diff --git a/Cargo.lock b/Cargo.lock index 6ede31c062..0a9d9a9aae 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -495,7 +495,7 @@ dependencies = [ "bitflags 2.5.0", "cexpr", "clang-sys", - "itertools 0.10.5", + "itertools 0.12.1", "lazy_static", "lazycell", "proc-macro2 1.0.83", @@ -5494,7 +5494,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00" dependencies = [ "openssl-probe", - "rustls-pemfile", + "rustls-pemfile 1.0.4", "schannel", "security-framework", ] @@ -5508,6 +5508,16 @@ dependencies = [ "base64 0.21.7", ] +[[package]] +name = "rustls-pemfile" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29993a25686778eb88d4189742cd713c9bce943bc54251a33509dc63cbacf73d" +dependencies = [ + "base64 0.22.1", + "rustls-pki-types", +] + [[package]] name = "rustls-pki-types" version = "1.7.0" @@ -6776,8 +6786,8 @@ version = "1.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675" dependencies = [ - "cfg-if 0.1.10", - "rand 0.7.3", + "cfg-if 1.0.0", + "rand 0.8.5", "static_assertions", ] @@ -7292,7 +7302,7 @@ dependencies = [ "ron", "rusqlite", "rustls", - "rustls-pemfile", + "rustls-pemfile 2.1.2", "schnellru", "serde", "serde_json", diff --git a/server/Cargo.toml b/server/Cargo.toml index 2933fc8bf1..074c462df5 100644 --- a/server/Cargo.toml +++ b/server/Cargo.toml @@ -48,7 +48,7 @@ futures-util = { workspace = true } tokio = { workspace = true } quinn = { workspace = true } rustls = { workspace = true } -rustls-pemfile = { version = "1", default-features = false } +rustls-pemfile = { version = "2", default-features = false, features = ["std"] } atomicwrites = "0.4" chrono = { workspace = true } chrono-tz = { workspace = true } diff --git a/server/src/lib.rs b/server/src/lib.rs index ddcdd753c0..bb11b82b36 100644 --- a/server/src/lib.rs +++ b/server/src/lib.rs @@ -552,13 +552,19 @@ impl Server { rustls::PrivateKey(key) } else { debug!("convert pem key to der"); - let key = rustls_pemfile::read_all(&mut key.as_slice())? - .into_iter() + let key = rustls_pemfile::read_all(&mut key.as_slice()) .find_map(|item| match item { - Item::RSAKey(v) | Item::PKCS8Key(v) => Some(v), - Item::ECKey(_) => None, - Item::X509Certificate(_) => None, - _ => None, + Ok(Item::Pkcs1Key(v)) => Some(v.secret_pkcs1_der().into()), + Ok(Item::Pkcs8Key(v)) => Some(v.secret_pkcs8_der().into()), + Ok(Item::Sec1Key(_)) => None, + Ok(Item::Crl(_)) => None, + Ok(Item::Csr(_)) => None, + Ok(Item::X509Certificate(_)) => None, + Ok(_) => None, + Err(e) => { + tracing::warn!(?e, "error while reading key_file"); + None + }, }) .ok_or("No valid pem key in file")?; rustls::PrivateKey(key) @@ -569,8 +575,15 @@ impl Server { vec![rustls::Certificate(cert_chain)] } else { debug!("convert pem cert to der"); - let certs = rustls_pemfile::certs(&mut cert_chain.as_slice())?; - certs.into_iter().map(rustls::Certificate).collect() + rustls_pemfile::certs(&mut cert_chain.as_slice()) + .filter_map(|item| match item { + Ok(cert) => Some(rustls::Certificate(cert.to_vec())), + Err(e) => { + tracing::warn!(?e, "error while reading cert_file"); + None + }, + }) + .collect() }; let server_config = quinn::ServerConfig::with_single_cert(cert_chain, key)?; Ok(server_config)