upgrade rustls

This commit is contained in:
crabman 2024-05-28 12:46:03 +00:00
parent 2c138fc0eb
commit a2ea012f43
No known key found for this signature in database
8 changed files with 206 additions and 91 deletions

190
Cargo.lock generated
View File

@ -212,7 +212,7 @@ version = "2.5.5"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a7e7b35733e3a8c1ccb90385088dd5b6eaa61325cb4d1ad56e683b5224ff352e" checksum = "a7e7b35733e3a8c1ccb90385088dd5b6eaa61325cb4d1ad56e683b5224ff352e"
dependencies = [ dependencies = [
"jni", "jni 0.21.1",
"ndk-context", "ndk-context",
"winapi", "winapi",
"xdg", "xdg",
@ -1259,7 +1259,7 @@ dependencies = [
"core-foundation-sys", "core-foundation-sys",
"coreaudio-rs", "coreaudio-rs",
"dasp_sample", "dasp_sample",
"jni", "jni 0.21.1",
"js-sys", "js-sys",
"libc", "libc",
"mach2", "mach2",
@ -2247,7 +2247,7 @@ dependencies = [
"futures-core", "futures-core",
"futures-sink", "futures-sink",
"nanorand", "nanorand",
"spin 0.9.8", "spin",
] ]
[[package]] [[package]]
@ -2988,8 +2988,8 @@ dependencies = [
"http", "http",
"hyper", "hyper",
"log", "log",
"rustls", "rustls 0.21.12",
"rustls-native-certs", "rustls-native-certs 0.6.3",
"tokio", "tokio",
"tokio-rustls", "tokio-rustls",
] ]
@ -3342,6 +3342,20 @@ dependencies = [
"cc", "cc",
] ]
[[package]]
name = "jni"
version = "0.19.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c6df18c2e3db7e453d3c6ac5b3e9d5182664d28788126d39b91f2d1e22b017ec"
dependencies = [
"cesu8",
"combine",
"jni-sys",
"log",
"thiserror",
"walkdir",
]
[[package]] [[package]]
name = "jni" name = "jni"
version = "0.21.1" version = "0.21.1"
@ -4410,7 +4424,7 @@ version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e8b61bebd49e5d43f5f8cc7ee2891c16e0f41ec7954d36bcb6c14c5e0de867fb" checksum = "e8b61bebd49e5d43f5f8cc7ee2891c16e0f41ec7954d36bcb6c14c5e0de867fb"
dependencies = [ dependencies = [
"jni", "jni 0.21.1",
"ndk 0.8.0", "ndk 0.8.0",
"ndk-context", "ndk-context",
"num-derive", "num-derive",
@ -4918,16 +4932,16 @@ dependencies = [
[[package]] [[package]]
name = "quinn" name = "quinn"
version = "0.10.2" version = "0.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8cc2c5017e4b43d5995dcea317bc46c1e09404c0a9664d2908f7f02dfe943d75" checksum = "904e3d3ba178131798c6d9375db2b13b34337d489b089fc5ba0825a2ff1bee73"
dependencies = [ dependencies = [
"bytes", "bytes",
"pin-project-lite", "pin-project-lite",
"quinn-proto", "quinn-proto",
"quinn-udp", "quinn-udp",
"rustc-hash", "rustc-hash",
"rustls", "rustls 0.23.8",
"thiserror", "thiserror",
"tokio", "tokio",
"tracing", "tracing",
@ -4935,16 +4949,16 @@ dependencies = [
[[package]] [[package]]
name = "quinn-proto" name = "quinn-proto"
version = "0.10.6" version = "0.11.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "141bf7dfde2fbc246bfd3fe12f2455aa24b0fbd9af535d8c86c7bd1381ff2b1a" checksum = "e974563a4b1c2206bbc61191ca4da9c22e4308b4c455e8906751cc7828393f08"
dependencies = [ dependencies = [
"bytes", "bytes",
"rand 0.8.5", "rand 0.8.5",
"ring 0.16.20", "ring",
"rustc-hash", "rustc-hash",
"rustls", "rustls 0.23.8",
"rustls-native-certs", "rustls-platform-verifier",
"slab", "slab",
"thiserror", "thiserror",
"tinyvec", "tinyvec",
@ -4953,15 +4967,15 @@ dependencies = [
[[package]] [[package]]
name = "quinn-udp" name = "quinn-udp"
version = "0.4.1" version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "055b4e778e8feb9f93c4e439f71dc2156ef13360b432b799e179a8c4cdf0b1d7" checksum = "e4f0def2590301f4f667db5a77f9694fb004f82796dc1a8b1508fafa3d0e8b72"
dependencies = [ dependencies = [
"bytes",
"libc", "libc",
"once_cell",
"socket2", "socket2",
"tracing", "tracing",
"windows-sys 0.48.0", "windows-sys 0.52.0",
] ]
[[package]] [[package]]
@ -5143,7 +5157,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "54077e1872c46788540de1ea3d7f4ccb1983d12f9aa909b234468676c1a36779" checksum = "54077e1872c46788540de1ea3d7f4ccb1983d12f9aa909b234468676c1a36779"
dependencies = [ dependencies = [
"pem", "pem",
"ring 0.17.8", "ring",
"rustls-pki-types", "rustls-pki-types",
"time", "time",
"yasna", "yasna",
@ -5304,21 +5318,6 @@ dependencies = [
"quick-error", "quick-error",
] ]
[[package]]
name = "ring"
version = "0.16.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
dependencies = [
"cc",
"libc",
"once_cell",
"spin 0.5.2",
"untrusted 0.7.1",
"web-sys",
"winapi",
]
[[package]] [[package]]
name = "ring" name = "ring"
version = "0.17.8" version = "0.17.8"
@ -5329,8 +5328,8 @@ dependencies = [
"cfg-if 1.0.0", "cfg-if 1.0.0",
"getrandom 0.2.15", "getrandom 0.2.15",
"libc", "libc",
"spin 0.9.8", "spin",
"untrusted 0.9.0", "untrusted",
"windows-sys 0.52.0", "windows-sys 0.52.0",
] ]
@ -5482,11 +5481,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e" checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e"
dependencies = [ dependencies = [
"log", "log",
"ring 0.17.8", "ring",
"rustls-webpki", "rustls-webpki 0.101.7",
"sct", "sct",
] ]
[[package]]
name = "rustls"
version = "0.23.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "79adb16721f56eb2d843e67676896a61ce7a0fa622dc18d3e372477a029d2740"
dependencies = [
"once_cell",
"ring",
"rustls-pki-types",
"rustls-webpki 0.102.4",
"subtle",
"zeroize",
]
[[package]] [[package]]
name = "rustls-native-certs" name = "rustls-native-certs"
version = "0.6.3" version = "0.6.3"
@ -5499,6 +5512,19 @@ dependencies = [
"security-framework", "security-framework",
] ]
[[package]]
name = "rustls-native-certs"
version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8f1fb85efa936c42c6d5fc28d2629bb51e4b2f4b8a5211e297d599cc5a093792"
dependencies = [
"openssl-probe",
"rustls-pemfile 2.1.2",
"rustls-pki-types",
"schannel",
"security-framework",
]
[[package]] [[package]]
name = "rustls-pemfile" name = "rustls-pemfile"
version = "1.0.4" version = "1.0.4"
@ -5524,14 +5550,52 @@ version = "1.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d"
[[package]]
name = "rustls-platform-verifier"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b5f0d26fa1ce3c790f9590868f0109289a044acb954525f933e2aa3b871c157d"
dependencies = [
"core-foundation",
"core-foundation-sys",
"jni 0.19.0",
"log",
"once_cell",
"rustls 0.23.8",
"rustls-native-certs 0.7.0",
"rustls-platform-verifier-android",
"rustls-webpki 0.102.4",
"security-framework",
"security-framework-sys",
"webpki-roots",
"winapi",
]
[[package]]
name = "rustls-platform-verifier-android"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "84e217e7fdc8466b5b35d30f8c0a30febd29173df4a3a0c2115d306b9c4117ad"
[[package]] [[package]]
name = "rustls-webpki" name = "rustls-webpki"
version = "0.101.7" version = "0.101.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
dependencies = [ dependencies = [
"ring 0.17.8", "ring",
"untrusted 0.9.0", "untrusted",
]
[[package]]
name = "rustls-webpki"
version = "0.102.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e"
dependencies = [
"ring",
"rustls-pki-types",
"untrusted",
] ]
[[package]] [[package]]
@ -5640,8 +5704,8 @@ version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
dependencies = [ dependencies = [
"ring 0.17.8", "ring",
"untrusted 0.9.0", "untrusted",
] ]
[[package]] [[package]]
@ -5690,6 +5754,7 @@ dependencies = [
"core-foundation", "core-foundation",
"core-foundation-sys", "core-foundation-sys",
"libc", "libc",
"num-bigint 0.4.5",
"security-framework-sys", "security-framework-sys",
] ]
@ -6095,12 +6160,6 @@ dependencies = [
"syn 1.0.109", "syn 1.0.109",
] ]
[[package]]
name = "spin"
version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
[[package]] [[package]]
name = "spin" name = "spin"
version = "0.9.8" version = "0.9.8"
@ -6241,6 +6300,12 @@ dependencies = [
"syn 2.0.65", "syn 2.0.65",
] ]
[[package]]
name = "subtle"
version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc"
[[package]] [[package]]
name = "sum_type" name = "sum_type"
version = "0.2.0" version = "0.2.0"
@ -6525,7 +6590,7 @@ version = "0.24.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
dependencies = [ dependencies = [
"rustls", "rustls 0.21.12",
"tokio", "tokio",
] ]
@ -6878,12 +6943,6 @@ version = "0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c"
[[package]]
name = "untrusted"
version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
[[package]] [[package]]
name = "untrusted" name = "untrusted"
version = "0.9.0" version = "0.9.0"
@ -6977,7 +7036,7 @@ dependencies = [
"quinn", "quinn",
"rayon", "rayon",
"ron", "ron",
"rustls", "rustls 0.23.8",
"rustyline", "rustyline",
"serde", "serde",
"specs", "specs",
@ -7211,7 +7270,7 @@ dependencies = [
"quinn", "quinn",
"rand 0.8.5", "rand 0.8.5",
"rcgen", "rcgen",
"rustls", "rustls 0.23.8",
"serde", "serde",
"shellexpand 3.1.0", "shellexpand 3.1.0",
"socket2", "socket2",
@ -7301,7 +7360,7 @@ dependencies = [
"refinery", "refinery",
"ron", "ron",
"rusqlite", "rusqlite",
"rustls", "rustls 0.23.8",
"rustls-pemfile 2.1.2", "rustls-pemfile 2.1.2",
"schnellru", "schnellru",
"serde", "serde",
@ -8215,6 +8274,15 @@ dependencies = [
"wasm-bindgen", "wasm-bindgen",
] ]
[[package]]
name = "webpki-roots"
version = "0.26.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b3de34ae270483955a94f4b21bdaaeb83d508bb84a01435f393818edb0012009"
dependencies = [
"rustls-pki-types",
]
[[package]] [[package]]
name = "wfd" name = "wfd"
version = "0.1.7" version = "0.1.7"
@ -9011,6 +9079,12 @@ dependencies = [
"syn 2.0.65", "syn 2.0.65",
] ]
[[package]]
name = "zeroize"
version = "1.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde"
[[package]] [[package]]
name = "zstd" name = "zstd"
version = "0.13.1" version = "0.13.1"

View File

@ -134,7 +134,7 @@ tokio = { version = "1.28", default-features = false, features = ["rt"] }
tracing = { version = "0.1" } tracing = { version = "0.1" }
futures-util = { version = "0.3.7", default-features = false } futures-util = { version = "0.3.7", default-features = false }
prometheus = { version = "0.13", default-features = false } prometheus = { version = "0.13", default-features = false }
prometheus-hyper = "0.1.4" prometheus-hyper = "0.1.5"
strum = { version = "0.24", features = ["derive"] } strum = { version = "0.24", features = ["derive"] }
enum-map = { version = "2.4" } enum-map = { version = "2.4" }
@ -161,9 +161,8 @@ async-trait = "0.1.42"
sha2 = "0.10" sha2 = "0.10"
hex = "0.4.3" hex = "0.4.3"
#TODO add features = ["std"] in 0.22 rustls = { version = "0.23", default-features = false, features = ["std"] }
rustls = { version = "0.21", default-features = false } quinn = { version = "0.11" }
quinn = { version = "0.10" }
[patch.crates-io] [patch.crates-io]
# until next specs release # until next specs release

View File

@ -38,7 +38,7 @@ network = { package = "veloren-network", path = "../network", features = [
byteorder = "1.3.2" byteorder = "1.3.2"
tokio = { workspace = true, features = ["rt-multi-thread"] } tokio = { workspace = true, features = ["rt-multi-thread"] }
quinn = { workspace = true, features = ["rustls"] } quinn = { workspace = true, features = ["rustls"] }
rustls = { workspace = true, features = ["dangerous_configuration"] } rustls = { workspace = true }
hickory-resolver = { version = "0.24.0", features = [ hickory-resolver = { version = "0.24.0", features = [
"system-config", "system-config",
"tokio-runtime", "tokio-runtime",

View File

@ -78,7 +78,7 @@ use image::DynamicImage;
use network::{ConnectAddr, Network, Participant, Pid, Stream}; use network::{ConnectAddr, Network, Participant, Pid, Stream};
use num::traits::FloatConst; use num::traits::FloatConst;
use rayon::prelude::*; use rayon::prelude::*;
use rustls::client::ServerCertVerified; use rustls::client::danger::ServerCertVerified;
use specs::Component; use specs::Component;
use std::{ use std::{
collections::{BTreeMap, VecDeque}, collections::{BTreeMap, VecDeque},
@ -86,7 +86,7 @@ use std::{
mem, mem,
path::PathBuf, path::PathBuf,
sync::Arc, sync::Arc,
time::{Duration, Instant, SystemTime}, time::{Duration, Instant},
}; };
use tokio::runtime::Runtime; use tokio::runtime::Runtime;
use tracing::{debug, error, trace, warn}; use tracing::{debug, error, trace, warn};
@ -352,34 +352,74 @@ async fn connect_quic(
validate_tls: bool, validate_tls: bool,
) -> Result<network::Participant, crate::error::Error> { ) -> Result<network::Participant, crate::error::Error> {
let config = if validate_tls { let config = if validate_tls {
quinn::ClientConfig::with_native_roots() quinn::ClientConfig::with_platform_verifier()
} else { } else {
warn!( warn!(
"skipping validation of server identity. There is no guarantee that the server you're \ "skipping validation of server identity. There is no guarantee that the server you're \
connected to is the one you expect to be connecting to." connected to is the one you expect to be connecting to."
); );
#[derive(Debug)]
struct Verifier; struct Verifier;
impl rustls::client::ServerCertVerifier for Verifier { impl rustls::client::danger::ServerCertVerifier for Verifier {
fn verify_server_cert( fn verify_server_cert(
&self, &self,
_: &rustls::Certificate, _end_entity: &rustls::pki_types::CertificateDer<'_>,
_: &[rustls::Certificate], _intermediates: &[rustls::pki_types::CertificateDer<'_>],
_: &rustls::ServerName, _server_name: &rustls::pki_types::ServerName<'_>,
_: &mut dyn Iterator<Item = &[u8]>, _ocsp_response: &[u8],
_: &[u8], _now: rustls::pki_types::UnixTime,
_: SystemTime,
) -> Result<ServerCertVerified, rustls::Error> { ) -> Result<ServerCertVerified, rustls::Error> {
Ok(ServerCertVerified::assertion()) Ok(ServerCertVerified::assertion())
} }
fn verify_tls12_signature(
&self,
_message: &[u8],
_cert: &rustls::pki_types::CertificateDer<'_>,
_dss: &rustls::DigitallySignedStruct,
) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error>
{
Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
}
fn verify_tls13_signature(
&self,
_message: &[u8],
_cert: &rustls::pki_types::CertificateDer<'_>,
_dss: &rustls::DigitallySignedStruct,
) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error>
{
Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
}
fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
vec![
rustls::SignatureScheme::RSA_PKCS1_SHA1,
rustls::SignatureScheme::ECDSA_SHA1_Legacy,
rustls::SignatureScheme::RSA_PKCS1_SHA256,
rustls::SignatureScheme::ECDSA_NISTP256_SHA256,
rustls::SignatureScheme::RSA_PKCS1_SHA384,
rustls::SignatureScheme::ECDSA_NISTP384_SHA384,
rustls::SignatureScheme::RSA_PKCS1_SHA512,
rustls::SignatureScheme::ECDSA_NISTP521_SHA512,
rustls::SignatureScheme::RSA_PSS_SHA256,
rustls::SignatureScheme::RSA_PSS_SHA384,
rustls::SignatureScheme::RSA_PSS_SHA512,
rustls::SignatureScheme::ED25519,
rustls::SignatureScheme::ED448,
]
}
} }
let mut cfg = rustls::ClientConfig::builder() let mut cfg = rustls::ClientConfig::builder()
.with_safe_defaults() .dangerous()
.with_custom_certificate_verifier(Arc::new(Verifier)) .with_custom_certificate_verifier(Arc::new(Verifier))
.with_no_client_auth(); .with_no_client_auth();
cfg.enable_early_data = true; cfg.enable_early_data = true;
quinn::ClientConfig::new(Arc::new(cfg)) quinn::ClientConfig::new(Arc::new(
quinn::crypto::rustls::QuicClientConfig::try_from(cfg).unwrap(),
))
}; };
addr::try_connect(network, &hostname, override_port, prefer_ipv6, |a| { addr::try_connect(network, &hostname, override_port, prefer_ipv6, |a| {

View File

@ -339,7 +339,7 @@ impl Protocols {
// a reverse DNS lookup // a reverse DNS lookup
let connect_addr = ConnectAddr::Quic( let connect_addr = ConnectAddr::Quic(
addr, addr,
quinn::ClientConfig::with_native_roots(), quinn::ClientConfig::with_platform_verifier(),
"TODO_remote_hostname".to_string(), "TODO_remote_hostname".to_string(),
); );
let _ = c2s_protocol_s.send((quic, connect_addr, cid)); let _ = c2s_protocol_s.send((quic, connect_addr, cid));

View File

@ -1,4 +1,5 @@
use lazy_static::*; use lazy_static::*;
use rustls::pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer};
use std::{ use std::{
net::{Ipv4Addr, SocketAddr}, net::{Ipv4Addr, SocketAddr},
sync::{ sync::{
@ -108,15 +109,16 @@ pub fn quic() -> (ListenAddr, ConnectAddr) {
let key = cert.key_pair.serialize_der(); let key = cert.key_pair.serialize_der();
let cert = cert.cert.der(); let cert = cert.cert.der();
let key = rustls::PrivateKey(key); let key = PrivateKeyDer::from(PrivatePkcs8KeyDer::from(key));
let cert = rustls::Certificate((*cert).to_vec());
let mut root_store = rustls::RootCertStore::empty(); let mut root_store = rustls::RootCertStore::empty();
root_store.add(&cert).expect("cannot add cert to rootstore"); root_store
.add(cert.clone())
.expect("cannot add cert to rootstore");
let server_config = quinn::ServerConfig::with_single_cert(vec![cert], key) let server_config = quinn::ServerConfig::with_single_cert(vec![cert.clone()], key)
.expect("Server Config Cert/Key failed"); .expect("Server Config Cert/Key failed");
let client_config = quinn::ClientConfig::with_root_certificates(root_store); let client_config = quinn::ClientConfig::with_root_certificates(Arc::new(root_store)).unwrap();
use std::net::IpAddr; use std::net::IpAddr;
( (
ListenAddr::Quic( ListenAddr::Quic(

View File

@ -111,6 +111,7 @@ use persistence::{
character_updater::CharacterUpdater, character_updater::CharacterUpdater,
}; };
use prometheus::Registry; use prometheus::Registry;
use rustls::pki_types::{CertificateDer, PrivateKeyDer};
use specs::{ use specs::{
shred::SendDispatcher, Builder, Entity as EcsEntity, Entity, Join, LendJoin, WorldExt, shred::SendDispatcher, Builder, Entity as EcsEntity, Entity, Join, LendJoin, WorldExt,
}; };
@ -549,14 +550,14 @@ impl Server {
match || -> Result<_, Box<dyn std::error::Error>> { match || -> Result<_, Box<dyn std::error::Error>> {
let key = fs::read(key_file_path)?; let key = fs::read(key_file_path)?;
let key = if key_file_path.extension().map_or(false, |x| x == "der") { let key = if key_file_path.extension().map_or(false, |x| x == "der") {
rustls::PrivateKey(key) PrivateKeyDer::try_from(key).map_err(|_| "No valid pem key in file")?
} else { } else {
debug!("convert pem key to der"); debug!("convert pem key to der");
let key = rustls_pemfile::read_all(&mut key.as_slice()) rustls_pemfile::read_all(&mut key.as_slice())
.find_map(|item| match item { .find_map(|item| match item {
Ok(Item::Pkcs1Key(v)) => Some(v.secret_pkcs1_der().into()), Ok(Item::Pkcs1Key(v)) => Some(PrivateKeyDer::Pkcs1(v)),
Ok(Item::Pkcs8Key(v)) => Some(v.secret_pkcs8_der().into()), Ok(Item::Pkcs8Key(v)) => Some(PrivateKeyDer::Pkcs8(v)),
Ok(Item::Sec1Key(_)) => None, Ok(Item::Sec1Key(v)) => Some(PrivateKeyDer::Sec1(v)),
Ok(Item::Crl(_)) => None, Ok(Item::Crl(_)) => None,
Ok(Item::Csr(_)) => None, Ok(Item::Csr(_)) => None,
Ok(Item::X509Certificate(_)) => None, Ok(Item::X509Certificate(_)) => None,
@ -566,18 +567,17 @@ impl Server {
None None
}, },
}) })
.ok_or("No valid pem key in file")?; .ok_or("No valid pem key in file")?
rustls::PrivateKey(key)
}; };
let cert_chain = fs::read(cert_file_path)?; let cert_chain = fs::read(cert_file_path)?;
let cert_chain = if cert_file_path.extension().map_or(false, |x| x == "der") let cert_chain = if cert_file_path.extension().map_or(false, |x| x == "der")
{ {
vec![rustls::Certificate(cert_chain)] vec![CertificateDer::from(cert_chain)]
} else { } else {
debug!("convert pem cert to der"); debug!("convert pem cert to der");
rustls_pemfile::certs(&mut cert_chain.as_slice()) rustls_pemfile::certs(&mut cert_chain.as_slice())
.filter_map(|item| match item { .filter_map(|item| match item {
Ok(cert) => Some(rustls::Certificate(cert.to_vec())), Ok(cert) => Some(cert),
Err(e) => { Err(e) => {
tracing::warn!(?e, "error while reading cert_file"); tracing::warn!(?e, "error while reading cert_file");
None None