[pve-devel] applied: [PATCH 1/2] openid connect: http client: use TlS platform verifier
Thomas Lamprecht
t.lamprecht at proxmox.com
Mon Jul 21 18:52:32 CEST 2025
As otherwise a valid cert from Let's Encrypt got rejected as insecure
TLS.
It might be better to switch to proxmox-http sync client here, which
is ureq but better maintained code and less duplication.
Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
proxmox-openid/src/http_client.rs | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/proxmox-openid/src/http_client.rs b/proxmox-openid/src/http_client.rs
index 7d383d5d..904a5bac 100755
--- a/proxmox-openid/src/http_client.rs
+++ b/proxmox-openid/src/http_client.rs
@@ -37,7 +37,12 @@ pub enum Error {
}
fn ureq_agent() -> Result<ureq::Agent, Error> {
- let mut config = ureq::Agent::config_builder();
+ let mut config = ureq::Agent::config_builder().tls_config(
+ ureq::tls::TlsConfig::builder()
+ .provider(ureq::tls::TlsProvider::NativeTls)
+ .root_certs(ureq::tls::RootCerts::PlatformVerifier)
+ .build(),
+ );
if let Ok(val) = env::var("all_proxy").or_else(|_| env::var("ALL_PROXY")) {
let proxy = ureq::Proxy::new(&val).map_err(Box::new)?;
config = config.proxy(Some(proxy));
--
2.47.2
More information about the pve-devel
mailing list