sigstore · flavio · Jan 15, 2024 · Jan 12, 2024
diff --git a/Cargo.toml b/Cargo.toml
@@ -122,8 +122,7 @@ url = "2.2.2"
 x509-cert = { version = "0.2.2", features = ["builder", "pem", "std"] }
 crypto_secretbox = "0.1.1"
 zeroize = "1.5.7"
-rustls-webpki = { version = "0.102.0-alpha.7", features = ["alloc"] }
-rustls-pki-types = { version = "1.0.0", features = ["std"] }
+rustls-webpki = { version = "0.102.1", features = ["alloc"] }
 serde_repr = "0.1.16"
 hex = "0.4.3"
 json-syntax = { version = "0.10.0", features = ["canonicalize", "serde"] }

diff --git a/src/cosign/client_builder.rs b/src/cosign/client_builder.rs
@@ -13,8 +13,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use rustls_pki_types::CertificateDer;
 use tracing::info;
+use webpki::types::CertificateDer;
 
 use super::client::Client;
 use crate::crypto::SigningScheme;

diff --git a/src/cosign/mod.rs b/src/cosign/mod.rs
@@ -283,9 +283,9 @@ where
 
 #[cfg(test)]
 mod tests {
-    use rustls_pki_types::CertificateDer;
     use serde_json::json;
     use std::collections::HashMap;
+    use webpki::types::CertificateDer;
 
     use super::constraint::{AnnotationMarker, PrivateKeySigner};
     use super::*;

diff --git a/src/cosign/signature_layers.rs b/src/cosign/signature_layers.rs
@@ -439,7 +439,7 @@ impl CertificateSignature {
         // ensure the certificate has been issued by Fulcio
         fulcio_cert_pool.verify_pem_cert(
             cert_pem,
-            Some(rustls_pki_types::UnixTime::since_unix_epoch(
+            Some(webpki::types::UnixTime::since_unix_epoch(
                 cert.tbs_certificate.validity.not_before.to_unix_duration(),
             )),
         )?;

diff --git a/src/cosign/verification_constraint/certificate_verifier.rs b/src/cosign/verification_constraint/certificate_verifier.rs
@@ -1,8 +1,8 @@
 use chrono::{DateTime, NaiveDateTime, Utc};
 use pkcs8::der::Decode;
-use rustls_pki_types::CertificateDer;
 use std::convert::TryFrom;
 use tracing::warn;
+use webpki::types::CertificateDer;
 use x509_cert::Certificate;
 
 use super::VerificationConstraint;

diff --git a/src/crypto/certificate_pool.rs b/src/crypto/certificate_pool.rs
@@ -14,8 +14,10 @@
 // limitations under the License.
 
 use const_oid::db::rfc5280::ID_KP_CODE_SIGNING;
-use rustls_pki_types::{CertificateDer, TrustAnchor, UnixTime};
-use webpki::{EndEntityCert, KeyUsage};
+use webpki::{
+    types::{CertificateDer, TrustAnchor, UnixTime},
+    EndEntityCert, KeyUsage,
+};
 
 use crate::errors::{Result, SigstoreError};
 

diff --git a/src/registry/config.rs b/src/registry/config.rs
@@ -15,10 +15,10 @@
 
 //! Set of structs and enums used to define how to interact with OCI registries
 
-use rustls_pki_types::CertificateDer;
 use serde::Serialize;
 use std::cmp::Ordering;
 use std::convert::From;
+use webpki::types::CertificateDer;
 
 use crate::errors;
 

diff --git a/src/tuf/mod.rs b/src/tuf/mod.rs
@@ -40,10 +40,10 @@ use std::{
 mod constants;
 mod trustroot;
 
-use rustls_pki_types::CertificateDer;
 use sha2::{Digest, Sha256};
 use tough::TargetName;
 use tracing::debug;
+use webpki::types::CertificateDer;
 
 use self::trustroot::{CertificateAuthority, TimeRange, TransparencyLogInstance, TrustedRoot};