Add OpenSSL related crates to deny.toml ban section

We use Rustls for TLS. We don't want to accidentally pull in OpenSSL for anything. Both because it would bloat the binaries, and because we would then potentially be vulnerable to OpenSSL CVEs. Which is something we don't monitor since we are not actively using it
author: Linus Färnstrand <linus@mullvad.net> 2022-07-01 10:13:10 +0200
committer: Linus Färnstrand <linus@mullvad.net> 2022-07-01 11:45:22 +0200
commit: ab94bbc953034b85bc97212ca485669f79400de7 (patch)
tree: b05bf141348c33765e28253af4be7f7187afb773
parent: 7b2ab60c4ee6e633dc7a4ffb26b0b820b6ac04da (diff)
download: mullvadvpn-ab94bbc953034b85bc97212ca485669f79400de7.tar.xz
mullvadvpn-ab94bbc953034b85bc97212ca485669f79400de7.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/deny.toml b/deny.toml
index ba4115822b..a75bd5ceab 100644
--- a/deny.toml
+++ b/deny.toml
@@ -76,7 +76,13 @@ wildcards = "warn"
 highlight = "all"
 
 allow = []
-deny = []
+deny = [
+    # We are using Rustls for TLS. We don't want to accidentally pull in
+    # anything OpenSSL related
+    { name = "openssl-sys" },
+    { name = "openssl-src" },
+    { name = "openssl-probe" },
+]
 skip = []
 skip-tree = []
author	Linus Färnstrand <linus@mullvad.net>	2022-07-01 10:13:10 +0200
committer	Linus Färnstrand <linus@mullvad.net>	2022-07-01 11:45:22 +0200
commit	ab94bbc953034b85bc97212ca485669f79400de7 (patch)
tree	b05bf141348c33765e28253af4be7f7187afb773
parent	7b2ab60c4ee6e633dc7a4ffb26b0b820b6ac04da (diff)
download	mullvadvpn-ab94bbc953034b85bc97212ca485669f79400de7.tar.xz mullvadvpn-ab94bbc953034b85bc97212ca485669f79400de7.zip