diff --git a/Cargo.lock b/Cargo.lock index 5f2305049..033254c3e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -467,9 +467,9 @@ checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" [[package]] name = "bytes" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89b2fd2a0dcf38d7971e2194b6b6eebab45ae01067456a7fd93d5547a61b70be" +checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" [[package]] name = "bzip2" @@ -494,11 +494,12 @@ dependencies = [ [[package]] name = "cc" -version = "1.0.79" +version = "1.0.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f" +checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" dependencies = [ "jobserver", + "libc", ] [[package]] @@ -907,9 +908,9 @@ checksum = "6184e33543162437515c2e2b48714794e37845ec9851711914eec9d308f6ebe8" [[package]] name = "digest" -version = "0.10.6" +version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ "block-buffer", "crypto-common", @@ -1066,9 +1067,9 @@ dependencies = [ "regex", "reqwest", "rexpect", - "ring", + "ring 0.17.7", "rpassword", - "rustls", + "rustls 0.22.2", "rustyline", "scram", "semver", @@ -1103,7 +1104,6 @@ dependencies = [ "uuid", "wait-timeout", "warp", - "webpki", "which", "whoami", "winapi", @@ -1183,9 +1183,10 @@ dependencies = [ "log", "once_cell", "rand", - "rustls", + "rustls 0.22.2", "rustls-native-certs", - "rustls-pemfile", + "rustls-pemfile 2.1.0", + "rustls-webpki 0.102.2", "scram", "serde", "serde_json", @@ -1196,7 +1197,6 @@ dependencies = [ "tokio", "tokio-stream", "url", - "webpki", "webpki-roots", ] @@ -1526,9 +1526,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.8" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c05aeb6a22b8f62540c194aac980f2115af067bfe15a0734d7277a768d396b31" +checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5" dependencies = [ "cfg-if", "libc", @@ -1951,9 +1951,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.146" +version = "0.2.153" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f92be4933c13fd498862a9e02a3055f8a8d9c039ce33db97306fd5a6caa7f29b" +checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" [[package]] name = "libflate" @@ -2820,12 +2820,26 @@ dependencies = [ "cc", "libc", "once_cell", - "spin", + "spin 0.5.2", "untrusted 0.7.1", "web-sys", "winapi", ] +[[package]] +name = "ring" +version = "0.17.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74" +dependencies = [ + "cc", + "getrandom", + "libc", + "spin 0.9.8", + "untrusted 0.9.0", + "windows-sys 0.48.0", +] + [[package]] name = "rle-decode-fast" version = "1.0.3" @@ -2879,24 +2893,39 @@ dependencies = [ [[package]] name = "rustls" -version = "0.20.8" +version = "0.21.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fff78fc74d175294f4e83b28343315ffcfb114b156f0185e9741cb5570f50e2f" +checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" dependencies = [ "log", - "ring", + "ring 0.17.7", + "rustls-webpki 0.101.7", "sct", - "webpki", +] + +[[package]] +name = "rustls" +version = "0.22.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e87c9956bd9807afa1f77e0f7594af32566e830e088a5576d27c5b6f30f49d41" +dependencies = [ + "log", + "ring 0.17.7", + "rustls-pki-types", + "rustls-webpki 0.102.2", + "subtle", + "zeroize", ] [[package]] name = "rustls-native-certs" -version = "0.6.2" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0167bac7a9f490495f3c33013e7722b53cb087ecbe082fb0c6387c96f634ea50" +checksum = "8f1fb85efa936c42c6d5fc28d2629bb51e4b2f4b8a5211e297d599cc5a093792" dependencies = [ "openssl-probe", - "rustls-pemfile", + "rustls-pemfile 2.1.0", + "rustls-pki-types", "schannel", "security-framework", ] @@ -2910,6 +2939,43 @@ dependencies = [ "base64 0.21.2", ] +[[package]] +name = "rustls-pemfile" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c333bb734fcdedcea57de1602543590f545f127dc8b533324318fd492c5c70b" +dependencies = [ + "base64 0.21.2", + "rustls-pki-types", +] + +[[package]] +name = "rustls-pki-types" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "048a63e5b3ac996d78d402940b5fa47973d2d080c6c6fffa1d0f19c4445310b7" + +[[package]] +name = "rustls-webpki" +version = "0.101.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" +dependencies = [ + "ring 0.17.7", + "untrusted 0.9.0", +] + +[[package]] +name = "rustls-webpki" +version = "0.102.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" +dependencies = [ + "ring 0.17.7", + "rustls-pki-types", + "untrusted 0.9.0", +] + [[package]] name = "rustversion" version = "1.0.12" @@ -2982,7 +3048,7 @@ checksum = "7679a5e6b97bac99b2c208894ba0d34b17d9657f0b728c1cd3bf1c5f7f6ebe88" dependencies = [ "base64 0.13.1", "rand", - "ring", + "ring 0.16.20", ] [[package]] @@ -2991,7 +3057,7 @@ version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" dependencies = [ - "ring", + "ring 0.16.20", "untrusted 0.7.1", ] @@ -3227,6 +3293,12 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + [[package]] name = "static_assertions" version = "1.1.0" @@ -3241,9 +3313,9 @@ checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" [[package]] name = "subtle" -version = "2.4.1" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" +checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" [[package]] name = "syn" @@ -3381,9 +3453,8 @@ dependencies = [ [[package]] name = "test-cert-gen" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "345f92b7cac59507cdaba298c5493f7c40e2063d31f6fc621105183344d5d50a" +version = "0.10.0-pre" +source = "git+https://github.com/elprans/rust-tls-api.git?branch=rustls-22#fd9d3653306e6ad9ca71223009227055d1d5af8a" dependencies = [ "once_cell", "pem 0.8.3", @@ -3455,25 +3526,20 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tls-api" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66d1b3dfb0a60da3e8a130c9f2432063d9979928a05c2b2cdcfc9fd05e4f53a3" +version = "0.10.0-pre" +source = "git+https://github.com/elprans/rust-tls-api.git?branch=rustls-22#fd9d3653306e6ad9ca71223009227055d1d5af8a" dependencies = [ "anyhow", - "log", "pem 0.8.3", "tempfile", "thiserror", "tokio", - "void", - "webpki", ] [[package]] name = "tls-api-not-tls" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "529dda0254aa61462ebe3937ecf877b6b1d7e745d25b74c18ba98593aefd7086" +version = "0.10.0-pre" +source = "git+https://github.com/elprans/rust-tls-api.git?branch=rustls-22#fd9d3653306e6ad9ca71223009227055d1d5af8a" dependencies = [ "anyhow", "thiserror", @@ -3484,25 +3550,23 @@ dependencies = [ [[package]] name = "tls-api-rustls" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "afcd7905a7d9603bc4c1bcf4710141d463cde70f027ab7900bc1d0012712444d" +version = "0.10.0-pre" +source = "git+https://github.com/elprans/rust-tls-api.git?branch=rustls-22#fd9d3653306e6ad9ca71223009227055d1d5af8a" dependencies = [ "anyhow", - "rustls", + "rustls 0.22.2", + "rustls-webpki 0.102.2", "thiserror", "tls-api", "tls-api-test", "tokio", - "webpki", "webpki-roots", ] [[package]] name = "tls-api-test" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9df107843d725428d76bb159040fbae6d1524dcf25d5b24c56daa6b37ce9dbb5" +version = "0.10.0-pre" +source = "git+https://github.com/elprans/rust-tls-api.git?branch=rustls-22#fd9d3653306e6ad9ca71223009227055d1d5af8a" dependencies = [ "anyhow", "env_logger 0.5.13", @@ -3556,13 +3620,12 @@ dependencies = [ [[package]] name = "tokio-rustls" -version = "0.23.4" +version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c43ee83903113e03984cb9e5cebe6c04a5116269e900e3ddba8f068a62adda59" +checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" dependencies = [ - "rustls", + "rustls 0.21.10", "tokio", - "webpki", ] [[package]] @@ -3717,6 +3780,12 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + [[package]] name = "url" version = "2.3.1" @@ -3768,12 +3837,6 @@ version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" -[[package]] -name = "void" -version = "1.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d" - [[package]] name = "wait-timeout" version = "0.2.0" @@ -3812,9 +3875,9 @@ dependencies = [ [[package]] name = "warp" -version = "0.3.5" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba431ef570df1287f7f8b07e376491ad54f84d26ac473489427231e1718e1f69" +checksum = "c1e92e22e03ff1230c03a1a8ee37d2f89cd489e2e541b7550d6afad96faed169" dependencies = [ "bytes", "futures-channel", @@ -3827,7 +3890,7 @@ dependencies = [ "mime_guess", "percent-encoding", "pin-project", - "rustls-pemfile", + "rustls-pemfile 1.0.2", "scoped-tls", "serde", "serde_json", @@ -3950,17 +4013,17 @@ version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd" dependencies = [ - "ring", + "ring 0.16.20", "untrusted 0.7.1", ] [[package]] name = "webpki-roots" -version = "0.22.6" +version = "0.26.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6c71e40d7d2c34a5106301fb632274ca37242cd0c9d3e64dbece371a40a2d87" +checksum = "b3de34ae270483955a94f4b21bdaaeb83d508bb84a01435f393818edb0012009" dependencies = [ - "webpki", + "rustls-pki-types", ] [[package]] @@ -4206,6 +4269,12 @@ version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "09041cd90cf85f7f8b2df60c646f853b7f535ce68f85244eb6731cf89fa498ec" +[[package]] +name = "zeroize" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" + [[package]] name = "zip" version = "0.6.6" diff --git a/Cargo.toml b/Cargo.toml index 43758bf3f..ee57b4271 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,7 +20,7 @@ edgedb-tokio = {git = "https://github.com/edgedb/edgedb-rust/", features=["admin snafu = {version="0.7.0", features=["backtraces"]} ansi-escapes = "0.1" anyhow = "1.0.23" -bytes = "1.0.1" +bytes = "1.5.0" blake2b_simd = "1.0.0" blake3 = "1.1.0" rustyline = { git="https://github.com/tailhook/rustyline", branch="edgedb_20210403"} @@ -77,7 +77,7 @@ base32 = "0.4.0" rand = "0.8.2" downcast-rs = "1.2.0" base64 = "0.13" -ring = {version="0.16.15", features=["std"]} +ring = {version="0.17.7", features=["std"]} shell-escape = "0.1.5" wait-timeout = "0.2.0" indicatif = "0.17.0" @@ -90,8 +90,7 @@ minimad = "0.9.0" edgedb-cli-derive = { path="edgedb-cli-derive" } fs-err = "2.6.0" pem = "1.0.2" -rustls = {version="0.20.2", features=["dangerous_configuration"]} -webpki = "0.22.0" +rustls = {version="0.22.2"} tokio-stream = "0.1.11" futures-util = "0.3.15" # used for signals clicolors-control = "1.0.1" @@ -122,7 +121,7 @@ shutdown_hooks = "0.1.0" test-case = "2.0.0" openssl = "0.10.30" tokio = {version="1.1.0", features=["rt-multi-thread"]} -warp = {version="0.3.2", default-features=false, features=["tls"]} +warp = {version="0.3.6", default-features=false, features=["tls"]} [build-dependencies] serde_json = "1.0" diff --git a/src/commands/ui.rs b/src/commands/ui.rs index 5329e271b..432242e54 100644 --- a/src/commands/ui.rs +++ b/src/commands/ui.rs @@ -257,10 +257,12 @@ mod jwt { fn generate_token(&mut self) -> anyhow::Result { let jws_pem = pem::parse(self.jws_key.as_deref().expect("jws_key not set"))?; + let rand = ring::rand::SystemRandom::new(); let jws = signature::EcdsaKeyPair::from_pkcs8( &signature::ECDSA_P256_SHA256_FIXED_SIGNING, jws_pem.contents.as_slice(), + &rand, )?; let message = format!( "{}.{}", @@ -285,9 +287,12 @@ mod jwt { // Replace this ES256/ECDH-ES implementation using raw ring // with biscuit when the algorithms are supported in biscuit let jwe_pem = pem::parse(self.jwe_key.as_deref().expect("jwe_key not set"))?; + let rand = ring::rand::SystemRandom::new(); + let jwe = signature::EcdsaKeyPair::from_pkcs8( &signature::ECDSA_P256_SHA256_FIXED_SIGNING, jwe_pem.contents.as_slice(), + &rand, )?; let priv_key = @@ -295,7 +300,7 @@ mod jwt { let pub_key = agreement::UnparsedPublicKey::new(&agreement::ECDH_P256, jwe.public_key().as_ref()); let epk = priv_key.compute_public_key()?.as_ref().to_vec(); - let cek = agreement::agree_ephemeral(priv_key, &pub_key, (), |key_material| { + let cek = agreement::agree_ephemeral(priv_key, &pub_key, |key_material| { let mut ctx = digest::Context::new(&digest::SHA256); ctx.update(&[0, 0, 0, 1]); ctx.update(key_material); @@ -304,7 +309,7 @@ mod jwt { ctx.update(&[0, 0, 0, 0]); // PartyUInfo ctx.update(&[0, 0, 0, 0]); // PartyVInfo ctx.update(&[0, 0, 1, 0]); // SuppPubInfo (bitsize=256) - Ok(ctx.finish()) + ctx.finish() }) .map_err(|_| anyhow::anyhow!("Error occurred while deriving key for JWT"))?; let enc_key = diff --git a/src/portable/link.rs b/src/portable/link.rs index 0ff64ad10..c1b36d914 100644 --- a/src/portable/link.rs +++ b/src/portable/link.rs @@ -2,17 +2,18 @@ use std::fmt; use std::fs; use std::path::PathBuf; use std::sync::{Mutex, Arc}; -use std::time::SystemTime; use anyhow::Context; use colorful::Colorful; use pem; use ring::digest; -use rustls::client::{ServerCertVerifier, ServerCertVerified, WebPkiVerifier}; -use rustls::{Certificate, ServerName}; use rustls; -use webpki::TrustAnchor; +use rustls::client::WebPkiServerVerifier; +use rustls::client::danger::{ServerCertVerifier, ServerCertVerified}; +use rustls::client::danger::HandshakeSignatureValid; +use rustls::pki_types::{CertificateDer, ServerName, UnixTime}; +use rustls::{SignatureScheme, DigitallySignedStruct}; use edgedb_tokio::credentials::TlsSecurity; use edgedb_errors::{Error, PasswordRequired, ClientNoCredentialsError}; @@ -21,7 +22,7 @@ use edgedb_tokio::{Builder, Config}; use edgedb_tokio::raw::Connection; use crate::credentials; -use crate::hint::{HintExt}; +use crate::hint::HintExt; use crate::options::{Options, ConnectionOptions}; use crate::options; use crate::portable::destroy::with_projects; @@ -33,9 +34,10 @@ use crate::question; use crate::tty_password; +#[derive(Debug)] struct InteractiveCertVerifier { - inner: WebPkiVerifier, - cert_out: Mutex>, + inner: Arc, + cert_out: Mutex>>, tls_security: TlsSecurity, system_ca_only: bool, non_interactive: bool, @@ -45,28 +47,27 @@ struct InteractiveCertVerifier { impl ServerCertVerifier for InteractiveCertVerifier { fn verify_server_cert(&self, - end_entity: &Certificate, - intermediates: &[Certificate], + end_entity: &CertificateDer<'_>, + intermediates: &[CertificateDer<'_>], server_name: &ServerName, - scts: &mut dyn Iterator, ocsp_response: &[u8], - now: SystemTime + now: UnixTime, ) -> Result { - use rustls::Error::InvalidCertificateData; + use rustls::Error::InvalidCertificate; if let TlsSecurity::Insecure = self.tls_security { return Ok(ServerCertVerified::assertion()); } match self.inner.verify_server_cert( - end_entity, intermediates, server_name, scts, ocsp_response, now) + end_entity, intermediates, server_name, ocsp_response, now) { Ok(val) => { return Ok(val); } - Err(InvalidCertificateData(txt)) if txt.contains("UnknownIssuer") - => { + Err(InvalidCertificate(cert_err)) + if matches!(cert_err, rustls::CertificateError::UnknownIssuer) => { // reconstruct Error for easier fallthrough - let e = InvalidCertificateData(txt); + let e = InvalidCertificate(cert_err); if !self.system_ca_only { // Don't continue if the verification failed when the user @@ -74,20 +75,18 @@ impl ServerCertVerifier for InteractiveCertVerifier { return Err(e); } - // Make sure the verification with the to-be-trusted cert - // trusted is a success before asking the user - let anchor = TrustAnchor::try_from_cert_der(&end_entity.0) - .map_err(|e| InvalidCertificateData(e.to_string()))?; - tls::NoHostnameVerifier::new(vec![anchor.into()]) + let mut root_store = rustls::RootCertStore::empty(); + root_store.add(end_entity.clone())?; + tls::NoHostnameVerifier::new(Arc::new(root_store)) .verify_server_cert( end_entity, intermediates, server_name, - scts, ocsp_response, now + ocsp_response, now )?; // Acquire consensus to trust the root of presented_certs chain let fingerprint = digest::digest( &digest::SHA1_FOR_LEGACY_USE_ONLY, - &end_entity.0, + &end_entity, ); if self.trust_tls_cert { if !self.quiet { @@ -114,13 +113,35 @@ impl ServerCertVerifier for InteractiveCertVerifier { } // Export the cert in PEM format and return verification success - *self.cert_out.lock().unwrap() = Some(end_entity.clone()); + *self.cert_out.lock().unwrap() = Some(end_entity.to_vec()); } Err(e) => return Err(e), } Ok(ServerCertVerified::assertion()) } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, + ) -> Result { + self.inner.verify_tls12_signature(message, cert, dss) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, + ) -> Result { + self.inner.verify_tls13_signature(message, cert, dss) + } + + fn supported_verify_schemes(&self) -> Vec { + self.inner.supported_verify_schemes() + } } fn gen_default_instance_name(input: impl fmt::Display) -> String { @@ -163,9 +184,11 @@ pub fn link(cmd: &Link, opts: &Options) -> anyhow::Result<()> { let config = conn_params(cmd, opts)?; let mut creds = config.as_credentials()?; + let root_cert_store = config.root_cert_store()?; + let inner = WebPkiServerVerifier::builder(Arc::new(root_cert_store)).build()?; let verifier = Arc::new( InteractiveCertVerifier { - inner: WebPkiVerifier::new(config.root_cert_store()?, None), + inner: inner, cert_out: Mutex::new(None), tls_security: creds.tls_security, system_ca_only: creds.tls_ca.is_none(), @@ -195,7 +218,7 @@ pub fn link(cmd: &Link, opts: &Options) -> anyhow::Result<()> { if let Some(cert) = &*verifier.cert_out.lock().unwrap() { let pem = pem::encode(&pem::Pem { tag: "CERTIFICATE".into(), - contents: cert.0.clone(), + contents: cert.to_vec(), }); config = config.with_pem_certificates(&pem)?; } @@ -207,7 +230,7 @@ pub fn link(cmd: &Link, opts: &Options) -> anyhow::Result<()> { if let Some(cert) = &*verifier.cert_out.lock().unwrap() { creds.tls_ca = Some(pem::encode(&pem::Pem { tag: "CERTIFICATE".into(), - contents: cert.0.clone(), + contents: cert.to_vec(), })); }