Skip to content

Commit c205e85

Browse files
committed
Use background thread to load certificates
1 parent 4b332cd commit c205e85

File tree

1 file changed

+11
-4
lines changed

1 file changed

+11
-4
lines changed

crates/kitsune-db/src/tls.rs

+11-4
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,9 @@ pub fn pool_config() -> ManagerConfig<AsyncPgConnection> {
1111
fn establish_conn(config: &str) -> BoxFuture<'_, ConnectionResult<AsyncPgConnection>> {
1212
async {
1313
let rustls_config = rustls::ClientConfig::builder()
14-
.with_root_certificates(load_certs())
14+
.with_root_certificates(load_certs().await)
1515
.with_no_client_auth();
16+
1617
let tls = tokio_postgres_rustls::MakeRustlsConnect::new(rustls_config);
1718
let (client, conn) = tokio_postgres::connect(config, tls)
1819
.await
@@ -29,10 +30,16 @@ fn establish_conn(config: &str) -> BoxFuture<'_, ConnectionResult<AsyncPgConnect
2930
.boxed()
3031
}
3132

32-
fn load_certs() -> rustls::RootCertStore {
33+
async fn load_certs() -> rustls::RootCertStore {
34+
// Load certificates on a background thread to avoid blocking the runtime
35+
//
36+
// TODO(aumetra): Maybe add a fallback to `webpki-roots`?
37+
let certs = kitsune_blocking::io(rustls_native_certs::load_native_certs)
38+
.await
39+
.unwrap()
40+
.expect("Failed to load native certificates");
41+
3342
let mut roots = rustls::RootCertStore::empty();
34-
let certs =
35-
rustls_native_certs::load_native_certs().expect("Failed to load native certificates");
3643
roots.add_parsable_certificates(certs);
3744
roots
3845
}

0 commit comments

Comments
 (0)