Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,7 @@ time = "0.3.36"
timed-map = { version = "1.5", features = ["rustc-hash", "serde", "wasm"] }
tokio = { version = "1.47", default-features = false }
tokio-rustls = { version = "0.24", default-features = false }
tokio-tungstenite-wasm = { git = "https://github.com/KomodoPlatform/tokio-tungstenite-wasm", rev = "8fc7e2f", default-features = false, features = ["rustls-tls-native-roots"]}
tokio-tungstenite-wasm = { git = "https://github.com/KomodoPlatform/tokio-tungstenite-wasm", rev = "8fc7e2f", default-features = false }
tonic = { version = "0.10", default-features = false }
tonic-build = { version = "0.10", default-features = false, features = ["prost"] }
tower-service = "0.3"
Expand Down
14 changes: 12 additions & 2 deletions mm2src/coins/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,6 @@ sha3.workspace = true
utxo_signer = { path = "utxo_signer" }
# using the same version as cosmrs
tendermint-rpc.workspace = true
tokio-tungstenite-wasm = { workspace = true, features = ["rustls-tls-native-roots"]}
url.workspace = true
uuid.workspace = true
# One of web3 dependencies is the old `tokio-uds 0.1.7` which fails cross-compiling to ARM.
Expand Down Expand Up @@ -176,13 +175,24 @@ timed-map = { workspace = true, features = ["rustc-hash"] }
tokio.workspace = true
tokio-rustls.workspace = true
tonic = { workspace = true, features = ["codegen", "prost", "gzip", "tls", "tls-webpki-roots"] }
webpki-roots.workspace = true
zcash_client_sqlite.workspace = true
zcash_proofs = { workspace = true, features = ["local-prover", "multicore"] }

[target.'cfg(all(not(target_arch = "wasm32"), not(target_os = "ios")))'.dependencies]
webpki-roots.workspace = true

[target.'cfg(windows)'.dependencies]
winapi.workspace = true

# iOS-specific dependencies to fix certificate validation issues with Let's Encrypt ECDSA certificates
[target.'cfg(target_os = "ios")'.dependencies]
Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since we re adding this as a iOS specific override this means both are active since rustls-tls-native-roots is enabled by the gen dependency. so if we want to differentiate platform wise we d need "per target" sections for diff. between native and webpki.

alternatively (how i tested in a local fix): we just update it to webpki globally cc @onur-ozkan whats preferred / more solid from?

Copy link
Copy Markdown

@onur-ozkan onur-ozkan Oct 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we must use webpki for IOS, I suggest doing it for IOS only and keep native roots for others (as we have no issues with it, at least so far?). Relying on OS roots are better than relying on the roots that are bundled with the dependency which will not be updated for a quite long time (we don't update our deps very often).

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks - will update this PR accordingly to handle it platform-specific shortly and keep the native everywhere else as there weren't any issues with it (yet)

tokio-tungstenite-wasm = { workspace = true, features = ["rustls-tls-webpki-roots"] }
webpki-roots = "0.26"

# Non-iOS platforms use native certificate roots
[target.'cfg(not(target_os = "ios"))'.dependencies]
tokio-tungstenite-wasm = { workspace = true, features = ["rustls-tls-native-roots"] }

[dev-dependencies]
mm2_test_helpers = { path = "../mm2_test_helpers" }
mocktopus.workspace = true
Expand Down
10 changes: 10 additions & 0 deletions mm2src/coins/utxo/rpc_clients/electrum_rpc/tcp_stream.rs
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,16 @@ impl rustls::client::ServerCertVerifier for NoCertificateVerification {
fn rustls_client_config(unsafe_conf: bool) -> Arc<ClientConfig> {
let mut cert_store = RootCertStore::empty();

#[cfg(target_os = "ios")]
cert_store.add_trust_anchors(TLS_SERVER_ROOTS.iter().map(|ta| {
OwnedTrustAnchor::from_subject_spki_name_constraints(
ta.subject.to_vec(),
ta.subject_public_key_info.to_vec(),
ta.name_constraints.as_ref().map(|nc| nc.to_vec()),
)
}));

#[cfg(not(target_os = "ios"))]
cert_store.add_trust_anchors(
TLS_SERVER_ROOTS
.iter()
Expand Down
Loading