Stop using deprecated openssl-probe APIs

sfackler · Jan 25, 2025 · a35127a · a35127a
1 parent a0e6f18
commit a35127a
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 11 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -36,3 +36,7 @@ openssl-probe = "0.1"
 [dev-dependencies]
 tempfile = "3.0"
 test-cert-gen = "0.9"
+
+[patch.crates-io]
+openssl = { git = "https://github.com/sfackler/rust-openssl", branch = "verify-locations" }
+openssl-sys = { git = "https://github.com/sfackler/rust-openssl", branch = "verify-locations" }
diff --git a/src/imp/openssl.rs b/src/imp/openssl.rs
@@ -14,7 +14,6 @@ use self::openssl::x509::{store::X509StoreBuilder, X509VerifyResult, X509};
 use std::error;
 use std::fmt;
 use std::io;
-use std::sync::Once;
 
 use {Protocol, TlsAcceptorBuilder, TlsConnectorBuilder};
 
@@ -85,11 +84,6 @@ fn supported_protocols(
     Ok(())
 }
 
-fn init_trust() {
-    static ONCE: Once = Once::new();
-    ONCE.call_once(openssl_probe::init_ssl_cert_env_vars);
-}
-
 #[cfg(target_os = "android")]
 fn load_android_root_certs(connector: &mut SslContextBuilder) -> Result<(), Error> {
     use std::fs;
@@ -272,9 +266,11 @@ pub struct TlsConnector {
 
 impl TlsConnector {
     pub fn new(builder: &TlsConnectorBuilder) -> Result<TlsConnector, Error> {
-        init_trust();
-
         let mut connector = SslConnector::builder(SslMethod::tls())?;
+
+        let probe = openssl_probe::probe();
+        connector.load_verify_locations(probe.cert_file.as_deref(), probe.cert_dir.as_deref())?;
+
         if let Some(ref identity) = builder.identity {
             connector.set_certificate(&identity.0.cert)?;
             connector.set_private_key(&identity.0.pkey)?;

diff --git a/src/lib.rs b/src/lib.rs
@@ -103,16 +103,16 @@ use std::fmt;
 use std::io;
 use std::result;
 
-#[cfg(not(any(target_os = "windows", target_vendor = "apple",)))]
+#[cfg(not(any(target_os = "windows", target_vendor = "apple")))]
 #[macro_use]
 extern crate log;
-#[cfg(any(target_vendor = "apple",))]
+#[cfg(target_vendor = "apple")]
 #[path = "imp/security_framework.rs"]
 mod imp;
 #[cfg(target_os = "windows")]
 #[path = "imp/schannel.rs"]
 mod imp;
-#[cfg(not(any(target_vendor = "apple", target_os = "windows",)))]
+#[cfg(not(any(target_vendor = "apple", target_os = "windows")))]
 #[path = "imp/openssl.rs"]
 mod imp;