Use new rustls-pki-types PEM API

Cargo.toml

@@ -13,7 +13,7 @@ rust-version = "1.63"
 exclude = ["/.github", "/examples", "/scripts"]
 
 [dependencies]
-rustls = { version = "0.23.5", default-features = false, features = ["std"] }
+rustls = { version = "0.23.15", default-features = false, features = ["std"] }
 tokio = "1.0"
 
 [features]
@@ -31,6 +31,5 @@ argh = "0.1.1"
 futures-util = "0.3.1"
 lazy_static = "1.1"
 rcgen = { version = "0.13", features = ["pem"] }
-rustls-pemfile = "2"
 tokio = { version = "1.0", features = ["full"] }
 webpki-roots = "0.26"

examples/client.rs

@@ -1,13 +1,12 @@
 use std::error::Error as StdError;
-use std::fs::File;
 use std::io;
-use std::io::BufReader;
 use std::net::ToSocketAddrs;
 use std::path::PathBuf;
 use std::sync::Arc;
 
 use argh::FromArgs;
-use rustls::pki_types::ServerName;
+use rustls::pki_types::pem::PemObject;
+use rustls::pki_types::{CertificateDer, ServerName};
 use tokio::io::{copy, split, stdin as tokio_stdin, stdout as tokio_stdout, AsyncWriteExt};
 use tokio::net::TcpStream;
 use tokio_rustls::{rustls, TlsConnector};
@@ -45,8 +44,7 @@ async fn main() -> Result<(), Box<dyn StdError + Send + Sync + 'static>> {
 
     let mut root_cert_store = rustls::RootCertStore::empty();
     if let Some(cafile) = &options.cafile {
-        let mut pem = BufReader::new(File::open(cafile)?);
-        for cert in rustls_pemfile::certs(&mut pem) {
+        for cert in CertificateDer::pem_file_iter(&cafile)? {
             root_cert_store.add(cert?)?;
         }
     } else {

examples/server.rs

@@ -1,13 +1,13 @@
-use std::fs::File;
-use std::io::{self, BufReader, ErrorKind};
+use std::io;
 use std::net::ToSocketAddrs;
-use std::path::{Path, PathBuf};
-use std::sync::Arc;
+use std::path::PathBuf;
+
 use std::error::Error as StdError;
+use std::sync::Arc;
 
 use argh::FromArgs;
+use rustls::pki_types::pem::PemObject;
 use rustls::pki_types::{CertificateDer, PrivateKeyDer};
-use rustls_pemfile::{certs, private_key};
 use tokio::io::{copy, sink, split, AsyncWriteExt};
 use tokio::net::TcpListener;
 use tokio_rustls::{rustls, TlsAcceptor};
@@ -32,19 +32,6 @@ struct Options {
     echo_mode: bool,
 }
 
-fn load_certs(path: &Path) -> io::Result<Vec<CertificateDer<'static>>> {
-    certs(&mut BufReader::new(File::open(path)?)).collect()
-}
-
-fn load_key(path: &Path) -> io::Result<PrivateKeyDer<'static>> {
-    Ok(private_key(&mut BufReader::new(File::open(path)?))
-        .unwrap()
-        .ok_or(io::Error::new(
-            ErrorKind::Other,
-            "no private key found".to_string(),
-        ))?)
-}
-
 #[tokio::main]
 async fn main() -> Result<(), Box<dyn StdError + Send + Sync + 'static>> {
     let options: Options = argh::from_env();
@@ -54,8 +41,8 @@ async fn main() -> Result<(), Box<dyn StdError + Send + Sync + 'static>> {
         .to_socket_addrs()?
         .next()
         .ok_or_else(|| io::Error::from(io::ErrorKind::AddrNotAvailable))?;
-    let certs = load_certs(&options.cert)?;
-    let key = load_key(&options.key)?;
+    let certs = CertificateDer::pem_file_iter(&options.cert)?.collect::<Result<Vec<_>, _>>()?;
+    let key = PrivateKeyDer::from_pem_file(&options.key)?;
     let flag_echo = options.echo_mode;
 
     let config = rustls::ServerConfig::builder()

tests/utils.rs

@@ -1,8 +1,10 @@
 mod utils {
-    use std::io::{BufReader, Cursor, IoSlice};
+    use std::io::IoSlice;
 
-    use rustls::{ClientConfig, RootCertStore, ServerConfig};
-    use rustls_pemfile::{certs, private_key};
+    use rustls::{
+        pki_types::{pem::PemObject, CertificateDer, PrivateKeyDer},
+        ClientConfig, RootCertStore, ServerConfig,
+    };
     use tokio::io::{self, AsyncWrite, AsyncWriteExt};
 
     #[allow(dead_code)]
@@ -16,20 +18,17 @@ mod utils {
         // A private key corresponding to the end-entity server certificate in CHAIN.
         const EE_KEY: &str = include_str!("certs/end.key");
 
-        let cert = certs(&mut BufReader::new(Cursor::new(CHAIN)))
-            .map(|result| result.unwrap())
-            .collect();
-        let key = private_key(&mut BufReader::new(Cursor::new(EE_KEY)))
-            .unwrap()
+        let cert = CertificateDer::pem_slice_iter(CHAIN.as_bytes())
+            .collect::<Result<Vec<_>, _>>()
             .unwrap();
+        let key = PrivateKeyDer::from_pem_slice(EE_KEY.as_bytes()).unwrap();
         let sconfig = ServerConfig::builder()
             .with_no_client_auth()
             .with_single_cert(cert, key.into())
             .unwrap();
 
         let mut client_root_cert_store = RootCertStore::empty();
-        let mut roots = BufReader::new(Cursor::new(ROOT));
-        for root in certs(&mut roots) {
+        for root in CertificateDer::pem_slice_iter(ROOT.as_bytes()) {
             client_root_cert_store.add(root.unwrap()).unwrap();
         }