summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--mullvad-update/meta/src/platform.rs10
1 files changed, 8 insertions, 2 deletions
diff --git a/mullvad-update/meta/src/platform.rs b/mullvad-update/meta/src/platform.rs
index 8f8bb45cb9..a781362d76 100644
--- a/mullvad-update/meta/src/platform.rs
+++ b/mullvad-update/meta/src/platform.rs
@@ -10,6 +10,7 @@ use std::{
fmt,
path::{Path, PathBuf},
str::FromStr,
+ sync::LazyLock,
};
use tokio::{fs, io};
use vec1::vec1;
@@ -23,6 +24,12 @@ use crate::{
/// Actual JSON files should be stored at `<base url>/<platform>.json`.
const META_REPOSITORY_URL: &str = "https://releases.stagemole.eu/desktop/metadata/";
+/// TLS certificate to pin to for `meta pull`.
+static PINNED_CERTIFICATE: LazyLock<reqwest::Certificate> = LazyLock::new(|| {
+ const CERT_BYTES: &[u8] = include_bytes!("../../../mullvad-api/le_root_cert.pem");
+ reqwest::Certificate::from_pem(CERT_BYTES).expect("invalid cert")
+});
+
#[derive(Clone, Copy)]
pub enum Platform {
Windows,
@@ -126,8 +133,7 @@ impl Platform {
key::VerifyingKey::from_hex(crate::VERIFYING_PUBKEY).expect("Invalid pubkey");
let version_provider = HttpVersionInfoProvider {
- // TODO: pin
- pinned_certificate: None,
+ pinned_certificate: Some(PINNED_CERTIFICATE.clone()),
url,
verifying_keys: vec1![verifying_key],
};
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.