14"
 rcgen = { version = "0.13.1", default-features = false, features = ["aws_lc_rs", "pem", "x509-parser"], optional = true }
 regex = "1.10.4"
 rustls = { version = "0.23.5", optional = true }
-rustls-native-certs = "0.7.0"
+rustls-native-certs = "0.8.0"
 rustls-pemfile = { version = "2.1.2", optional = true }
 serde = { version = "1.0.202", features = ["derive"] }
 serde_yml = "0.0.12"

diff --git a/skunk/src/protocol/tls.rs b/skunk/src/protocol/tls.rs
@@ -6,7 +6,10 @@
 
 use std::{
     collections::HashMap,
-    fmt::Debug,
+    fmt::{
+        Debug,
+        Display,
+    },
     fs::File,
     io::BufReader,
     net::IpAddr,
@@ -80,6 +83,9 @@ pub enum Error {
 
     #[error("the target server didn't send a server certificate chain")]
     NoTargetCertificate,
+
+    #[error("error while loading native certificates")]
+    NativeCertsError(#[from] NativeCertsError),
 }
 
 /// A certificate authority
@@ -678,10 +684,44 @@ pub fn default_client_config() -> Result<Arc<ClientConfig>, Error> {
 pub fn native_certificates() -> Result<Arc<RootCertStore>, Error> {
     static CERTS: Lazy<RootCertStore> = Lazy::new();
     CERTS.get_or_try_init(|| {
-        let mut certs = RootCertStore::empty();
-        for cert in rustls_native_certs::load_native_certs()? {
-            certs.add(cert)?;
+        let result = rustls_native_certs::load_native_certs();
+        if !result.errors.is_empty() {
+            Err(NativeCertsError {
+                errors: result.errors,
+            }
+            .into())
+        }
+        else {
+            let mut certs = RootCertStore::empty();
+            for cert in result.certs {
+                certs.add(cert)?;
+            }
+            Ok(certs)
         }
-        Ok(certs)
     })
 }
+
+#[derive(Debug)]
+pub struct NativeCertsError {
+    errors: Vec<rustls_native_certs::Error>,
+}
+
+impl Display for NativeCertsError {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        if self.errors.len() == 1 {
+            write!(f, "{}", self.errors[0])?;
+        }
+        else {
+            for (i, e) in self.errors.iter().enumerate() {
+                writeln!(f, "{i}. {e}")?;
+            }
+        }
+        Ok(())
+    }
+}
+
+impl std::error::Error for NativeCertsError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
+        Some(&self.errors[0])
+    }
+}