add support for rustls 0.22

Author: ol-teuto

Cargo.toml

@@ -11,13 +11,14 @@ readme = "README.md"
 [dependencies]
 futures = { version = "0.3", default-features = false }
 ring = { version = "0.16", default-features = false }
-rustls = { version = "0.21", default-features = false }
+rustls = { version = "0.22", default-features = false }
+rustls-pki-types = { version = "1", default-features = false }
 tokio = { version = "1", default-features = false }
 tokio-postgres = { version = "0.7", default-features = false }
-tokio-rustls = { version = "0.24", default-features = false }
+tokio-rustls = { version = "0.25", default-features = false }
 
 [dev-dependencies]
 env_logger = { version = "0.8", default-features = false }
 tokio = { version = "1", features = ["macros", "rt"] }
 tokio-postgres = "0.7"
-rustls = { version = "0.21", features = ["dangerous_configuration"] }
+rustls = { version = "0.22" }

src/lib.rs

@@ -9,7 +9,8 @@ use std::{
 
 use futures::future::{FutureExt, TryFutureExt};
 use ring::digest;
-use rustls::{ClientConfig, ServerName};
+use rustls::ClientConfig;
+use rustls_pki_types::ServerName;
 use tokio::io::{AsyncRead, AsyncWrite, ReadBuf};
 use tokio_postgres::tls::{ChannelBinding, MakeTlsConnect, TlsConnect};
 use tokio_rustls::{client::TlsStream, TlsConnector};
@@ -39,7 +40,7 @@ where
         ServerName::try_from(hostname)
             .map(|dns_name| {
                 RustlsConnect(Some(RustlsConnectData {
-                    hostname: dns_name,
+                    hostname: dns_name.to_owned(),
                     connector: Arc::clone(&self.config).into(),
                 }))
             })
@@ -50,7 +51,7 @@ where
 pub struct RustlsConnect(Option<RustlsConnectData>);
 
 struct RustlsConnectData {
-    hostname: ServerName,
+    hostname: ServerName<'static>,
     connector: TlsConnector,
 }
 
@@ -130,30 +131,62 @@ where
 mod tests {
     use super::*;
     use futures::future::TryFutureExt;
-    use rustls::{client::ServerCertVerified, client::ServerCertVerifier, Certificate, Error};
-    use std::time::SystemTime;
-
+    use rustls::{
+        client::danger::ServerCertVerifier,
+        client::danger::{HandshakeSignatureValid, ServerCertVerified},
+        Error, SignatureScheme,
+    };
+    use rustls_pki_types::{CertificateDer, UnixTime};
+
+    #[derive(Debug)]
     struct AcceptAllVerifier {}
     impl ServerCertVerifier for AcceptAllVerifier {
         fn verify_server_cert(
             &self,
-            _end_entity: &Certificate,
-            _intermediates: &[Certificate],
-            _server_name: &ServerName,
-            _scts: &mut dyn Iterator<Item = &[u8]>,
+            _end_entity: &CertificateDer<'_>,
+            _intermediates: &[CertificateDer<'_>],
+            _server_name: &ServerName<'_>,
             _ocsp_response: &[u8],
-            _now: SystemTime,
+            _now: UnixTime,
         ) -> Result<ServerCertVerified, Error> {
             Ok(ServerCertVerified::assertion())
         }
+
+        fn verify_tls12_signature(
+            &self,
+            _message: &[u8],
+            _cert: &CertificateDer<'_>,
+            _dss: &rustls::DigitallySignedStruct,
+        ) -> Result<rustls::client::danger::HandshakeSignatureValid, Error> {
+            Ok(HandshakeSignatureValid::assertion())
+        }
+
+        fn verify_tls13_signature(
+            &self,
+            _message: &[u8],
+            _cert: &CertificateDer<'_>,
+            _dss: &rustls::DigitallySignedStruct,
+        ) -> Result<rustls::client::danger::HandshakeSignatureValid, Error> {
+            Ok(HandshakeSignatureValid::assertion())
+        }
+
+        fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
+            vec![
+                SignatureScheme::ECDSA_NISTP384_SHA384,
+                SignatureScheme::ECDSA_NISTP256_SHA256,
+                SignatureScheme::RSA_PSS_SHA512,
+                SignatureScheme::RSA_PSS_SHA384,
+                SignatureScheme::RSA_PSS_SHA256,
+                SignatureScheme::ED25519,
+            ]
+        }
     }
 
     #[tokio::test]
     async fn it_works() {
         env_logger::builder().is_test(true).try_init().unwrap();
 
         let mut config = rustls::ClientConfig::builder()
-            .with_safe_defaults()
             .with_root_certificates(rustls::RootCertStore::empty())
             .with_no_client_auth();
         config