deps: switch to rustls webpki v0.101.0.

The original webpki crate is under-maintained. The Rustls project has forked it and invested in maintenance and new features, including CRL support. This commit switches rcgen to use the latest version of the rustls/webpki fork instead of the original upstream webpki project. One small breaking change in the end entity name validation API is fixed in the existing rcgen webpki tests in order to make this switch build/test cleanly.
rustls · Jul 5, 2023 · 1e149e8 · 1e149e8
1 parent dde0e47
commit 1e149e8
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 14 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -36,7 +36,7 @@ features = ["x509-parser"]
 [dev-dependencies]
 openssl = "0.10"
 x509-parser = { version = "0.15", features = ["verify"] }
-webpki = { version = "0.22", features = ["std"] }
+rustls-webpki = { version = "0.101.0", features = ["std"] }
 rand = "0.8"
 rsa = "0.9"
 

diff --git a/tests/webpki.rs b/tests/webpki.rs
@@ -65,8 +65,8 @@ fn check_cert_ca<'a, 'b>(cert_der :&[u8], cert :&'a Certificate, ca_der :&[u8],
 
 	// (2/3) Check that the cert is valid for the given DNS name
 	let dns_name = DnsNameRef::try_from_ascii_str("crabs.crabs").unwrap();
-	end_entity_cert.verify_is_valid_for_dns_name(
-		dns_name,
+	end_entity_cert.verify_is_valid_for_subject_name(
+		webpki::SubjectNameRef::from(dns_name)
 	).expect("valid for DNS name");
 
 	// (3/3) Check that a message signed by the cert is valid.