Cache openssl cert lookup and don't bail on error

sfackler · sfackler · commit 00fc1f7db561 · 2025-02-19T09:43:20.000-05:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -20,7 +20,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: sfackler/actions/rustup@master
       - uses: sfackler/actions/rustfmt@master
-  
+
   windows:
     strategy:
       fail-fast: false
@@ -35,7 +35,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: sfackler/actions/rustup@master
         with:
-          version: 1.65.0
+          version: 1.80.0
       - run: echo "::set-output name=version::$(rustc --version)"
         id: rust-version
       - uses: actions/cache@v1
diff --git a/build.rs b/build.rs
@@ -17,4 +17,6 @@ fn main() {
             println!("cargo:rustc-cfg=have_min_max_version");
         }
     }
+
+    println!("cargo::rustc-check-cfg=cfg(have_min_max_version)")
 }
diff --git a/src/imp/openssl.rs b/src/imp/openssl.rs
@@ -11,12 +11,16 @@ use self::openssl::ssl::{
     SslVerifyMode,
 };
 use self::openssl::x509::{store::X509StoreBuilder, X509VerifyResult, X509};
+use self::openssl_probe::ProbeResult;
 use std::error;
 use std::fmt;
 use std::io;
+use std::sync::LazyLock;
 
 use {Protocol, TlsAcceptorBuilder, TlsConnectorBuilder};
 
+static PROBE_RESULT: LazyLock<ProbeResult> = LazyLock::new(openssl_probe::probe);
+
 #[cfg(have_min_max_version)]
 fn supported_protocols(
     min: Option<Protocol>,
@@ -268,8 +272,17 @@ impl TlsConnector {
     pub fn new(builder: &TlsConnectorBuilder) -> Result<TlsConnector, Error> {
         let mut connector = SslConnector::builder(SslMethod::tls())?;
 
-        let probe = openssl_probe::probe();
-        connector.load_verify_locations(probe.cert_file.as_deref(), probe.cert_dir.as_deref())?;
+        // We need to load these separately so an error on one doesn't prevent the other from loading.
+        if let Some(cert_file) = &PROBE_RESULT.cert_file {
+            if let Err(e) = connector.load_verify_locations(Some(cert_file), None) {
+                debug!("load_verify_locations cert file error: {:?}", e);
+            }
+        }
+        if let Some(cert_dir) = &PROBE_RESULT.cert_dir {
+            if let Err(e) = connector.load_verify_locations(None, Some(cert_dir)) {
+                debug!("load_verify_locations cert dir error: {:?}", e);
+            }
+        }
 
         if let Some(ref identity) = builder.identity {
             connector.set_certificate(&identity.0.cert)?;

Original file line number	Diff line number	Diff line change
`@@ -17,4 +17,6 @@ fn main() {`
`17`	`17`	`println!("cargo:rustc-cfg=have_min_max_version");`
`18`	`18`	`}`
`19`	`19`	`}`
	`20`	`+`
	`21`	`+ println!("cargo::rustc-check-cfg=cfg(have_min_max_version)")`
`20`	`22`	`}`