Bump rustls version to 0.22, hyper-rustls to 0.25, tokio-rustls to 0.25 in datadog-trace-utils and ddcommon

ddcommon/Cargo.toml

@@ -24,7 +24,7 @@ hyper = { version = "0.14", features = [
     "tcp",
     "stream",
 ], default-features = false }
-hyper-rustls = { version = "0.23", default-features = false, features = [
+hyper-rustls = { version = "0.25", default-features = false, features = [
     "native-tokio",
     "http1",
     "tls12",
@@ -33,10 +33,10 @@ lazy_static = "1.4"
 log = { version = "0.4" }
 pin-project = "1"
 regex = "1.5"
-rustls = { version = "0.20.4", default-features = false }
+rustls = { version = "0.22", default-features = false }
 rustls-native-certs = { version = "0.6" }
 tokio = { version = "1.23", features = ["rt", "macros"] }
-tokio-rustls = { version = "0.23" }
+tokio-rustls = { version = "0.25" }
 serde = { version = "1.0", features = ["derive"] }
 static_assertions = "1.1.0"
 

ddcommon/src/connector/mod.rs

@@ -4,6 +4,7 @@
 use futures::future::BoxFuture;
 use futures::{future, FutureExt};
 use hyper::client::HttpConnector;
+use rustls::pki_types::CertificateDer;
 
 use lazy_static::lazy_static;
 use rustls::ClientConfig;
@@ -72,7 +73,6 @@ fn build_https_connector(
 ) -> anyhow::Result<hyper_rustls::HttpsConnector<hyper::client::HttpConnector>> {
     let certs = load_root_certs()?;
     let client_config = ClientConfig::builder()
-        .with_safe_defaults()
         .with_root_certificates(certs)
         .with_no_client_auth();
     Ok(hyper_rustls::HttpsConnectorBuilder::new()
@@ -86,10 +86,10 @@ fn load_root_certs() -> anyhow::Result<rustls::RootCertStore> {
     let mut roots = rustls::RootCertStore::empty();
 
     for cert in rustls_native_certs::load_native_certs()? {
-        let cert = rustls::Certificate(cert.0);
+        let cert = CertificateDer::from(cert.0);
 
         //TODO: log when invalid cert is loaded
-        roots.add(&cert).ok();
+        roots.add(cert).ok();
     }
     if roots.is_empty() {
         return Err(errors::Error::NoValidCertifacteRootsFound.into());

trace-utils/Cargo.toml

@@ -9,7 +9,7 @@ license.workspace = true
 [dependencies]
 anyhow = "1.0"
 hyper = { version = "0.14", features = ["client", "server"] }
-hyper-rustls = {version = "0.23", default-features = false, features = ["native-tokio", "http1", "tls12"]}
+hyper-rustls = {version = "0.25", default-features = false, features = ["native-tokio", "http1", "tls12", "ring", "rustls-native-certs"]}
 serde = { version = "1.0.145", features = ["derive"] }
 prost = "0.11.6"
 rmp-serde = "1.1.1"

trace-utils/src/stats_utils.rs

@@ -62,7 +62,7 @@ pub async fn send_stats_payload(
         .body(Body::from(data.clone()))?;
 
     let https = HttpsConnectorBuilder::new()
-        .with_native_roots()
+        .with_native_roots()?
         .https_only()
         .enable_http1()
         .build();