From a35127a5cc6d0519c4d6b4dce1fb14ab945ad347 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Sat, 25 Jan 2025 13:57:16 -0500
Subject: [PATCH] Stop using deprecated openssl-probe APIs

---
 Cargo.toml         |  4 ++++
 src/imp/openssl.rs | 12 ++++--------
 src/lib.rs         |  6 +++---
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index dc50f8c4..a9158857 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -36,3 +36,7 @@ openssl-probe = "0.1"
 [dev-dependencies]
 tempfile = "3.0"
 test-cert-gen = "0.9"
+
+[patch.crates-io]
+openssl = { git = "https://github.com/sfackler/rust-openssl", branch = "verify-locations" }
+openssl-sys = { git = "https://github.com/sfackler/rust-openssl", branch = "verify-locations" }
diff --git a/src/imp/openssl.rs b/src/imp/openssl.rs
index 8fc43620..7d7e39c6 100644
--- a/src/imp/openssl.rs
+++ b/src/imp/openssl.rs
@@ -14,7 +14,6 @@ use self::openssl::x509::{store::X509StoreBuilder, X509VerifyResult, X509};
 use std::error;
 use std::fmt;
 use std::io;
-use std::sync::Once;
 
 use {Protocol, TlsAcceptorBuilder, TlsConnectorBuilder};
 
@@ -85,11 +84,6 @@ fn supported_protocols(
     Ok(())
 }
 
-fn init_trust() {
-    static ONCE: Once = Once::new();
-    ONCE.call_once(openssl_probe::init_ssl_cert_env_vars);
-}
-
 #[cfg(target_os = "android")]
 fn load_android_root_certs(connector: &mut SslContextBuilder) -> Result<(), Error> {
     use std::fs;
@@ -272,9 +266,11 @@ pub struct TlsConnector {
 
 impl TlsConnector {
     pub fn new(builder: &TlsConnectorBuilder) -> Result<TlsConnector, Error> {
-        init_trust();
-
         let mut connector = SslConnector::builder(SslMethod::tls())?;
+
+        let probe = openssl_probe::probe();
+        connector.load_verify_locations(probe.cert_file.as_deref(), probe.cert_dir.as_deref())?;
+
         if let Some(ref identity) = builder.identity {
             connector.set_certificate(&identity.0.cert)?;
             connector.set_private_key(&identity.0.pkey)?;
diff --git a/src/lib.rs b/src/lib.rs
index 0f738dfd..30c53ff0 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -103,16 +103,16 @@ use std::fmt;
 use std::io;
 use std::result;
 
-#[cfg(not(any(target_os = "windows", target_vendor = "apple",)))]
+#[cfg(not(any(target_os = "windows", target_vendor = "apple")))]
 #[macro_use]
 extern crate log;
-#[cfg(any(target_vendor = "apple",))]
+#[cfg(target_vendor = "apple")]
 #[path = "imp/security_framework.rs"]
 mod imp;
 #[cfg(target_os = "windows")]
 #[path = "imp/schannel.rs"]
 mod imp;
-#[cfg(not(any(target_vendor = "apple", target_os = "windows",)))]
+#[cfg(not(any(target_vendor = "apple", target_os = "windows")))]
 #[path = "imp/openssl.rs"]
 mod imp;