diff --git a/Cargo.lock b/Cargo.lock index d9724b63e..fcf68de1f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2427,7 +2427,7 @@ dependencies = [ "regex", "rstest", "rustls", - "rustls-native-certs 0.7.3", + "rustls-native-certs 0.8.0", "rustls-pemfile", "semver", "serde", @@ -3643,9 +3643,9 @@ dependencies = [ [[package]] name = "rstest" -version = "0.21.0" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9afd55a67069d6e434a95161415f5beeada95a01c7b815508a82dcb0e1593682" +checksum = "7b423f0e62bdd61734b67cd21ff50871dfaeb9cc74f869dcd6af974fbcb19936" dependencies = [ "futures", "futures-timer", @@ -3655,9 +3655,9 @@ dependencies = [ [[package]] name = "rstest_macros" -version = "0.21.0" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4165dfae59a39dd41d8dec720d3cbfbc71f69744efb480a3920f5d4e0cc6798d" +checksum = "c5e1711e7d14f74b12a58411c542185ef7fb7f2e7f8ee6e2940a883628522b42" dependencies = [ "cfg-if", "glob", diff --git a/Cargo.toml b/Cargo.toml index d2ad2760a..6b5753b36 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -65,11 +65,11 @@ postgres-protocol = "0.6" pprof = { version = "0.13", features = ["flamegraph", "criterion"] } pretty_assertions = "1" regex = "1" -rstest = "0.21" +rstest = "0.22" rustls = "0.23.12" # ring feature does not require NASM windows executable, but works slower #rustls = { version = "0.23", default-features = false, features = ["logging", "std", "tls12", "ring"] } -rustls-native-certs = "0.7" +rustls-native-certs = "0.8" rustls-pemfile = "2" semver = "1" serde = { version = "1", features = ["derive"] } diff --git a/justfile b/justfile index 7fa1989c8..2603782b2 100644 --- a/justfile +++ b/justfile @@ -299,16 +299,16 @@ fmt2: # Run cargo check check: - RUSTFLAGS='-D warnings' cargo check --bins --tests --lib --benches --examples -p martin-tile-utils - RUSTFLAGS='-D warnings' cargo check --bins --tests --lib --benches --examples -p mbtiles - RUSTFLAGS='-D warnings' cargo check --bins --tests --lib --benches --examples -p mbtiles --no-default-features - RUSTFLAGS='-D warnings' cargo check --bins --tests --lib --benches --examples -p martin - RUSTFLAGS='-D warnings' cargo check --bins --tests --lib --benches --examples -p martin --no-default-features - RUSTFLAGS='-D warnings' cargo check --bins --tests --lib --benches --examples -p martin --no-default-features --features fonts - RUSTFLAGS='-D warnings' cargo check --bins --tests --lib --benches --examples -p martin --no-default-features --features mbtiles - RUSTFLAGS='-D warnings' cargo check --bins --tests --lib --benches --examples -p martin --no-default-features --features pmtiles - RUSTFLAGS='-D warnings' cargo check --bins --tests --lib --benches --examples -p martin --no-default-features --features postgres - RUSTFLAGS='-D warnings' cargo check --bins --tests --lib --benches --examples -p martin --no-default-features --features sprites + RUSTFLAGS='-D warnings' cargo check --all-targets -p martin-tile-utils + RUSTFLAGS='-D warnings' cargo check --all-targets -p mbtiles + RUSTFLAGS='-D warnings' cargo check --all-targets -p mbtiles --no-default-features + RUSTFLAGS='-D warnings' cargo check --all-targets -p martin + RUSTFLAGS='-D warnings' cargo check --all-targets -p martin --no-default-features + RUSTFLAGS='-D warnings' cargo check --all-targets -p martin --no-default-features --features fonts + RUSTFLAGS='-D warnings' cargo check --all-targets -p martin --no-default-features --features mbtiles + RUSTFLAGS='-D warnings' cargo check --all-targets -p martin --no-default-features --features pmtiles + RUSTFLAGS='-D warnings' cargo check --all-targets -p martin --no-default-features --features postgres + RUSTFLAGS='-D warnings' cargo check --all-targets -p martin --no-default-features --features sprites # Verify doc build check-doc: @@ -316,13 +316,17 @@ check-doc: # Run cargo clippy clippy: - cargo clippy --workspace --all-targets --bins --tests --lib --benches --examples -- -D warnings + cargo clippy --workspace --all-targets -- -D warnings # Validate markdown URLs with markdown-link-check clippy-md: docker run -it --rm -v ${PWD}:/workdir --entrypoint sh ghcr.io/tcort/markdown-link-check -c \ 'echo -e "/workdir/README.md\n$(find /workdir/docs/src -name "*.md")" | tr "\n" "\0" | xargs -0 -P 5 -n1 -I{} markdown-link-check --config /workdir/.github/files/markdown.links.config.json {}' +# Update all dependencies including the breaking ones +update-breaking: + cargo +nightly -Z unstable-options update --breaking + # These steps automatically run before git push via a git hook git-pre-push: env-info restart fmt clippy check-doc test check diff --git a/martin/src/pg/errors.rs b/martin/src/pg/errors.rs index 37cd6e7c0..69fc0fb91 100644 --- a/martin/src/pg/errors.rs +++ b/martin/src/pg/errors.rs @@ -13,8 +13,8 @@ pub type PgResult = Result; #[derive(thiserror::Error, Debug)] pub enum PgError { - #[error("Cannot load platform root certificates: {0}")] - CannotLoadRoots(#[source] io::Error), + #[error("Cannot load platform root certificates: {0:?}")] + CannotLoadRoots(Vec), #[error("Cannot open certificate file {}: {0}", .1.display())] CannotOpenCert(#[source] io::Error, PathBuf), diff --git a/martin/src/pg/tls.rs b/martin/src/pg/tls.rs index 894373c06..84e2e2d90 100644 --- a/martin/src/pg/tls.rs +++ b/martin/src/pg/tls.rs @@ -9,7 +9,6 @@ use deadpool_postgres::tokio_postgres::Config; use log::{info, warn}; use regex::Regex; use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; -// use rustls::crypto::ring::default_provider; use rustls::crypto::aws_lc_rs::default_provider; use rustls::crypto::{verify_tls12_signature, verify_tls13_signature}; use rustls::pki_types::{CertificateDer, ServerName, UnixTime}; @@ -156,8 +155,11 @@ pub fn make_connector( } if verify_ca || pg_certs.ssl_root_cert.is_some() || pg_certs.ssl_cert.is_some() { - let certs = load_native_certs().map_err(CannotLoadRoots)?; - for cert in certs { + let certs = load_native_certs(); + if !certs.errors.is_empty() { + return Err(CannotLoadRoots(certs.errors)); + } + for cert in certs.certs { roots.add(cert)?; } }