From 556dc24aefa15ce3106c115eeab42066df4eee90 Mon Sep 17 00:00:00 2001 From: Aviram Hassan Date: Tue, 16 Apr 2024 11:19:28 +0300 Subject: [PATCH] Change reqwest to use rustls with native certificates to work in more cases (#2373) --- Cargo.lock | 13 +++++++++++++ Cargo.toml | 2 +- changelog.d/+reqwest-trust-ca.fixed.md | 1 + mirrord/auth/Cargo.toml | 2 +- mirrord/operator/Cargo.toml | 2 +- 5 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 changelog.d/+reqwest-trust-ca.fixed.md diff --git a/Cargo.lock b/Cargo.lock index 7e89a09bcd4..244fdce6335 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4918,6 +4918,7 @@ dependencies = [ "system-configuration", "tokio", "tokio-rustls 0.24.1", + "tokio-socks", "tower-service", "url", "wasm-bindgen", @@ -6162,6 +6163,18 @@ dependencies = [ "tokio", ] +[[package]] +name = "tokio-socks" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51165dfa029d2a65969413a6cc96f354b86b464498702f174a4efa13608fd8c0" +dependencies = [ + "either", + "futures-util", + "thiserror", + "tokio", +] + [[package]] name = "tokio-stream" version = "0.1.14" diff --git a/Cargo.toml b/Cargo.toml index b538cd21774..fd0c1054d54 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -53,7 +53,7 @@ tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] } futures = "0.3" thiserror = "1" k8s-openapi = { version = "0.20", features = ["v1_24"] } -reqwest = { version = "0.11", default-features = false, features = ["blocking", "rustls-tls", "json"] } +reqwest = { version = "0.11", default-features = false, features = ["blocking", "rustls-tls-native-roots", "json", "socks"] } kube = { git = "https://github.com/metalbear-co/kube", default-features = false, features = ["runtime", "derive", "client", "ws", "rustls-tls", "oidc", "socks5", "http_proxy"] } trust-dns-resolver = { version = "0.22", features = ["serde-config", "tokio-runtime"] } tokio-util = { version = "0.7", features = ["net", "codec"] } diff --git a/changelog.d/+reqwest-trust-ca.fixed.md b/changelog.d/+reqwest-trust-ca.fixed.md new file mode 100644 index 00000000000..45e5d998810 --- /dev/null +++ b/changelog.d/+reqwest-trust-ca.fixed.md @@ -0,0 +1 @@ +Change reqwest to use rustls with native certificates to work in more cases \ No newline at end of file diff --git a/mirrord/auth/Cargo.toml b/mirrord/auth/Cargo.toml index 0b676d3f661..307dae937ac 100644 --- a/mirrord/auth/Cargo.toml +++ b/mirrord/auth/Cargo.toml @@ -41,5 +41,5 @@ tokio = { workspace = true, features = ["fs"], optional = true } thiserror = "1" x509-certificate = "0.19" # not direct dependency, but if we don't put it here it'll use openssl :( -reqwest = { workspace = true, features=["json", "rustls-tls"], default-features = false, optional = true } +reqwest = { workspace = true, features=["json", "rustls-tls-native-roots"], default-features = false, optional = true } tracing.workspace = true \ No newline at end of file diff --git a/mirrord/operator/Cargo.toml b/mirrord/operator/Cargo.toml index 45bd5fb295d..f6fd689e9ae 100644 --- a/mirrord/operator/Cargo.toml +++ b/mirrord/operator/Cargo.toml @@ -60,7 +60,7 @@ k8s-openapi = { workspace = true, optional = true } kube = { workspace = true, features = ["derive", "ws"], optional = true } futures = { workspace = true, optional = true } rand = { workspace = true, optional = true } -reqwest = { workspace = true, default-features = false, features = ["blocking", "json", "rustls-tls"], optional = true } +reqwest = { workspace = true, default-features = false, features = ["blocking", "json", "rustls-tls-native-roots"], optional = true } schemars = { version = "0.8", features = ["chrono"] } serde.workspace = true serde_json = { workspace = true, optional = true }