From 971eb0e5e836cdeaaefc25b2bab4c6a6a9f8e213 Mon Sep 17 00:00:00 2001
From: Matt Mastracci <matthew@mastracci.com>
Date: Tue, 16 Jan 2024 13:51:54 -0700
Subject: [PATCH] chore: bump rustls-tokio-stream and rustls (#21955)

---
 Cargo.lock                          |  4 ++--
 Cargo.toml                          |  4 ++--
 cli/tests/integration/cert_tests.rs | 15 +++++++++++----
 ext/net/ops_tls.rs                  |  7 +++----
 ext/websocket/lib.rs                | 11 +++++++----
 5 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 85ba214b9b..5acc29dda8 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4999,9 +4999,9 @@ dependencies = [
 
 [[package]]
 name = "rustls-tokio-stream"
-version = "0.2.17"
+version = "0.2.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ded7a36e8ac05b8ada77a84c5ceec95361942ee9dedb60a82f93f788a791aae8"
+checksum = "c9f0b619386efa23ba0955910896567698dc802cab625ea97a69e7340f986e6f"
 dependencies = [
  "futures",
  "rustls",
diff --git a/Cargo.toml b/Cargo.toml
index 36345b656f..0a5f6dcfc6 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -134,9 +134,9 @@ lazy-regex = "3"
 reqwest = { version = "=0.11.20", default-features = false, features = ["rustls-tls", "stream", "gzip", "brotli", "socks", "json"] } # pinned because of https://github.com/seanmonstar/reqwest/pull/1955
 ring = "^0.17.0"
 rusqlite = { version = "=0.29.0", features = ["unlock_notify", "bundled"] }
-rustls = "0.21.8"
+rustls = "0.21.10"
 rustls-pemfile = "1.0.0"
-rustls-tokio-stream = "=0.2.17"
+rustls-tokio-stream = "=0.2.20"
 rustls-webpki = "0.101.4"
 rustyline = "=13.0.0"
 webpki-roots = "0.25.2"
diff --git a/cli/tests/integration/cert_tests.rs b/cli/tests/integration/cert_tests.rs
index 484d053f81..6612a2fefe 100644
--- a/cli/tests/integration/cert_tests.rs
+++ b/cli/tests/integration/cert_tests.rs
@@ -2,6 +2,7 @@
 
 use deno_runtime::deno_net::ops_tls::TlsStream;
 use deno_runtime::deno_tls::rustls;
+use deno_runtime::deno_tls::rustls::ClientConnection;
 use deno_runtime::deno_tls::rustls_pemfile;
 use lsp_types::Url;
 use std::io::BufReader;
@@ -240,8 +241,11 @@ async fn listen_tls_alpn() {
   let tcp_stream = tokio::net::TcpStream::connect("localhost:4504")
     .await
     .unwrap();
-  let mut tls_stream =
-    TlsStream::new_client_side(tcp_stream, cfg, hostname, None);
+  let mut tls_stream = TlsStream::new_client_side(
+    tcp_stream,
+    ClientConnection::new(cfg, hostname).unwrap(),
+    None,
+  );
 
   let handshake = tls_stream.handshake().await.unwrap();
 
@@ -289,8 +293,11 @@ async fn listen_tls_alpn_fail() {
   let tcp_stream = tokio::net::TcpStream::connect("localhost:4505")
     .await
     .unwrap();
-  let mut tls_stream =
-    TlsStream::new_client_side(tcp_stream, cfg, hostname, None);
+  let mut tls_stream = TlsStream::new_client_side(
+    tcp_stream,
+    ClientConnection::new(cfg, hostname).unwrap(),
+    None,
+  );
 
   tls_stream.handshake().await.unwrap_err();
 
diff --git a/ext/net/ops_tls.rs b/ext/net/ops_tls.rs
index d16bface4c..255c6ddbd6 100644
--- a/ext/net/ops_tls.rs
+++ b/ext/net/ops_tls.rs
@@ -27,6 +27,7 @@ use deno_tls::create_client_config;
 use deno_tls::load_certs;
 use deno_tls::load_private_keys;
 use deno_tls::rustls::Certificate;
+use deno_tls::rustls::ClientConnection;
 use deno_tls::rustls::PrivateKey;
 use deno_tls::rustls::ServerConfig;
 use deno_tls::rustls::ServerName;
@@ -230,8 +231,7 @@ where
   let tls_config = Arc::new(tls_config);
   let tls_stream = TlsStream::new_client_side(
     tcp_stream,
-    tls_config,
-    hostname_dns,
+    ClientConnection::new(tls_config, hostname_dns).unwrap(),
     TLS_BUFFER_SIZE,
   );
 
@@ -327,8 +327,7 @@ where
 
   let tls_stream = TlsStream::new_client_side(
     tcp_stream,
-    tls_config,
-    hostname_dns,
+    ClientConnection::new(tls_config, hostname_dns).unwrap(),
     TLS_BUFFER_SIZE,
   );
 
diff --git a/ext/websocket/lib.rs b/ext/websocket/lib.rs
index 4b544b4f89..60b0911b18 100644
--- a/ext/websocket/lib.rs
+++ b/ext/websocket/lib.rs
@@ -23,6 +23,7 @@ use deno_core::ToJsBuffer;
 use deno_net::raw::NetworkStream;
 use deno_tls::create_client_config;
 use deno_tls::rustls::ClientConfig;
+use deno_tls::rustls::ClientConnection;
 use deno_tls::RootCertStoreProvider;
 use deno_tls::SocketUse;
 use http::header::CONNECTION;
@@ -236,8 +237,7 @@ async fn handshake_http1_wss(
     ServerName::try_from(domain).map_err(|_| invalid_hostname(domain))?;
   let mut tls_connector = TlsStream::new_client_side(
     tcp_socket,
-    tls_config.into(),
-    dnsname,
+    ClientConnection::new(tls_config.into(), dnsname).unwrap(),
     NonZeroUsize::new(65536),
   );
   // If we can bail on an http/1.1 ALPN mismatch here, we can avoid doing extra work
@@ -261,8 +261,11 @@ async fn handshake_http2_wss(
   let dnsname =
     ServerName::try_from(domain).map_err(|_| invalid_hostname(domain))?;
   // We need to better expose the underlying errors here
-  let mut tls_connector =
-    TlsStream::new_client_side(tcp_socket, tls_config.into(), dnsname, None);
+  let mut tls_connector = TlsStream::new_client_side(
+    tcp_socket,
+    ClientConnection::new(tls_config.into(), dnsname).unwrap(),
+    None,
+  );
   let handshake = tls_connector.handshake().await?;
   if handshake.alpn.is_none() {
     bail!("Didn't receive h2 alpn, aborting connection");