From 14272a1762680aec65b59ac084819e4bd0d4e4a6 Mon Sep 17 00:00:00 2001
From: Rob Ede <robjtede@icloud.com>
Date: Tue, 29 Aug 2023 18:45:11 +0100
Subject: [PATCH] chore: force secure rustls-webpki

---
 actix-tls/CHANGES.md | 2 +-
 actix-tls/Cargo.toml | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/actix-tls/CHANGES.md b/actix-tls/CHANGES.md
index 317284dc..295d150b 100644
--- a/actix-tls/CHANGES.md
+++ b/actix-tls/CHANGES.md
@@ -4,7 +4,7 @@
 
 ## 3.1.1
 
-- Fix minimum `rustls` v0.21 version requirement.
+- Fix `rustls` v0.21 version requirement.
 
 ## 3.1.0
 
diff --git a/actix-tls/Cargo.toml b/actix-tls/Cargo.toml
index a228ab30..e023c984 100755
--- a/actix-tls/Cargo.toml
+++ b/actix-tls/Cargo.toml
@@ -20,6 +20,7 @@ rustdoc-args = ["--cfg", "docsrs"]
 [package.metadata.cargo-machete]
 ignored = [
     "rustls_021", # specified to force version with add_trust_anchors method
+    "rustls_webpki_0101", # specified to force secure version
 ]
 
 [features]
@@ -65,7 +66,7 @@ tracing = { version = "0.1.30", default-features = false, features = ["log"] }
 http = { version = "0.2.3", optional = true }
 
 # openssl
-tls-openssl = { package = "openssl", version = "0.10.48", optional = true }
+tls-openssl = { package = "openssl", version = "0.10.55", optional = true }
 tokio-openssl = { version = "0.6", optional = true }
 
 # rustls v0.20
@@ -74,6 +75,7 @@ webpki-roots-022 = { package = "webpki-roots", version = "0.22", optional = true
 
 # rustls v0.21
 rustls-021 = { package = "rustls", version = "0.21.6" }
+rustls-webpki-0101 = { package = "rustls-webpki", version = "0.101.4" }
 tokio-rustls-024 = { package = "tokio-rustls", version = "0.24", optional = true }
 webpki-roots-025 = { package = "webpki-roots", version = "0.25", optional = true }