From a07c21cc2de6ca2bea396c453cd5411333169637 Mon Sep 17 00:00:00 2001
From: Aleksander <170264518+t-aleksander@users.noreply.github.com>
Date: Fri, 30 Aug 2024 09:59:52 +0200
Subject: [PATCH 1/5] fix

---
 .github/workflows/current.yml | 7 ++++++-
 Cargo.lock                    | 4 ++--
 Cargo.toml                    | 2 +-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml
index f67ce3ef..c885677c 100644
--- a/.github/workflows/current.yml
+++ b/.github/workflows/current.yml
@@ -4,6 +4,7 @@ on:
     branches:
       - main
       - dev
+      - fix-tls
     paths-ignore:
       - "*.md"
       - "LICENSE"
@@ -17,6 +18,10 @@ jobs:
     uses: ./.github/workflows/build-docker.yml
     with:
       tags: |
-        type=raw,value=current
         type=ref,event=branch
         type=sha
+    # with:
+    #   tags: |
+    #     type=raw,value=current
+    #     type=ref,event=branch
+    #     type=sha
diff --git a/Cargo.lock b/Cargo.lock
index 90fc405d..7d4b7f51 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1713,9 +1713,9 @@ dependencies = [
 
 [[package]]
 name = "tonic"
-version = "0.12.1"
+version = "0.12.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38659f4a91aba8598d27821589f5db7dddd94601e7a01b1e485a50e5484c7401"
+checksum = "c6f6ba989e4b2c58ae83d862d3a3e27690b6e3ae630d0deb59f3697f32aa88ad"
 dependencies = [
  "async-stream",
  "async-trait",
diff --git a/Cargo.toml b/Cargo.toml
index 2bad7881..70890e85 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -20,7 +20,7 @@ prost = "0.13"
 serde = { version = "1.0", features = ["derive"] }
 syslog = "7.0"
 thiserror = "1.0"
-tonic = { version = "0.12", features = ["gzip", "tls", "tls-roots"] }
+tonic = { version = "0.12", features = ["gzip", "tls", "tls-native-roots"] }
 tokio = { version = "1", features = ["macros", "rt-multi-thread"] }
 tokio-stream = { version = "0.1", features = [] }
 toml = { version = "0.8", default-features = false, features = ["parse"] }

From 3bf6d6fc576ca23e118f861eb6bfe803c3258694 Mon Sep 17 00:00:00 2001
From: Aleksander <170264518+t-aleksander@users.noreply.github.com>
Date: Fri, 30 Aug 2024 10:11:16 +0200
Subject: [PATCH 2/5] attempt 2

---
 src/gateway.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/gateway.rs b/src/gateway.rs
index 2dd8adcd..698278c1 100644
--- a/src/gateway.rs
+++ b/src/gateway.rs
@@ -331,7 +331,8 @@ impl Gateway {
             let tls = ClientTlsConfig::new().ca_certificate(Certificate::from_pem(ca));
             endpoint.tls_config(tls)?
         } else {
-            endpoint
+            let tls = ClientTlsConfig::new().with_native_roots();
+            endpoint.tls_config(tls)?
         };
         let channel = endpoint.connect_lazy();
 

From 73506571bb9b1702c59a3802be2e2108a774672e Mon Sep 17 00:00:00 2001
From: Aleksander <170264518+t-aleksander@users.noreply.github.com>
Date: Fri, 30 Aug 2024 10:30:07 +0200
Subject: [PATCH 3/5] add comment

---
 src/gateway.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/gateway.rs b/src/gateway.rs
index 698278c1..f5fede0e 100644
--- a/src/gateway.rs
+++ b/src/gateway.rs
@@ -326,6 +326,8 @@ impl Gateway {
             .http2_keep_alive_interval(TEN_SECS)
             .tcp_keepalive(Some(TEN_SECS))
             .keep_alive_while_idle(true);
+        // if CA certificate is provided, use it (and only it)
+        // otherwise load certs from system
         let endpoint = if let Some(ca) = &self.config.grpc_ca {
             let ca = std::fs::read_to_string(ca)?;
             let tls = ClientTlsConfig::new().ca_certificate(Certificate::from_pem(ca));

From 24f54bb08d14a99117aa6a6d4a5760ae7138aab6 Mon Sep 17 00:00:00 2001
From: Aleksander <170264518+t-aleksander@users.noreply.github.com>
Date: Fri, 30 Aug 2024 10:30:26 +0200
Subject: [PATCH 4/5] cleanup

---
 .github/workflows/current.yml | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml
index c885677c..f67ce3ef 100644
--- a/.github/workflows/current.yml
+++ b/.github/workflows/current.yml
@@ -4,7 +4,6 @@ on:
     branches:
       - main
       - dev
-      - fix-tls
     paths-ignore:
       - "*.md"
       - "LICENSE"
@@ -18,10 +17,6 @@ jobs:
     uses: ./.github/workflows/build-docker.yml
     with:
       tags: |
+        type=raw,value=current
         type=ref,event=branch
         type=sha
-    # with:
-    #   tags: |
-    #     type=raw,value=current
-    #     type=ref,event=branch
-    #     type=sha

From b59b397d4ef2ecc162db849c38b6caa9cb70bb8a Mon Sep 17 00:00:00 2001
From: Aleksander <170264518+t-aleksander@users.noreply.github.com>
Date: Fri, 30 Aug 2024 10:36:35 +0200
Subject: [PATCH 5/5] make it more concise

---
 src/gateway.rs | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/gateway.rs b/src/gateway.rs
index f5fede0e..7665f617 100644
--- a/src/gateway.rs
+++ b/src/gateway.rs
@@ -333,8 +333,7 @@ impl Gateway {
             let tls = ClientTlsConfig::new().ca_certificate(Certificate::from_pem(ca));
             endpoint.tls_config(tls)?
         } else {
-            let tls = ClientTlsConfig::new().with_native_roots();
-            endpoint.tls_config(tls)?
+            endpoint.tls_config(ClientTlsConfig::new().with_native_roots())?
         };
         let channel = endpoint.connect_lazy();