diff --git a/keyserver/addons/rust-node-addon/Cargo.lock b/keyserver/addons/rust-node-addon/Cargo.lock
--- a/keyserver/addons/rust-node-addon/Cargo.lock
+++ b/keyserver/addons/rust-node-addon/Cargo.lock
@@ -1422,6 +1422,7 @@
"tower-layer",
"tower-service",
"tracing",
+ "webpki-roots",
]
[[package]]
@@ -1678,6 +1679,15 @@
"wasm-bindgen",
]
+[[package]]
+name = "webpki-roots"
+version = "0.23.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b03058f88386e5ff5310d9111d53f48b17d732b401aeb83a8d5190f2ac459338"
+dependencies = [
+ "rustls-webpki",
+]
+
[[package]]
name = "which"
version = "4.4.0"
diff --git a/native/native_rust_library/Cargo.lock b/native/native_rust_library/Cargo.lock
--- a/native/native_rust_library/Cargo.lock
+++ b/native/native_rust_library/Cargo.lock
@@ -1106,7 +1106,7 @@
dependencies = [
"log",
"ring",
- "rustls-webpki",
+ "rustls-webpki 0.101.6",
"sct",
]
@@ -1119,6 +1119,16 @@
"base64",
]
+[[package]]
+name = "rustls-webpki"
+version = "0.100.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5f6a5fc258f1c1276dfe3016516945546e2d5383911efc0fc4f1cdc5df3a4ae3"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
[[package]]
name = "rustls-webpki"
version = "0.101.6"
@@ -1440,6 +1450,7 @@
"tower-layer",
"tower-service",
"tracing",
+ "webpki-roots",
]
[[package]]
@@ -1696,6 +1707,15 @@
"wasm-bindgen",
]
+[[package]]
+name = "webpki-roots"
+version = "0.23.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b03058f88386e5ff5310d9111d53f48b17d732b401aeb83a8d5190f2ac459338"
+dependencies = [
+ "rustls-webpki 0.100.3",
+]
+
[[package]]
name = "which"
version = "4.3.0"
diff --git a/services/identity/Cargo.lock b/services/identity/Cargo.lock
--- a/services/identity/Cargo.lock
+++ b/services/identity/Cargo.lock
@@ -2278,7 +2278,7 @@
dependencies = [
"log",
"ring",
- "rustls-webpki",
+ "rustls-webpki 0.101.4",
"sct",
]
@@ -2303,6 +2303,16 @@
"base64",
]
+[[package]]
+name = "rustls-webpki"
+version = "0.100.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5f6a5fc258f1c1276dfe3016516945546e2d5383911efc0fc4f1cdc5df3a4ae3"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
[[package]]
name = "rustls-webpki"
version = "0.101.4"
@@ -2815,6 +2825,7 @@
"tower-layer",
"tower-service",
"tracing",
+ "webpki-roots",
]
[[package]]
@@ -3192,6 +3203,15 @@
"untrusted",
]
+[[package]]
+name = "webpki-roots"
+version = "0.23.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b03058f88386e5ff5310d9111d53f48b17d732b401aeb83a8d5190f2ac459338"
+dependencies = [
+ "rustls-webpki 0.100.3",
+]
+
[[package]]
name = "which"
version = "4.4.0"
diff --git a/shared/grpc_clients/Cargo.lock b/shared/grpc_clients/Cargo.lock
--- a/shared/grpc_clients/Cargo.lock
+++ b/shared/grpc_clients/Cargo.lock
@@ -821,7 +821,7 @@
dependencies = [
"log",
"ring",
- "rustls-webpki",
+ "rustls-webpki 0.101.4",
"sct",
]
@@ -834,6 +834,16 @@
"base64",
]
+[[package]]
+name = "rustls-webpki"
+version = "0.100.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5f6a5fc258f1c1276dfe3016516945546e2d5383911efc0fc4f1cdc5df3a4ae3"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
[[package]]
name = "rustls-webpki"
version = "0.101.4"
@@ -1074,6 +1084,7 @@
"tower-layer",
"tower-service",
"tracing",
+ "webpki-roots",
]
[[package]]
@@ -1286,6 +1297,15 @@
"wasm-bindgen",
]
+[[package]]
+name = "webpki-roots"
+version = "0.23.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b03058f88386e5ff5310d9111d53f48b17d732b401aeb83a8d5190f2ac459338"
+dependencies = [
+ "rustls-webpki 0.100.3",
+]
+
[[package]]
name = "which"
version = "4.4.0"
diff --git a/shared/grpc_clients/Cargo.toml b/shared/grpc_clients/Cargo.toml
--- a/shared/grpc_clients/Cargo.toml
+++ b/shared/grpc_clients/Cargo.toml
@@ -6,7 +6,7 @@
[dependencies]
derive_more = "0.99"
prost = "0.11"
-tonic = { version = "0.9.1", features = ["tls"]}
+tonic = { version = "0.9.1", features = ["tls-webpki-roots"] }
tracing = "0.1"
tracing-subscriber = { version = "0.3.16", features = ["env-filter"] }
diff --git a/shared/grpc_clients/src/lib.rs b/shared/grpc_clients/src/lib.rs
--- a/shared/grpc_clients/src/lib.rs
+++ b/shared/grpc_clients/src/lib.rs
@@ -6,43 +6,18 @@
pub use tonic;
use error::Error;
-use std::path::Path;
use std::time::Duration;
-use tonic::transport::{Certificate, Channel, ClientTlsConfig};
+use tonic::transport::Channel;
use tracing::info;
-const CERT_PATHS: &[&str] = &[
- // MacOS and newer Ubuntu
- "/etc/ssl/cert.pem",
- // Common CA cert paths
- "/etc/ssl/certs/ca-bundle.crt",
- "/etc/ssl/certs/ca-certificates.crt",
-];
const CONNECT_TIMEOUT_DURATION: Duration = Duration::from_secs(5);
-pub(crate) fn get_ca_cert_contents() -> Option<String> {
- CERT_PATHS
- .iter()
- .map(Path::new)
- .filter(|p| p.exists())
- .filter_map(|f| std::fs::read_to_string(f).ok())
- .next()
-}
pub(crate) async fn get_grpc_service_channel(
url: &str,
) -> Result<Channel, Error> {
- let ca_cert = crate::get_ca_cert_contents().expect("Unable to get CA bundle");
-
info!("Connecting to gRPC service at {}", url);
- let mut channel = Channel::from_shared(url.to_string())?
+ let channel = Channel::from_shared(url.to_string())?
.connect_timeout(CONNECT_TIMEOUT_DURATION);
- // tls_config will fail if the underlying URI is only http://
- if url.starts_with("https:") {
- channel = channel.tls_config(
- ClientTlsConfig::new().ca_certificate(Certificate::from_pem(&ca_cert)),
- )?
- }
-
Ok(channel.connect().await?)
}