Rust TLS config

Infisical · Jan 30, 2024 · 023fcf5 · 023fcf5
1 parent d74e45d
commit 023fcf5
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 14 deletions.
diff --git a/crates/infisical/Cargo.toml b/crates/infisical/Cargo.toml
@@ -27,7 +27,8 @@ num-bigint = ">=0.4, <0.5"
 num-traits = ">=0.2.15, <0.3"
 pbkdf2 = { version = ">=0.12.1, <0.13", default-features = false }
 rand = ">=0.8.5, <0.9"
-#reqwest = { version = ">=0.11, <0.12", features = ["json", "native-tls"], default-features = false }
+reqwest = { version = ">=0.11, <0.12", features = ["json", "rustls-tls-manual-roots"], default-features = false}
+rustls-platform-verifier = "0.1.0"
 rsa = ">=0.9.2, <0.10"
 serde = { version = ">=1.0, <2.0", features = ["derive"] }
 serde_json = ">=1.0.96, <2.0"
@@ -46,7 +47,3 @@ seeded-random = "0.6.0"
 serial_test = "2.0.0"
 dotenv = "0.15.0"
 aes-gcm = "0.10.3"
-
-openssl = {version = "0.10", features = ["vendored"]}
-openssl-sys = {version = "0.9", features = ["vendored"]}
-reqwest = { version = ">=0.11, <0.12", features = ["json", "native-tls-vendored"], default-features = false }
diff --git a/crates/infisical/src/api/access_token.rs b/crates/infisical/src/api/access_token.rs
@@ -15,8 +15,6 @@ pub struct AccessTokenSuccessResponse {
 }
 
 pub async fn access_token_request(client: &mut Client) -> Result<AccessTokenSuccessResponse> {
-    let req_client = reqwest::Client::new();
-
     let mut body = HashMap::new();
     body.insert(
         "clientId",
@@ -34,7 +32,12 @@ pub async fn access_token_request(client: &mut Client) -> Result<AccessTokenSucc
         client.site_url.clone()
     );
 
-    let request = req_client
+    let request_client = reqwest::Client::builder()
+        .use_preconfigured_tls(rustls_platform_verifier::tls_config())
+        .build()
+        .unwrap();
+
+    let request = request_client
         .post(url)
         .header(reqwest::header::CONTENT_TYPE, "application/json")
         .header(reqwest::header::ACCEPT, "application/json")

diff --git a/crates/infisical/src/helper.rs b/crates/infisical/src/helper.rs
@@ -29,19 +29,22 @@ pub fn build_base_request(
         None => Err(Error::MissingAccessToken)?,
     };
 
-    let base_request = reqwest::Client::new()
+    let request_client = reqwest::Client::builder()
+        .use_preconfigured_tls(rustls_platform_verifier::tls_config())
+        .build();
+
+    if request_client.is_err() {
+        return Err(Error::Reqwest(request_client.err().unwrap()))?;
+    }
+
+    let base_request = request_client?
         .request(method, url)
         // Setting JSON as the content type is OK since we only work with JSON.
         .header(reqwest::header::CONTENT_TYPE, "application/json")
         .header(reqwest::header::ACCEPT, "application/json")
         .header("Authorization", token)
         .header(reqwest::header::USER_AGENT, client.user_agent.clone());
 
-    // we need to be able to do .json() on this request
-    // .json(json)
-    // .send()
-    // .await?;
-
     Ok(base_request)
 }