From 52e685dbc8bcf996b62e2283d2784b21ac355630 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 25 Oct 2024 11:50:02 +0200 Subject: [PATCH] Use new rustls-pki-types PEM API --- Cargo.lock | 18 ++++-------------- Cargo.toml | 3 +-- examples/client.rs | 8 +++----- examples/server.rs | 27 +++++++-------------------- tests/utils.rs | 19 +++++++++---------- 5 files changed, 24 insertions(+), 51 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f303c53..a12cc63 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -635,9 +635,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.14" +version = "0.23.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "415d9944693cb90382053259f89fbb077ea730ad7273047ec63b19bc9b160ba8" +checksum = "5fbb44d7acc4e873d613422379f69f237a1b141928c02f6bc6ccfddddc2d7993" dependencies = [ "aws-lc-rs", "log", @@ -649,20 +649,11 @@ dependencies = [ "zeroize", ] -[[package]] -name = "rustls-pemfile" -version = "2.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50" -dependencies = [ - "rustls-pki-types", -] - [[package]] name = "rustls-pki-types" -version = "1.9.0" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e696e35370c65c9c541198af4543ccd580cf17fc25d8e05c5a242b202488c55" +checksum = "16f1201b3c9a7ee8039bcadc17b7e605e2945b27eee7631788c1bd2b0643674b" [[package]] name = "rustls-webpki" @@ -822,7 +813,6 @@ dependencies = [ "lazy_static", "rcgen", "rustls", - "rustls-pemfile", "tokio", "webpki-roots", ] diff --git a/Cargo.toml b/Cargo.toml index fdb781b..a32176f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -13,7 +13,7 @@ rust-version = "1.63" exclude = ["/.github", "/examples", "/scripts"] [dependencies] -rustls = { version = "0.23.5", default-features = false, features = ["std"] } +rustls = { version = "0.23.15", default-features = false, features = ["std"] } tokio = "1.0" [features] @@ -31,6 +31,5 @@ argh = "0.1.1" futures-util = "0.3.1" lazy_static = "1.1" rcgen = { version = "0.13", features = ["pem"] } -rustls-pemfile = "2" tokio = { version = "1.0", features = ["full"] } webpki-roots = "0.26" diff --git a/examples/client.rs b/examples/client.rs index 90dc3e6..5687e30 100644 --- a/examples/client.rs +++ b/examples/client.rs @@ -1,13 +1,12 @@ use std::error::Error as StdError; -use std::fs::File; use std::io; -use std::io::BufReader; use std::net::ToSocketAddrs; use std::path::PathBuf; use std::sync::Arc; use argh::FromArgs; -use rustls::pki_types::ServerName; +use rustls::pki_types::pem::PemObject; +use rustls::pki_types::{CertificateDer, ServerName}; use tokio::io::{copy, split, stdin as tokio_stdin, stdout as tokio_stdout, AsyncWriteExt}; use tokio::net::TcpStream; use tokio_rustls::{rustls, TlsConnector}; @@ -45,8 +44,7 @@ async fn main() -> Result<(), Box> { let mut root_cert_store = rustls::RootCertStore::empty(); if let Some(cafile) = &options.cafile { - let mut pem = BufReader::new(File::open(cafile)?); - for cert in rustls_pemfile::certs(&mut pem) { + for cert in CertificateDer::pem_file_iter(&cafile)? { root_cert_store.add(cert?)?; } } else { diff --git a/examples/server.rs b/examples/server.rs index 57a2cff..7666b07 100644 --- a/examples/server.rs +++ b/examples/server.rs @@ -1,13 +1,13 @@ -use std::fs::File; -use std::io::{self, BufReader, ErrorKind}; +use std::io; use std::net::ToSocketAddrs; -use std::path::{Path, PathBuf}; -use std::sync::Arc; +use std::path::PathBuf; + use std::error::Error as StdError; +use std::sync::Arc; use argh::FromArgs; +use rustls::pki_types::pem::PemObject; use rustls::pki_types::{CertificateDer, PrivateKeyDer}; -use rustls_pemfile::{certs, private_key}; use tokio::io::{copy, sink, split, AsyncWriteExt}; use tokio::net::TcpListener; use tokio_rustls::{rustls, TlsAcceptor}; @@ -32,19 +32,6 @@ struct Options { echo_mode: bool, } -fn load_certs(path: &Path) -> io::Result>> { - certs(&mut BufReader::new(File::open(path)?)).collect() -} - -fn load_key(path: &Path) -> io::Result> { - Ok(private_key(&mut BufReader::new(File::open(path)?)) - .unwrap() - .ok_or(io::Error::new( - ErrorKind::Other, - "no private key found".to_string(), - ))?) -} - #[tokio::main] async fn main() -> Result<(), Box> { let options: Options = argh::from_env(); @@ -54,8 +41,8 @@ async fn main() -> Result<(), Box> { .to_socket_addrs()? .next() .ok_or_else(|| io::Error::from(io::ErrorKind::AddrNotAvailable))?; - let certs = load_certs(&options.cert)?; - let key = load_key(&options.key)?; + let certs = CertificateDer::pem_file_iter(&options.cert)?.collect::, _>>()?; + let key = PrivateKeyDer::from_pem_file(&options.key)?; let flag_echo = options.echo_mode; let config = rustls::ServerConfig::builder() diff --git a/tests/utils.rs b/tests/utils.rs index e9641e9..6b1d9f4 100644 --- a/tests/utils.rs +++ b/tests/utils.rs @@ -1,8 +1,10 @@ mod utils { - use std::io::{BufReader, Cursor, IoSlice}; + use std::io::IoSlice; - use rustls::{ClientConfig, RootCertStore, ServerConfig}; - use rustls_pemfile::{certs, private_key}; + use rustls::{ + pki_types::{pem::PemObject, CertificateDer, PrivateKeyDer}, + ClientConfig, RootCertStore, ServerConfig, + }; use tokio::io::{self, AsyncWrite, AsyncWriteExt}; #[allow(dead_code)] @@ -16,20 +18,17 @@ mod utils { // A private key corresponding to the end-entity server certificate in CHAIN. const EE_KEY: &str = include_str!("certs/end.key"); - let cert = certs(&mut BufReader::new(Cursor::new(CHAIN))) - .map(|result| result.unwrap()) - .collect(); - let key = private_key(&mut BufReader::new(Cursor::new(EE_KEY))) - .unwrap() + let cert = CertificateDer::pem_slice_iter(CHAIN.as_bytes()) + .collect::, _>>() .unwrap(); + let key = PrivateKeyDer::from_pem_slice(EE_KEY.as_bytes()).unwrap(); let sconfig = ServerConfig::builder() .with_no_client_auth() .with_single_cert(cert, key.into()) .unwrap(); let mut client_root_cert_store = RootCertStore::empty(); - let mut roots = BufReader::new(Cursor::new(ROOT)); - for root in certs(&mut roots) { + for root in CertificateDer::pem_slice_iter(ROOT.as_bytes()) { client_root_cert_store.add(root.unwrap()).unwrap(); }