apple-codesign: use native TLS roots

We should respect the system's cert store, which may contain private CAs used by corporate proxies which we may connect to. Closes #85.
indygreg · Nov 4, 2023 · 14debcd · 14debcd
1 parent bd1fdd4
commit 14debcd
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 2 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/app-store-connect/CHANGELOG.md b/app-store-connect/CHANGELOG.md
@@ -8,6 +8,10 @@ Released on ReleaseDate.
 
 * Minimum supported Rust version changed from 1.62 to 1.64.
 * CLI code moved from `main.rs` to a `cli` module.
+* HTTP requests now use the operating system's trusted X.509 certificates
+  instead of a default set (based off Mozilla's maintained list). This should
+  allow connections to HTTP proxies using custom/private certificate authorities
+  to work, assuming certificates are installed on the local system. (#85)
 * jsonwebtoken 8.3 -> 9.1.
 * pem 1.1 -> 3.0.
 * rsa 0.7 -> 0.8.

diff --git a/app-store-connect/Cargo.toml b/app-store-connect/Cargo.toml
@@ -20,7 +20,7 @@ jsonwebtoken = "9.1.0"
 log = "0.4.20"
 pem = "3.0.2"
 rand = "0.8.5"
-reqwest = { version = "0.11.22", default-features = false, features = ["blocking", "json", "rustls-tls"] }
+reqwest = { version = "0.11.22", default-features = false, features = ["blocking", "json", "rustls-tls-native-roots"] }
 rsa = "0.9.3"
 serde = { version = "1.0.190", features = ["derive"] }
 serde_json = "1.0.108"

diff --git a/apple-codesign/CHANGELOG.md b/apple-codesign/CHANGELOG.md
@@ -43,6 +43,10 @@ Released on ReleaseDate.
   Apple's tooling.
 * Code signature data is now aligned to 16 byte boundaries in Mach-O binaries.
   This matches the behavior of Apple tooling.
+* HTTP requests now use the operating system's trusted X.509 certificates
+  instead of a default set (based off Mozilla's maintained list). This should
+  allow connections to HTTP proxies using custom/private certificate authorities
+  to work, assuming certificates are installed on the local system. (#85)
 * aws crates 0.53 -> 0.57.
 * bitflags 1.3 -> 2.0.
 * cryptographic-message-syntax 0.19 -> 0.25.

diff --git a/apple-codesign/Cargo.toml b/apple-codesign/Cargo.toml
@@ -55,7 +55,7 @@ rand = "0.8.5"
 rasn = "0.11.0"
 rayon = "1.8.0"
 regex = "1.10.2"
-reqwest = { version = "0.11.22", default-features = false, features = ["blocking", "json", "rustls-tls"] }
+reqwest = { version = "0.11.22", default-features = false, features = ["blocking", "json", "rustls-tls-native-roots"] }
 ring = "0.17.5"
 rsa = "0.9.3"
 scroll = "0.11.0"