From bd2bf045cc194aa362f91cf9995a0db6fb96a4f1 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Tue, 1 Feb 2022 10:35:10 +0100
Subject: [PATCH] use native-tls for ureq

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
 Cargo.toml         |  4 ++--
 src/http_client.rs | 27 +++++++++++++++++++++------
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index a699a642..d4e10373 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -13,7 +13,6 @@ exclude = [
 name = "proxmox_openid"
 path = "src/lib.rs"
 
-
 [dependencies]
 anyhow = "1.0"
 http = "0.2"
@@ -22,7 +21,8 @@ openidconnect = { version = "2.2", default-features = false, features = ["accept
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 thiserror="1.0"
-ureq = { version = "2.4", features = ["native-tls", "gzip"] }
+ureq = { version = "2.4", default-features = false, features = ["native-tls", "gzip"] }
+native-tls = "0.2"
 url = "2.1"
 
 proxmox-time = "1"
diff --git a/src/http_client.rs b/src/http_client.rs
index 89a720fb..afaae248 100644
--- a/src/http_client.rs
+++ b/src/http_client.rs
@@ -1,3 +1,5 @@
+use std::sync::Arc;
+
 use http::header::{HeaderMap, HeaderValue, CONTENT_TYPE};
 use http::method::Method;
 use http::status::StatusCode;
@@ -19,26 +21,39 @@ pub enum Error {
     /// Non-ureq HTTP error.
     #[error("HTTP error")]
     Http(#[from] http::Error),
+
     /// IO error
     #[error("IO error")]
     IO(#[from] std::io::Error),
-    /// Other error.
-    #[error("Other error: {}", _0)]
-    Other(String),
+
     /// Error returned by ureq crate.
     // boxed due to https://github.com/algesten/ureq/issues/296
     #[error("ureq request failed")]
     Ureq(#[from] Box<ureq::Error>),
+
+    #[error("TLS error: {0}")]
+    Tls(#[from] native_tls::Error),
+
+    /// Other error.
+    #[error("Other error: {}", _0)]
+    Other(String),
+}
+
+fn ureq_agent() -> Result<ureq::Agent, Error> {
+    Ok(ureq::AgentBuilder::new()
+        .tls_connector(Arc::new(native_tls::TlsConnector::new()?))
+        .build())
 }
 
 ///
 /// Synchronous HTTP client for ureq.
 ///
 pub fn http_client(request: HttpRequest) -> Result<HttpResponse, Error> {
-   let mut req = if let Method::POST = request.method {
-        ureq::post(&request.url.to_string())
+    let agent = ureq_agent()?;
+    let mut req = if let Method::POST = request.method {
+        agent.post(&request.url.to_string())
     } else {
-        ureq::get(&request.url.to_string())
+        agent.get(&request.url.to_string())
     };
 
     for (name, value) in request.headers {