update: fix macOS Tor's TLS

On apple-darwin targets there is an issue with the native and rustls
tls implementation so this makes it fall back to the openssl variant.

https://gitlab.torproject.org/tpo/core/arti/-/issues/715

Cargo.lock

@@ -2083,6 +2083,7 @@ dependencies = [
  "tar",
  "tls-api",
  "tls-api-native-tls",
+ "tls-api-openssl",
  "tokio",
  "toml 0.7.4",
  "tor-rtcompat",
@@ -4548,6 +4549,21 @@ dependencies = [
  "tokio",
 ]
 
+[[package]]
+name = "tls-api-openssl"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "82155f245c99a3b652627f32abeacd4eae9e0fec996c1090df121e01379d28f3"
+dependencies = [
+ "anyhow",
+ "openssl",
+ "openssl-sys",
+ "thiserror",
+ "tls-api",
+ "tls-api-test",
+ "tokio",
+]
+
 [[package]]
 name = "tls-api-test"
 version = "0.9.0"

Cargo.toml

@@ -66,7 +66,6 @@ serde = { version = "1.0.163", features = ["rc", "derive"] }
 serde_json = "1.0"
 sysinfo = { version = "0.29.0", default-features = false }
 tls-api = "0.9.0"
-tls-api-native-tls = "0.9.0"
 tokio = { version = "1.21.2", features = ["rt", "time", "macros", "process"] }
 toml = { version = "0.7.4", features = ["preserve_order"] }
 tor-rtcompat = "0.9.0"
@@ -82,6 +81,18 @@ sudo = "0.6.0"
 ## [glow] backend for Unix.
 eframe = { version = "0.19.0", default-features = false, features = ["glow"] }
 
+# macOS Tor
+[target.'cfg(target_os = "macos")'.dependencies]
+# On apple-darwin targets there is an issue with the native and rustls
+# tls implementation so this makes it fall back to the openssl variant.
+#
+# https://gitlab.torproject.org/tpo/core/arti/-/issues/715
+tls-api-openssl = "0.9.0"
+
+# Windows/Linux Tor
+[target.'cfg(not(target_os = "macos"))'.dependencies]
+tls-api-native-tls = "0.9.0"
+
 # Windows dependencies
 [target.'cfg(windows)'.dependencies]
 zip = "0.6.6"

src/update.rs

@@ -45,10 +45,23 @@ use rand::{thread_rng, Rng};
 use serde::{Serialize,Deserialize};
 use std::path::{Path,PathBuf};
 use std::sync::{Arc,Mutex};
-use tls_api::{TlsConnector, TlsConnectorBuilder};
 use tokio::task::JoinHandle;
 use walkdir::WalkDir;
 
+// On apple-darwin targets there is an issue with the native and rustls
+// tls implementation so this makes it fall back to the openssl variant.
+//
+// https://gitlab.torproject.org/tpo/core/arti/-/issues/715
+#[cfg(target_os = "macos")]
+use tls_api_openssl::TlsConnector;
+#[cfg(not(target_os = "macos"))]
+use tls_api_native_tls::TlsConnector;
+
+use tls_api::{
+	TlsConnector as TlsConnectorTrait,
+	TlsConnectorBuilder,
+};
+
 #[cfg(target_os = "windows")]
 use zip::ZipArchive;
 //#[cfg(target_family = "unix")]
@@ -297,7 +310,7 @@ impl Update {
 			let tor = TorClient::builder().bootstrap_behavior(arti_client::BootstrapBehavior::OnDemand).create_unbootstrapped()?;
 			// This makes sure the Tor circuit is different each time
 			let tor = TorClient::isolated_client(&tor);
-			let tls = tls_api_native_tls::TlsConnector::builder()?.build()?;
+			let tls = TlsConnector::builder()?.build()?;
 		    let connector = ArtiHttpConnector::new(tor, tls);
 			let client = ClientEnum::Tor(Client::builder().build(connector));
 			Ok(client)
@@ -764,7 +777,7 @@ impl Update {
 
 #[derive(Debug,Clone)]
 pub enum ClientEnum {
-    Tor(hyper::Client<ArtiHttpConnector<tor_rtcompat::PreferredRuntime, tls_api_native_tls::TlsConnector>>),
+    Tor(hyper::Client<ArtiHttpConnector<tor_rtcompat::PreferredRuntime, TlsConnector>>),
     Https(hyper::Client<hyper_tls::HttpsConnector<hyper::client::HttpConnector>>),
 }