summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--Cargo.lock1
-rw-r--r--installer-downloader/Cargo.toml1
-rw-r--r--installer-downloader/src/controller.rs5
3 files changed, 6 insertions, 1 deletions
diff --git a/Cargo.lock b/Cargo.lock
index 0df261a8e7..d2eb110f8f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2031,6 +2031,7 @@ dependencies = [
"native-windows-gui",
"objc_id",
"rand 0.8.5",
+ "reqwest",
"serde",
"tokio",
"windows-sys 0.52.0",
diff --git a/installer-downloader/Cargo.toml b/installer-downloader/Cargo.toml
index 7eaed28082..80b7450b7c 100644
--- a/installer-downloader/Cargo.toml
+++ b/installer-downloader/Cargo.toml
@@ -20,6 +20,7 @@ anyhow = { workspace = true }
tokio = { workspace = true, features = ["rt-multi-thread", "fs"] }
async-trait = "0.1"
rand = { version = "0.8.5" }
+reqwest = { version = "0.12.9", default-features = false, features = ["rustls-tls"] }
serde = { workspace = true, features = ["derive"] }
diff --git a/installer-downloader/src/controller.rs b/installer-downloader/src/controller.rs
index dca4879d18..2f8f228d83 100644
--- a/installer-downloader/src/controller.rs
+++ b/installer-downloader/src/controller.rs
@@ -14,6 +14,8 @@ use rand::seq::SliceRandom;
use tokio::sync::{mpsc, oneshot};
+const PINNED_CERTIFICATE: &[u8] = include_bytes!("../../mullvad-api/le_root_cert.pem");
+
/// Actions handled by an async worker task in [handle_action_messages].
enum TaskMessage {
SetVersionInfo(VersionInfo),
@@ -39,9 +41,10 @@ pub fn initialize_controller<T: AppDelegate + 'static>(delegate: &mut T) {
const STAGEMOLE_PUBKEY: &str = include_str!("../../mullvad-update/stagemole-pubkey");
let verifying_key =
mullvad_update::format::key::VerifyingKey::from_hex(STAGEMOLE_PUBKEY).expect("valid key");
+ let cert = reqwest::Certificate::from_pem(PINNED_CERTIFICATE).expect("invalid cert");
let version_provider = HttpVersionInfoProvider {
url: get_metadata_url(),
- pinned_certificate: None,
+ pinned_certificate: Some(cert),
verifying_key,
};