Merge pull request #441 from sigstore/dependabot/cargo/rustls-webpki-…

…0.103 build(deps): update rustls-webpki requirement from 0.102 to 0.103
sigstore · Feb 26, 2025 · c4c7adf · c4c7adf
2 parents 8639a22 + 5dd4d99
commit c4c7adf
Show file tree

Hide file tree

Showing 10 changed files with 13 additions and 13 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -155,6 +155,7 @@ pkcs8 = { version = "0.10", default-features = false, features = [
     "pkcs5",
     "std",
 ] }
+pki-types = { package = "rustls-pki-types", version = "1.11", default-features = false }
 rand = { version = "0.8", default-features = false, features = [
     "getrandom",
     "std",
@@ -166,7 +167,8 @@ reqwest = { version = "0.12", default-features = false, features = [
 ], optional = true }
 ring = { version = "0.17", default-features = false, optional = true }
 rsa = { version = "0.9", default-features = false, features = ["std"] }
-rustls-webpki = { version = "0.102", default-features = false, features = [
+rustls-webpki = { version = "0.103", default-features = false, features = [
+    "ring",
     "std",
 ] }
 scrypt = { version = "0.11", default-features = false, features = [

diff --git a/src/bundle/verify/verifier.rs b/src/bundle/verify/verifier.rs
@@ -16,10 +16,10 @@
 
 use std::io::{self, Read};
 
+use pki_types::{CertificateDer, UnixTime};
 use sha2::{Digest, Sha256};
 use tokio::io::{AsyncRead, AsyncReadExt};
 use tracing::debug;
-use webpki::types::{CertificateDer, UnixTime};
 use x509_cert::der::Encode;
 
 use crate::{

diff --git a/src/cosign/client_builder.rs b/src/cosign/client_builder.rs
@@ -13,8 +13,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use pki_types::CertificateDer;
 use tracing::info;
-use webpki::types::CertificateDer;
 
 use super::client::Client;
 use crate::crypto::SigningScheme;

diff --git a/src/cosign/mod.rs b/src/cosign/mod.rs
@@ -281,8 +281,8 @@ where
 
 #[cfg(test)]
 mod tests {
+    use pki_types::CertificateDer;
     use serde_json::json;
-    use webpki::types::CertificateDer;
 
     use super::constraint::{AnnotationMarker, PrivateKeySigner};
     use super::verification_constraint::cert_subject_email_verifier::StringVerifier;

diff --git a/src/cosign/signature_layers.rs b/src/cosign/signature_layers.rs
@@ -435,7 +435,7 @@ impl CertificateSignature {
         // ensure the certificate has been issued by Fulcio
         fulcio_cert_pool.verify_pem_cert(
             cert_pem,
-            Some(webpki::types::UnixTime::since_unix_epoch(
+            Some(pki_types::UnixTime::since_unix_epoch(
                 cert.tbs_certificate.validity.not_before.to_unix_duration(),
             )),
         )?;

diff --git a/src/cosign/verification_constraint/certificate_verifier.rs b/src/cosign/verification_constraint/certificate_verifier.rs
@@ -1,7 +1,7 @@
 use chrono::{DateTime, Utc};
 use pkcs8::der::Decode;
+use pki_types::CertificateDer;
 use tracing::warn;
-use webpki::types::CertificateDer;
 use x509_cert::Certificate;
 
 use super::VerificationConstraint;

diff --git a/src/crypto/certificate_pool.rs b/src/crypto/certificate_pool.rs
@@ -14,10 +14,8 @@
 // limitations under the License.
 
 use const_oid::db::rfc5280::ID_KP_CODE_SIGNING;
-use webpki::{
-    types::{CertificateDer, TrustAnchor, UnixTime},
-    EndEntityCert, KeyUsage, VerifiedPath,
-};
+use pki_types::{CertificateDer, TrustAnchor, UnixTime};
+use webpki::{EndEntityCert, KeyUsage, VerifiedPath};
 
 use crate::errors::{Result as SigstoreResult, SigstoreError};
 

diff --git a/src/registry/config.rs b/src/registry/config.rs
@@ -15,9 +15,9 @@
 
 //! Set of structs and enums used to define how to interact with OCI registries
 
+use pki_types::CertificateDer;
 use serde::Serialize;
 use std::cmp::Ordering;
-use webpki::types::CertificateDer;
 
 use crate::errors;
 

diff --git a/src/trust/mod.rs b/src/trust/mod.rs
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use webpki::types::CertificateDer;
+use pki_types::CertificateDer;
 
 #[cfg_attr(docsrs, doc(cfg(feature = "sigstore-trust-root")))]
 #[cfg(feature = "sigstore-trust-root")]

diff --git a/src/trust/sigstore/mod.rs b/src/trust/sigstore/mod.rs
@@ -25,13 +25,13 @@ use sha2::{Digest, Sha256};
 use std::path::Path;
 use tokio_util::bytes::BytesMut;
 
+use pki_types::CertificateDer;
 use sigstore_protobuf_specs::dev::sigstore::{
     common::v1::TimeRange,
     trustroot::v1::{CertificateAuthority, TransparencyLogInstance, TrustedRoot},
 };
 use tough::TargetName;
 use tracing::debug;
-use webpki::types::CertificateDer;
 
 mod constants;