As otherwise a valid cert from Let's Encrypt got rejected as insecure
TLS.
It might be better to switch to proxmox-http sync client here, which
is ureq but better maintained code and less duplication.
Signed-off-by: Thomas Lamprecht <t.lampre...@proxmox.com>
---
proxmox-openid/src/http_client.rs | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/proxmox-openid/src/http_client.rs
b/proxmox-openid/src/http_client.rs
index 7d383d5d..904a5bac 100755
--- a/proxmox-openid/src/http_client.rs
+++ b/proxmox-openid/src/http_client.rs
@@ -37,7 +37,12 @@ pub enum Error {
}
fn ureq_agent() -> Result<ureq::Agent, Error> {
- let mut config = ureq::Agent::config_builder();
+ let mut config = ureq::Agent::config_builder().tls_config(
+ ureq::tls::TlsConfig::builder()
+ .provider(ureq::tls::TlsProvider::NativeTls)
+ .root_certs(ureq::tls::RootCerts::PlatformVerifier)
+ .build(),
+ );
if let Ok(val) = env::var("all_proxy").or_else(|_| env::var("ALL_PROXY")) {
let proxy = ureq::Proxy::new(&val).map_err(Box::new)?;
config = config.proxy(Some(proxy));
--
2.47.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
