Use rustls-platform-verifier for cert validation

This simplifies by removing the mutually exclusive `native-roots` and `webpki-roots` features with something that is suitable for all platforms.
2025-08-07 17:03:01 +03:00 · 2024-03-06 11:23:42 +01:00
parent 58d91f91d2
commit 6eb6209bd8
25 changed files with 173 additions and 258 deletions
--- a/crates/cli/src/commands/debug.rs
+++ b/crates/cli/src/commands/debug.rs
@@ -67,7 +67,7 @@ impl Options {
    #[tracing::instrument(skip_all)]
    pub async fn run(self, root: &super::Options) -> anyhow::Result<()> {
        use Subcommand as SC;
-        let http_client_factory = HttpClientFactory::new().await?;
+        let http_client_factory = HttpClientFactory::new();
        match self.subcommand {
            SC::Http {
                show_headers,
--- a/crates/cli/src/commands/doctor.rs
+++ b/crates/cli/src/commands/doctor.rs
@@ -41,7 +41,7 @@ impl Options {
        let config: RootConfig = root.load_config()?;

        // We'll need an HTTP client
-        let http_client_factory = HttpClientFactory::new().await?;
+        let http_client_factory = HttpClientFactory::new();
        let base_url = config.http.public_base.as_str();
        let issuer = config.http.issuer.as_ref().map(url::Url::as_str);
        let issuer = issuer.unwrap_or(base_url);
--- a/crates/cli/src/commands/server.rs
+++ b/crates/cli/src/commands/server.rs
@@ -146,7 +146,7 @@ impl Options {
        )
        .await?;

-        let http_client_factory = HttpClientFactory::new().await?;
+        let http_client_factory = HttpClientFactory::new();

        let homeserver_connection = SynapseConnection::new(
            config.matrix.homeserver.clone(),
--- a/crates/cli/src/commands/worker.rs
+++ b/crates/cli/src/commands/worker.rs
@@ -55,7 +55,7 @@ impl Options {
        let mailer = mailer_from_config(&config.email, &templates)?;
        mailer.test_connection().await?;

-        let http_client_factory = HttpClientFactory::new().await?;
+        let http_client_factory = HttpClientFactory::new();
        let conn = SynapseConnection::new(
            config.matrix.homeserver.clone(),
            config.matrix.endpoint.clone(),
--- a/crates/cli/src/main.rs
+++ b/crates/cli/src/main.rs
@@ -77,7 +77,7 @@ async fn try_main() -> anyhow::Result<()> {
        telemetry_config.sentry.dsn.as_deref(),
        sentry::ClientOptions {
            transport: Some(Arc::new(HyperTransportFactory::new(
-                mas_http::make_untraced_client().await?,
+                mas_http::make_untraced_client(),
            ))),
            traces_sample_rate: 1.0,
            auto_session_tracking: true,
@@ -99,9 +99,7 @@ async fn try_main() -> anyhow::Result<()> {
    });

    // Setup OpenTelemetry tracing and metrics
-    let tracer = telemetry::setup(&telemetry_config)
-        .await
-        .context("failed to setup OpenTelemetry")?;
+    let tracer = telemetry::setup(&telemetry_config).context("failed to setup OpenTelemetry")?;

    let telemetry_layer = tracer.map(|tracer| {
        tracing_opentelemetry::layer()
--- a/crates/cli/src/telemetry.rs
+++ b/crates/cli/src/telemetry.rs
@@ -43,7 +43,7 @@ use url::Url;
 static METER_PROVIDER: OnceCell<MeterProvider> = OnceCell::const_new();
 static PROMETHEUS_REGISTRY: OnceCell<Registry> = OnceCell::const_new();

-pub async fn setup(config: &TelemetryConfig) -> anyhow::Result<Option<Tracer>> {
+pub fn setup(config: &TelemetryConfig) -> anyhow::Result<Option<Tracer>> {
    global::set_error_handler(|e| tracing::error!("{}", e))?;
    let propagator = propagator(&config.tracing.propagators);

@@ -52,9 +52,7 @@ pub async fn setup(config: &TelemetryConfig) -> anyhow::Result<Option<Tracer>> {
    mas_http::set_propagator(&propagator);
    global::set_text_map_propagator(propagator);

-    let tracer = tracer(&config.tracing.exporter)
-        .await
-        .context("Failed to configure traces exporter")?;
+    let tracer = tracer(&config.tracing.exporter).context("Failed to configure traces exporter")?;

    init_meter(&config.metrics.exporter).context("Failed to configure metrics exporter")?;

@@ -86,13 +84,9 @@ fn propagator(propagators: &[Propagator]) -> impl TextMapPropagator {
    TextMapCompositePropagator::new(propagators)
 }

-async fn http_client() -> anyhow::Result<impl opentelemetry_http::HttpClient + 'static> {
-    let client = mas_http::make_untraced_client()
-        .await
-        .context("Failed to build HTTP client used by telemetry exporter")?;
-    let client =
-        opentelemetry_http::hyper::HyperClient::new_with_timeout(client, Duration::from_secs(30));
-    Ok(client)
+fn http_client() -> impl opentelemetry_http::HttpClient + 'static {
+    let client = mas_http::make_untraced_client();
+    opentelemetry_http::hyper::HyperClient::new_with_timeout(client, Duration::from_secs(30))
 }

 fn stdout_tracer_provider() -> TracerProvider {
@@ -133,12 +127,12 @@ fn jaeger_agent_tracer_provider(host: &str, port: u16) -> anyhow::Result<TracerP
    Ok(tracer_provider)
 }

-async fn jaeger_collector_tracer_provider(
+fn jaeger_collector_tracer_provider(
    endpoint: &str,
    username: Option<&str>,
    password: Option<&str>,
 ) -> anyhow::Result<TracerProvider> {
-    let http_client = http_client().await?;
+    let http_client = http_client();
    let mut pipeline = opentelemetry_jaeger::new_collector_pipeline()
        .with_service_name(env!("CARGO_PKG_NAME"))
        .with_trace_config(trace_config())
@@ -160,8 +154,8 @@ async fn jaeger_collector_tracer_provider(
    Ok(tracer_provider)
 }

-async fn zipkin_tracer(collector_endpoint: &Option<Url>) -> anyhow::Result<Tracer> {
-    let http_client = http_client().await?;
+fn zipkin_tracer(collector_endpoint: &Option<Url>) -> anyhow::Result<Tracer> {
+    let http_client = http_client();

    let mut pipeline = opentelemetry_zipkin::new_pipeline()
        .with_http_client(http_client)
@@ -179,7 +173,7 @@ async fn zipkin_tracer(collector_endpoint: &Option<Url>) -> anyhow::Result<Trace
    Ok(tracer)
 }

-async fn tracer(config: &TracingExporterConfig) -> anyhow::Result<Option<Tracer>> {
+fn tracer(config: &TracingExporterConfig) -> anyhow::Result<Option<Tracer>> {
    let tracer_provider = match config {
        TracingExporterConfig::None => return Ok(None),
        TracingExporterConfig::Stdout => stdout_tracer_provider(),
@@ -195,13 +189,10 @@ async fn tracer(config: &TracingExporterConfig) -> anyhow::Result<Option<Tracer>
            endpoint,
            username,
            password,
-        }) => {
-            jaeger_collector_tracer_provider(endpoint, username.as_deref(), password.as_deref())
-                .await?
-        }
+        }) => jaeger_collector_tracer_provider(endpoint, username.as_deref(), password.as_deref())?,
        TracingExporterConfig::Zipkin { collector_endpoint } => {
            // The Zipkin exporter already creates a tracer and installs it
-            return Ok(Some(zipkin_tracer(collector_endpoint).await?));
+            return Ok(Some(zipkin_tracer(collector_endpoint)?));
        }
    };