Remove rustls-pemfile dependency
This commit is contained in:
Devon Hudson
11
Cargo.lock
generated
11
Cargo.lock
generated
@@ -3222,7 +3222,6 @@ dependencies = [
|
||||
"pem-rfc7468",
|
||||
"rand 0.8.5",
|
||||
"rand_chacha 0.3.1",
|
||||
"rustls-pemfile",
|
||||
"rustls-pki-types",
|
||||
"schemars 0.9.0",
|
||||
"serde",
|
||||
@@ -3516,7 +3515,6 @@ dependencies = [
|
||||
"hyper-util",
|
||||
"mas-context",
|
||||
"pin-project-lite",
|
||||
"rustls-pemfile",
|
||||
"socket2",
|
||||
"thiserror 2.0.17",
|
||||
"tokio",
|
||||
@@ -5133,15 +5131,6 @@ dependencies = [
|
||||
"security-framework",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rustls-pemfile"
|
||||
version = "2.2.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50"
|
||||
dependencies = [
|
||||
"rustls-pki-types",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rustls-pki-types"
|
||||
version = "1.13.0"
|
||||
|
||||
@@ -523,10 +523,6 @@ version = "0.16.0"
|
||||
[workspace.dependencies.rustls]
|
||||
version = "0.23.35"
|
||||
|
||||
# PEM parsing for rustls
|
||||
[workspace.dependencies.rustls-pemfile]
|
||||
version = "2.2.0"
|
||||
|
||||
# PKI types for rustls
|
||||
[workspace.dependencies.rustls-pki-types]
|
||||
version = "1.13.0"
|
||||
|
||||
@@ -30,7 +30,6 @@ lettre.workspace = true
|
||||
pem-rfc7468.workspace = true
|
||||
rand_chacha.workspace = true
|
||||
rand.workspace = true
|
||||
rustls-pemfile.workspace = true
|
||||
rustls-pki-types.workspace = true
|
||||
schemars.workspace = true
|
||||
serde_json.workspace = true
|
||||
|
||||
@@ -6,13 +6,13 @@
|
||||
|
||||
#![allow(deprecated)]
|
||||
|
||||
use std::{borrow::Cow, io::Cursor};
|
||||
use std::borrow::Cow;
|
||||
|
||||
use anyhow::bail;
|
||||
use camino::Utf8PathBuf;
|
||||
use ipnetwork::IpNetwork;
|
||||
use mas_keystore::PrivateKey;
|
||||
use rustls_pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer};
|
||||
use rustls_pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer, pem::PemObject};
|
||||
use schemars::JsonSchema;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use url::Url;
|
||||
@@ -238,10 +238,8 @@ impl TlsConfig {
|
||||
(None, Some(path)) => Cow::Owned(std::fs::read_to_string(path)?),
|
||||
};
|
||||
|
||||
let mut certificate_chain_reader = Cursor::new(certificate_chain_pem.as_bytes());
|
||||
let certificate_chain: Result<Vec<_>, _> =
|
||||
rustls_pemfile::certs(&mut certificate_chain_reader).collect();
|
||||
let certificate_chain = certificate_chain?;
|
||||
let certificate_chain = CertificateDer::pem_slice_iter(certificate_chain_pem.as_bytes())
|
||||
.collect::<Result<Vec<_>, _>>()?;
|
||||
|
||||
if certificate_chain.is_empty() {
|
||||
bail!("TLS certificate chain is empty (or invalid)")
|
||||
|
||||
@@ -36,7 +36,6 @@ mas-context.workspace = true
|
||||
|
||||
[dev-dependencies]
|
||||
anyhow.workspace = true
|
||||
rustls-pemfile.workspace = true
|
||||
tokio-test.workspace = true
|
||||
tokio.workspace = true
|
||||
tracing-subscriber.workspace = true
|
||||
|
||||
@@ -6,7 +6,6 @@
|
||||
|
||||
use std::{
|
||||
convert::Infallible,
|
||||
io::BufReader,
|
||||
net::{Ipv4Addr, TcpListener},
|
||||
sync::Arc,
|
||||
time::Duration,
|
||||
@@ -15,7 +14,11 @@ use std::{
|
||||
use anyhow::Context;
|
||||
use hyper::{Request, Response};
|
||||
use mas_listener::{ConnectionInfo, server::Server};
|
||||
use tokio_rustls::rustls::{RootCertStore, ServerConfig, server::WebPkiClientVerifier};
|
||||
use tokio_rustls::rustls::{
|
||||
RootCertStore, ServerConfig,
|
||||
pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs1KeyDer, pem::PemObject},
|
||||
server::WebPkiClientVerifier,
|
||||
};
|
||||
use tokio_util::sync::CancellationToken;
|
||||
use tower::service_fn;
|
||||
|
||||
@@ -77,23 +80,18 @@ async fn main() -> Result<(), anyhow::Error> {
|
||||
}
|
||||
|
||||
fn load_tls_config() -> Result<Arc<ServerConfig>, anyhow::Error> {
|
||||
let mut ca_cert_reader = BufReader::new(CA_CERT_PEM);
|
||||
let ca_cert = rustls_pemfile::certs(&mut ca_cert_reader)
|
||||
let ca_cert = CertificateDer::pem_slice_iter(CA_CERT_PEM)
|
||||
.collect::<Result<Vec<_>, _>>()
|
||||
.context("Invalid CA certificate")?;
|
||||
let mut ca_cert_store = RootCertStore::empty();
|
||||
ca_cert_store.add_parsable_certificates(ca_cert);
|
||||
|
||||
let mut server_cert_reader = BufReader::new(SERVER_CERT_PEM);
|
||||
let server_cert: Vec<_> = rustls_pemfile::certs(&mut server_cert_reader)
|
||||
let server_cert: Vec<_> = CertificateDer::pem_slice_iter(SERVER_CERT_PEM)
|
||||
.collect::<Result<Vec<_>, _>>()
|
||||
.context("Invalid server certificate")?;
|
||||
|
||||
let mut server_key_reader = BufReader::new(SERVER_KEY_PEM);
|
||||
let server_key = rustls_pemfile::rsa_private_keys(&mut server_key_reader)
|
||||
.next()
|
||||
.context("No RSA private key found")?
|
||||
.context("Invalid server TLS keys")?;
|
||||
let server_key =
|
||||
PrivatePkcs1KeyDer::from_pem_slice(SERVER_KEY_PEM).context("Invalid server TLS keys")?;
|
||||
|
||||
let client_cert_verifier = WebPkiClientVerifier::builder(Arc::new(ca_cert_store))
|
||||
.allow_unauthenticated()
|
||||
@@ -101,7 +99,7 @@ fn load_tls_config() -> Result<Arc<ServerConfig>, anyhow::Error> {
|
||||
|
||||
let mut config = ServerConfig::builder()
|
||||
.with_client_cert_verifier(client_cert_verifier)
|
||||
.with_single_cert(server_cert, server_key.into())?;
|
||||
.with_single_cert(server_cert, PrivateKeyDer::Pkcs1(server_key))?;
|
||||
config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
|
||||
|
||||
Ok(Arc::new(config))
|
||||
|
||||
Reference in New Issue
Block a user