diff options
| -rw-r--r-- | Cargo.lock | 1 | ||||
| -rw-r--r-- | installer-downloader/Cargo.toml | 1 | ||||
| -rw-r--r-- | installer-downloader/src/controller.rs | 5 |
3 files changed, 6 insertions, 1 deletions
diff --git a/Cargo.lock b/Cargo.lock index 0df261a8e7..d2eb110f8f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2031,6 +2031,7 @@ dependencies = [ "native-windows-gui", "objc_id", "rand 0.8.5", + "reqwest", "serde", "tokio", "windows-sys 0.52.0", diff --git a/installer-downloader/Cargo.toml b/installer-downloader/Cargo.toml index 7eaed28082..80b7450b7c 100644 --- a/installer-downloader/Cargo.toml +++ b/installer-downloader/Cargo.toml @@ -20,6 +20,7 @@ anyhow = { workspace = true } tokio = { workspace = true, features = ["rt-multi-thread", "fs"] } async-trait = "0.1" rand = { version = "0.8.5" } +reqwest = { version = "0.12.9", default-features = false, features = ["rustls-tls"] } serde = { workspace = true, features = ["derive"] } diff --git a/installer-downloader/src/controller.rs b/installer-downloader/src/controller.rs index dca4879d18..2f8f228d83 100644 --- a/installer-downloader/src/controller.rs +++ b/installer-downloader/src/controller.rs @@ -14,6 +14,8 @@ use rand::seq::SliceRandom; use tokio::sync::{mpsc, oneshot}; +const PINNED_CERTIFICATE: &[u8] = include_bytes!("../../mullvad-api/le_root_cert.pem"); + /// Actions handled by an async worker task in [handle_action_messages]. enum TaskMessage { SetVersionInfo(VersionInfo), @@ -39,9 +41,10 @@ pub fn initialize_controller<T: AppDelegate + 'static>(delegate: &mut T) { const STAGEMOLE_PUBKEY: &str = include_str!("../../mullvad-update/stagemole-pubkey"); let verifying_key = mullvad_update::format::key::VerifyingKey::from_hex(STAGEMOLE_PUBKEY).expect("valid key"); + let cert = reqwest::Certificate::from_pem(PINNED_CERTIFICATE).expect("invalid cert"); let version_provider = HttpVersionInfoProvider { url: get_metadata_url(), - pinned_certificate: None, + pinned_certificate: Some(cert), verifying_key, }; |
