Cache openssl cert lookup and don't bail on error

sfackler · Feb 19, 2025 · c5289c0 · c5289c0
1 parent e861c7c
commit c5289c0
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 5 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -20,7 +20,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: sfackler/actions/rustup@master
       - uses: sfackler/actions/rustfmt@master
-  
+
   windows:
     strategy:
       fail-fast: false
@@ -35,7 +35,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: sfackler/actions/rustup@master
         with:
-          version: 1.65.0
+          version: 1.80.0
       - run: echo "::set-output name=version::$(rustc --version)"
         id: rust-version
       - uses: actions/cache@v1

diff --git a/Cargo.toml b/Cargo.toml
@@ -6,7 +6,7 @@ license = "MIT OR Apache-2.0"
 description = "A wrapper over a platform's native TLS implementation"
 repository = "https://github.com/sfackler/rust-native-tls"
 readme = "README.md"
-rust-version = "1.53.0"
+rust-version = "1.80.0"
 
 [package.metadata.docs.rs]
 features = ["alpn"]

diff --git a/build.rs b/build.rs
@@ -17,4 +17,6 @@ fn main() {
             println!("cargo:rustc-cfg=have_min_max_version");
         }
     }
+
+    println!("cargo::rustc-check-cfg=cfg(have_min_max_version)")
 }
diff --git a/src/imp/openssl.rs b/src/imp/openssl.rs
@@ -11,12 +11,16 @@ use self::openssl::ssl::{
     SslVerifyMode,
 };
 use self::openssl::x509::{store::X509StoreBuilder, X509VerifyResult, X509};
+use self::openssl_probe::ProbeResult;
 use std::error;
 use std::fmt;
 use std::io;
+use std::sync::LazyLock;
 
 use {Protocol, TlsAcceptorBuilder, TlsConnectorBuilder};
 
+static PROBE_RESULT: LazyLock<ProbeResult> = LazyLock::new(openssl_probe::probe);
+
 #[cfg(have_min_max_version)]
 fn supported_protocols(
     min: Option<Protocol>,
@@ -268,8 +272,17 @@ impl TlsConnector {
     pub fn new(builder: &TlsConnectorBuilder) -> Result<TlsConnector, Error> {
         let mut connector = SslConnector::builder(SslMethod::tls())?;
 
-        let probe = openssl_probe::probe();
-        connector.load_verify_locations(probe.cert_file.as_deref(), probe.cert_dir.as_deref())?;
+        // We need to load these separately so an error on one doesn't prevent the other from loading.
+        if let Some(cert_file) = &PROBE_RESULT.cert_file {
+            if let Err(e) = connector.load_verify_locations(Some(cert_file), None) {
+                debug!("load_verify_locations cert file error: {:?}", e);
+            }
+        }
+        if let Some(cert_dir) = &PROBE_RESULT.cert_dir {
+            if let Err(e) = connector.load_verify_locations(None, Some(cert_dir)) {
+                debug!("load_verify_locations cert dir error: {:?}", e);
+            }
+        }
 
         if let Some(ref identity) = builder.identity {
             connector.set_certificate(&identity.0.cert)?;
-Original file line number
+Diff line change
@@ Expand Up / @@ -17,4 +17,6 @@ fn main() { @@
                 println!("cargo:rustc-cfg=have_min_max_version");
             }
         }
+        println!("cargo::rustc-check-cfg=cfg(have_min_max_version)")
     }