deps: update webpki to rustls-webpki and webpki-roots to latest (#1389)

## Description Replaces [`webpki`](/~https://github.com/briansmith/webpki) with [`rustls-webpki`](/~https://github.com/rustls/webpki) as a fix to https://rustsec.org/advisories/RUSTSEC-2023-0052. Updates `reqwest` and `tokio-rustls-acme` to latest versions (which include the same change from `webpki` to `rustls-webpki`). Also updates `webpki-roots` to the latest version. ## Notes & open questions Did not do any manual testing. Would hope that CI should catch any incompatiblities. ## Change checklist - [x] Self-review. - ~~Documentation updates if relevant.~~ - ~~Tests if relevant.~~
n0-computer · Aug 22, 2023 · a2fc0c1 · a2fc0c1
1 parent b8a1de8
commit a2fc0c1
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 61 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/iroh-net/Cargo.toml b/iroh-net/Cargo.toml
@@ -38,7 +38,7 @@ os_info = "3.6.0"
 postcard = { version = "1", default-features = false, features = ["alloc", "use-std", "experimental-derive"] }
 rand = "0.8"
 rcgen = "0.11"
-reqwest = { version = "0.11.14", default-features = false, features = ["rustls-tls"] }
+reqwest = { version = "0.11.19", default-features = false, features = ["rustls-tls"] }
 ring = "0.16.20"
 rustls = { version = "0.21", default-features = false, features = ["dangerous_configuration"] }
 serde = { version = "1", features = ["derive"] }
@@ -54,12 +54,12 @@ time = "0.3.20"
 tokio = { version = "1", features = ["io-util", "sync", "rt", "net", "fs", "io-std", "signal", "process"] }
 tokio-util = { version = "0.7", features = ["io-util", "io"] }
 tokio-rustls = { version = "0.24" }
-tokio-rustls-acme = { version = "0.1" }
+tokio-rustls-acme = { version = "0.2" }
 tokio-stream = { version = "0.1", features = ["sync"]}
 ucd-parse = "=0.1.10" # pinned to avoid having to bump MSRV to 1.70 (recursive dep of stun-rs)
 url = { version = "2.4", features = ["serde"] }
-webpki = { version = "0.22", features = ["std"] }
-webpki-roots = "0.23.0"
+webpki = { package = "rustls-webpki", version = "0.101.4", features = ["std"] }
+webpki-roots = "0.25"
 wg = "0.3.1"
 quinn = "0.10"
 quinn-proto = "0.10"

diff --git a/iroh-net/src/derp/http/client.rs b/iroh-net/src/derp/http/client.rs
@@ -447,7 +447,7 @@ impl Client {
             debug!("Starting TLS handshake");
             // TODO: review TLS config
             let mut roots = rustls::RootCertStore::empty();
-            roots.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
+            roots.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| {
                 rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
                     ta.subject,
                     ta.spki,