mirror of
https://gitlab.com/veloren/veloren.git
synced 2024-08-30 18:12:32 +00:00
upgrade rustls
This commit is contained in:
parent
2c138fc0eb
commit
a2ea012f43
190
Cargo.lock
generated
190
Cargo.lock
generated
@ -212,7 +212,7 @@ version = "2.5.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a7e7b35733e3a8c1ccb90385088dd5b6eaa61325cb4d1ad56e683b5224ff352e"
|
||||
dependencies = [
|
||||
"jni",
|
||||
"jni 0.21.1",
|
||||
"ndk-context",
|
||||
"winapi",
|
||||
"xdg",
|
||||
@ -1259,7 +1259,7 @@ dependencies = [
|
||||
"core-foundation-sys",
|
||||
"coreaudio-rs",
|
||||
"dasp_sample",
|
||||
"jni",
|
||||
"jni 0.21.1",
|
||||
"js-sys",
|
||||
"libc",
|
||||
"mach2",
|
||||
@ -2247,7 +2247,7 @@ dependencies = [
|
||||
"futures-core",
|
||||
"futures-sink",
|
||||
"nanorand",
|
||||
"spin 0.9.8",
|
||||
"spin",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@ -2988,8 +2988,8 @@ dependencies = [
|
||||
"http",
|
||||
"hyper",
|
||||
"log",
|
||||
"rustls",
|
||||
"rustls-native-certs",
|
||||
"rustls 0.21.12",
|
||||
"rustls-native-certs 0.6.3",
|
||||
"tokio",
|
||||
"tokio-rustls",
|
||||
]
|
||||
@ -3342,6 +3342,20 @@ dependencies = [
|
||||
"cc",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "jni"
|
||||
version = "0.19.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c6df18c2e3db7e453d3c6ac5b3e9d5182664d28788126d39b91f2d1e22b017ec"
|
||||
dependencies = [
|
||||
"cesu8",
|
||||
"combine",
|
||||
"jni-sys",
|
||||
"log",
|
||||
"thiserror",
|
||||
"walkdir",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "jni"
|
||||
version = "0.21.1"
|
||||
@ -4410,7 +4424,7 @@ version = "0.6.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e8b61bebd49e5d43f5f8cc7ee2891c16e0f41ec7954d36bcb6c14c5e0de867fb"
|
||||
dependencies = [
|
||||
"jni",
|
||||
"jni 0.21.1",
|
||||
"ndk 0.8.0",
|
||||
"ndk-context",
|
||||
"num-derive",
|
||||
@ -4918,16 +4932,16 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "quinn"
|
||||
version = "0.10.2"
|
||||
version = "0.11.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8cc2c5017e4b43d5995dcea317bc46c1e09404c0a9664d2908f7f02dfe943d75"
|
||||
checksum = "904e3d3ba178131798c6d9375db2b13b34337d489b089fc5ba0825a2ff1bee73"
|
||||
dependencies = [
|
||||
"bytes",
|
||||
"pin-project-lite",
|
||||
"quinn-proto",
|
||||
"quinn-udp",
|
||||
"rustc-hash",
|
||||
"rustls",
|
||||
"rustls 0.23.8",
|
||||
"thiserror",
|
||||
"tokio",
|
||||
"tracing",
|
||||
@ -4935,16 +4949,16 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "quinn-proto"
|
||||
version = "0.10.6"
|
||||
version = "0.11.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "141bf7dfde2fbc246bfd3fe12f2455aa24b0fbd9af535d8c86c7bd1381ff2b1a"
|
||||
checksum = "e974563a4b1c2206bbc61191ca4da9c22e4308b4c455e8906751cc7828393f08"
|
||||
dependencies = [
|
||||
"bytes",
|
||||
"rand 0.8.5",
|
||||
"ring 0.16.20",
|
||||
"ring",
|
||||
"rustc-hash",
|
||||
"rustls",
|
||||
"rustls-native-certs",
|
||||
"rustls 0.23.8",
|
||||
"rustls-platform-verifier",
|
||||
"slab",
|
||||
"thiserror",
|
||||
"tinyvec",
|
||||
@ -4953,15 +4967,15 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "quinn-udp"
|
||||
version = "0.4.1"
|
||||
version = "0.5.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "055b4e778e8feb9f93c4e439f71dc2156ef13360b432b799e179a8c4cdf0b1d7"
|
||||
checksum = "e4f0def2590301f4f667db5a77f9694fb004f82796dc1a8b1508fafa3d0e8b72"
|
||||
dependencies = [
|
||||
"bytes",
|
||||
"libc",
|
||||
"once_cell",
|
||||
"socket2",
|
||||
"tracing",
|
||||
"windows-sys 0.48.0",
|
||||
"windows-sys 0.52.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@ -5143,7 +5157,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "54077e1872c46788540de1ea3d7f4ccb1983d12f9aa909b234468676c1a36779"
|
||||
dependencies = [
|
||||
"pem",
|
||||
"ring 0.17.8",
|
||||
"ring",
|
||||
"rustls-pki-types",
|
||||
"time",
|
||||
"yasna",
|
||||
@ -5304,21 +5318,6 @@ dependencies = [
|
||||
"quick-error",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ring"
|
||||
version = "0.16.20"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
|
||||
dependencies = [
|
||||
"cc",
|
||||
"libc",
|
||||
"once_cell",
|
||||
"spin 0.5.2",
|
||||
"untrusted 0.7.1",
|
||||
"web-sys",
|
||||
"winapi",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ring"
|
||||
version = "0.17.8"
|
||||
@ -5329,8 +5328,8 @@ dependencies = [
|
||||
"cfg-if 1.0.0",
|
||||
"getrandom 0.2.15",
|
||||
"libc",
|
||||
"spin 0.9.8",
|
||||
"untrusted 0.9.0",
|
||||
"spin",
|
||||
"untrusted",
|
||||
"windows-sys 0.52.0",
|
||||
]
|
||||
|
||||
@ -5482,11 +5481,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e"
|
||||
dependencies = [
|
||||
"log",
|
||||
"ring 0.17.8",
|
||||
"rustls-webpki",
|
||||
"ring",
|
||||
"rustls-webpki 0.101.7",
|
||||
"sct",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rustls"
|
||||
version = "0.23.8"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "79adb16721f56eb2d843e67676896a61ce7a0fa622dc18d3e372477a029d2740"
|
||||
dependencies = [
|
||||
"once_cell",
|
||||
"ring",
|
||||
"rustls-pki-types",
|
||||
"rustls-webpki 0.102.4",
|
||||
"subtle",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rustls-native-certs"
|
||||
version = "0.6.3"
|
||||
@ -5499,6 +5512,19 @@ dependencies = [
|
||||
"security-framework",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rustls-native-certs"
|
||||
version = "0.7.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8f1fb85efa936c42c6d5fc28d2629bb51e4b2f4b8a5211e297d599cc5a093792"
|
||||
dependencies = [
|
||||
"openssl-probe",
|
||||
"rustls-pemfile 2.1.2",
|
||||
"rustls-pki-types",
|
||||
"schannel",
|
||||
"security-framework",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rustls-pemfile"
|
||||
version = "1.0.4"
|
||||
@ -5524,14 +5550,52 @@ version = "1.7.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d"
|
||||
|
||||
[[package]]
|
||||
name = "rustls-platform-verifier"
|
||||
version = "0.3.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b5f0d26fa1ce3c790f9590868f0109289a044acb954525f933e2aa3b871c157d"
|
||||
dependencies = [
|
||||
"core-foundation",
|
||||
"core-foundation-sys",
|
||||
"jni 0.19.0",
|
||||
"log",
|
||||
"once_cell",
|
||||
"rustls 0.23.8",
|
||||
"rustls-native-certs 0.7.0",
|
||||
"rustls-platform-verifier-android",
|
||||
"rustls-webpki 0.102.4",
|
||||
"security-framework",
|
||||
"security-framework-sys",
|
||||
"webpki-roots",
|
||||
"winapi",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rustls-platform-verifier-android"
|
||||
version = "0.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "84e217e7fdc8466b5b35d30f8c0a30febd29173df4a3a0c2115d306b9c4117ad"
|
||||
|
||||
[[package]]
|
||||
name = "rustls-webpki"
|
||||
version = "0.101.7"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
|
||||
dependencies = [
|
||||
"ring 0.17.8",
|
||||
"untrusted 0.9.0",
|
||||
"ring",
|
||||
"untrusted",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rustls-webpki"
|
||||
version = "0.102.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e"
|
||||
dependencies = [
|
||||
"ring",
|
||||
"rustls-pki-types",
|
||||
"untrusted",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@ -5640,8 +5704,8 @@ version = "0.7.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
|
||||
dependencies = [
|
||||
"ring 0.17.8",
|
||||
"untrusted 0.9.0",
|
||||
"ring",
|
||||
"untrusted",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@ -5690,6 +5754,7 @@ dependencies = [
|
||||
"core-foundation",
|
||||
"core-foundation-sys",
|
||||
"libc",
|
||||
"num-bigint 0.4.5",
|
||||
"security-framework-sys",
|
||||
]
|
||||
|
||||
@ -6095,12 +6160,6 @@ dependencies = [
|
||||
"syn 1.0.109",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "spin"
|
||||
version = "0.5.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
|
||||
|
||||
[[package]]
|
||||
name = "spin"
|
||||
version = "0.9.8"
|
||||
@ -6241,6 +6300,12 @@ dependencies = [
|
||||
"syn 2.0.65",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "subtle"
|
||||
version = "2.5.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc"
|
||||
|
||||
[[package]]
|
||||
name = "sum_type"
|
||||
version = "0.2.0"
|
||||
@ -6525,7 +6590,7 @@ version = "0.24.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
|
||||
dependencies = [
|
||||
"rustls",
|
||||
"rustls 0.21.12",
|
||||
"tokio",
|
||||
]
|
||||
|
||||
@ -6878,12 +6943,6 @@ version = "0.2.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c"
|
||||
|
||||
[[package]]
|
||||
name = "untrusted"
|
||||
version = "0.7.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
|
||||
|
||||
[[package]]
|
||||
name = "untrusted"
|
||||
version = "0.9.0"
|
||||
@ -6977,7 +7036,7 @@ dependencies = [
|
||||
"quinn",
|
||||
"rayon",
|
||||
"ron",
|
||||
"rustls",
|
||||
"rustls 0.23.8",
|
||||
"rustyline",
|
||||
"serde",
|
||||
"specs",
|
||||
@ -7211,7 +7270,7 @@ dependencies = [
|
||||
"quinn",
|
||||
"rand 0.8.5",
|
||||
"rcgen",
|
||||
"rustls",
|
||||
"rustls 0.23.8",
|
||||
"serde",
|
||||
"shellexpand 3.1.0",
|
||||
"socket2",
|
||||
@ -7301,7 +7360,7 @@ dependencies = [
|
||||
"refinery",
|
||||
"ron",
|
||||
"rusqlite",
|
||||
"rustls",
|
||||
"rustls 0.23.8",
|
||||
"rustls-pemfile 2.1.2",
|
||||
"schnellru",
|
||||
"serde",
|
||||
@ -8215,6 +8274,15 @@ dependencies = [
|
||||
"wasm-bindgen",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "webpki-roots"
|
||||
version = "0.26.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b3de34ae270483955a94f4b21bdaaeb83d508bb84a01435f393818edb0012009"
|
||||
dependencies = [
|
||||
"rustls-pki-types",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wfd"
|
||||
version = "0.1.7"
|
||||
@ -9011,6 +9079,12 @@ dependencies = [
|
||||
"syn 2.0.65",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "zeroize"
|
||||
version = "1.8.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde"
|
||||
|
||||
[[package]]
|
||||
name = "zstd"
|
||||
version = "0.13.1"
|
||||
|
@ -134,7 +134,7 @@ tokio = { version = "1.28", default-features = false, features = ["rt"] }
|
||||
tracing = { version = "0.1" }
|
||||
futures-util = { version = "0.3.7", default-features = false }
|
||||
prometheus = { version = "0.13", default-features = false }
|
||||
prometheus-hyper = "0.1.4"
|
||||
prometheus-hyper = "0.1.5"
|
||||
|
||||
strum = { version = "0.24", features = ["derive"] }
|
||||
enum-map = { version = "2.4" }
|
||||
@ -161,9 +161,8 @@ async-trait = "0.1.42"
|
||||
sha2 = "0.10"
|
||||
hex = "0.4.3"
|
||||
|
||||
#TODO add features = ["std"] in 0.22
|
||||
rustls = { version = "0.21", default-features = false }
|
||||
quinn = { version = "0.10" }
|
||||
rustls = { version = "0.23", default-features = false, features = ["std"] }
|
||||
quinn = { version = "0.11" }
|
||||
|
||||
[patch.crates-io]
|
||||
# until next specs release
|
||||
|
@ -38,7 +38,7 @@ network = { package = "veloren-network", path = "../network", features = [
|
||||
byteorder = "1.3.2"
|
||||
tokio = { workspace = true, features = ["rt-multi-thread"] }
|
||||
quinn = { workspace = true, features = ["rustls"] }
|
||||
rustls = { workspace = true, features = ["dangerous_configuration"] }
|
||||
rustls = { workspace = true }
|
||||
hickory-resolver = { version = "0.24.0", features = [
|
||||
"system-config",
|
||||
"tokio-runtime",
|
||||
|
@ -78,7 +78,7 @@ use image::DynamicImage;
|
||||
use network::{ConnectAddr, Network, Participant, Pid, Stream};
|
||||
use num::traits::FloatConst;
|
||||
use rayon::prelude::*;
|
||||
use rustls::client::ServerCertVerified;
|
||||
use rustls::client::danger::ServerCertVerified;
|
||||
use specs::Component;
|
||||
use std::{
|
||||
collections::{BTreeMap, VecDeque},
|
||||
@ -86,7 +86,7 @@ use std::{
|
||||
mem,
|
||||
path::PathBuf,
|
||||
sync::Arc,
|
||||
time::{Duration, Instant, SystemTime},
|
||||
time::{Duration, Instant},
|
||||
};
|
||||
use tokio::runtime::Runtime;
|
||||
use tracing::{debug, error, trace, warn};
|
||||
@ -352,34 +352,74 @@ async fn connect_quic(
|
||||
validate_tls: bool,
|
||||
) -> Result<network::Participant, crate::error::Error> {
|
||||
let config = if validate_tls {
|
||||
quinn::ClientConfig::with_native_roots()
|
||||
quinn::ClientConfig::with_platform_verifier()
|
||||
} else {
|
||||
warn!(
|
||||
"skipping validation of server identity. There is no guarantee that the server you're \
|
||||
connected to is the one you expect to be connecting to."
|
||||
);
|
||||
#[derive(Debug)]
|
||||
struct Verifier;
|
||||
impl rustls::client::ServerCertVerifier for Verifier {
|
||||
impl rustls::client::danger::ServerCertVerifier for Verifier {
|
||||
fn verify_server_cert(
|
||||
&self,
|
||||
_: &rustls::Certificate,
|
||||
_: &[rustls::Certificate],
|
||||
_: &rustls::ServerName,
|
||||
_: &mut dyn Iterator<Item = &[u8]>,
|
||||
_: &[u8],
|
||||
_: SystemTime,
|
||||
_end_entity: &rustls::pki_types::CertificateDer<'_>,
|
||||
_intermediates: &[rustls::pki_types::CertificateDer<'_>],
|
||||
_server_name: &rustls::pki_types::ServerName<'_>,
|
||||
_ocsp_response: &[u8],
|
||||
_now: rustls::pki_types::UnixTime,
|
||||
) -> Result<ServerCertVerified, rustls::Error> {
|
||||
Ok(ServerCertVerified::assertion())
|
||||
}
|
||||
|
||||
fn verify_tls12_signature(
|
||||
&self,
|
||||
_message: &[u8],
|
||||
_cert: &rustls::pki_types::CertificateDer<'_>,
|
||||
_dss: &rustls::DigitallySignedStruct,
|
||||
) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error>
|
||||
{
|
||||
Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
|
||||
}
|
||||
|
||||
fn verify_tls13_signature(
|
||||
&self,
|
||||
_message: &[u8],
|
||||
_cert: &rustls::pki_types::CertificateDer<'_>,
|
||||
_dss: &rustls::DigitallySignedStruct,
|
||||
) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error>
|
||||
{
|
||||
Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
|
||||
}
|
||||
|
||||
fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
|
||||
vec![
|
||||
rustls::SignatureScheme::RSA_PKCS1_SHA1,
|
||||
rustls::SignatureScheme::ECDSA_SHA1_Legacy,
|
||||
rustls::SignatureScheme::RSA_PKCS1_SHA256,
|
||||
rustls::SignatureScheme::ECDSA_NISTP256_SHA256,
|
||||
rustls::SignatureScheme::RSA_PKCS1_SHA384,
|
||||
rustls::SignatureScheme::ECDSA_NISTP384_SHA384,
|
||||
rustls::SignatureScheme::RSA_PKCS1_SHA512,
|
||||
rustls::SignatureScheme::ECDSA_NISTP521_SHA512,
|
||||
rustls::SignatureScheme::RSA_PSS_SHA256,
|
||||
rustls::SignatureScheme::RSA_PSS_SHA384,
|
||||
rustls::SignatureScheme::RSA_PSS_SHA512,
|
||||
rustls::SignatureScheme::ED25519,
|
||||
rustls::SignatureScheme::ED448,
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
let mut cfg = rustls::ClientConfig::builder()
|
||||
.with_safe_defaults()
|
||||
.dangerous()
|
||||
.with_custom_certificate_verifier(Arc::new(Verifier))
|
||||
.with_no_client_auth();
|
||||
cfg.enable_early_data = true;
|
||||
|
||||
quinn::ClientConfig::new(Arc::new(cfg))
|
||||
quinn::ClientConfig::new(Arc::new(
|
||||
quinn::crypto::rustls::QuicClientConfig::try_from(cfg).unwrap(),
|
||||
))
|
||||
};
|
||||
|
||||
addr::try_connect(network, &hostname, override_port, prefer_ipv6, |a| {
|
||||
|
@ -339,7 +339,7 @@ impl Protocols {
|
||||
// a reverse DNS lookup
|
||||
let connect_addr = ConnectAddr::Quic(
|
||||
addr,
|
||||
quinn::ClientConfig::with_native_roots(),
|
||||
quinn::ClientConfig::with_platform_verifier(),
|
||||
"TODO_remote_hostname".to_string(),
|
||||
);
|
||||
let _ = c2s_protocol_s.send((quic, connect_addr, cid));
|
||||
|
@ -1,4 +1,5 @@
|
||||
use lazy_static::*;
|
||||
use rustls::pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer};
|
||||
use std::{
|
||||
net::{Ipv4Addr, SocketAddr},
|
||||
sync::{
|
||||
@ -108,15 +109,16 @@ pub fn quic() -> (ListenAddr, ConnectAddr) {
|
||||
let key = cert.key_pair.serialize_der();
|
||||
let cert = cert.cert.der();
|
||||
|
||||
let key = rustls::PrivateKey(key);
|
||||
let cert = rustls::Certificate((*cert).to_vec());
|
||||
let key = PrivateKeyDer::from(PrivatePkcs8KeyDer::from(key));
|
||||
|
||||
let mut root_store = rustls::RootCertStore::empty();
|
||||
root_store.add(&cert).expect("cannot add cert to rootstore");
|
||||
root_store
|
||||
.add(cert.clone())
|
||||
.expect("cannot add cert to rootstore");
|
||||
|
||||
let server_config = quinn::ServerConfig::with_single_cert(vec![cert], key)
|
||||
let server_config = quinn::ServerConfig::with_single_cert(vec![cert.clone()], key)
|
||||
.expect("Server Config Cert/Key failed");
|
||||
let client_config = quinn::ClientConfig::with_root_certificates(root_store);
|
||||
let client_config = quinn::ClientConfig::with_root_certificates(Arc::new(root_store)).unwrap();
|
||||
use std::net::IpAddr;
|
||||
(
|
||||
ListenAddr::Quic(
|
||||
|
@ -111,6 +111,7 @@ use persistence::{
|
||||
character_updater::CharacterUpdater,
|
||||
};
|
||||
use prometheus::Registry;
|
||||
use rustls::pki_types::{CertificateDer, PrivateKeyDer};
|
||||
use specs::{
|
||||
shred::SendDispatcher, Builder, Entity as EcsEntity, Entity, Join, LendJoin, WorldExt,
|
||||
};
|
||||
@ -549,14 +550,14 @@ impl Server {
|
||||
match || -> Result<_, Box<dyn std::error::Error>> {
|
||||
let key = fs::read(key_file_path)?;
|
||||
let key = if key_file_path.extension().map_or(false, |x| x == "der") {
|
||||
rustls::PrivateKey(key)
|
||||
PrivateKeyDer::try_from(key).map_err(|_| "No valid pem key in file")?
|
||||
} else {
|
||||
debug!("convert pem key to der");
|
||||
let key = rustls_pemfile::read_all(&mut key.as_slice())
|
||||
rustls_pemfile::read_all(&mut key.as_slice())
|
||||
.find_map(|item| match item {
|
||||
Ok(Item::Pkcs1Key(v)) => Some(v.secret_pkcs1_der().into()),
|
||||
Ok(Item::Pkcs8Key(v)) => Some(v.secret_pkcs8_der().into()),
|
||||
Ok(Item::Sec1Key(_)) => None,
|
||||
Ok(Item::Pkcs1Key(v)) => Some(PrivateKeyDer::Pkcs1(v)),
|
||||
Ok(Item::Pkcs8Key(v)) => Some(PrivateKeyDer::Pkcs8(v)),
|
||||
Ok(Item::Sec1Key(v)) => Some(PrivateKeyDer::Sec1(v)),
|
||||
Ok(Item::Crl(_)) => None,
|
||||
Ok(Item::Csr(_)) => None,
|
||||
Ok(Item::X509Certificate(_)) => None,
|
||||
@ -566,18 +567,17 @@ impl Server {
|
||||
None
|
||||
},
|
||||
})
|
||||
.ok_or("No valid pem key in file")?;
|
||||
rustls::PrivateKey(key)
|
||||
.ok_or("No valid pem key in file")?
|
||||
};
|
||||
let cert_chain = fs::read(cert_file_path)?;
|
||||
let cert_chain = if cert_file_path.extension().map_or(false, |x| x == "der")
|
||||
{
|
||||
vec![rustls::Certificate(cert_chain)]
|
||||
vec![CertificateDer::from(cert_chain)]
|
||||
} else {
|
||||
debug!("convert pem cert to der");
|
||||
rustls_pemfile::certs(&mut cert_chain.as_slice())
|
||||
.filter_map(|item| match item {
|
||||
Ok(cert) => Some(rustls::Certificate(cert.to_vec())),
|
||||
Ok(cert) => Some(cert),
|
||||
Err(e) => {
|
||||
tracing::warn!(?e, "error while reading cert_file");
|
||||
None
|
||||
|
Loading…
Reference in New Issue
Block a user