Skip to content

Commit

Permalink
fix: rustls 0.22 issues, not ready yet, need tokio-rustls 0.25 first …
Browse files Browse the repository at this point in the history 
…which is unreleased.
  • Loading branch information
@Wicpar
Wicpar committed Dec 4, 2023
1 parent 5d3c2ce commit 3003040
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 16 deletions.
4 changes: 2 additions & 2 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ tower = { version = "0.4", features = ["util"] }
# optional dependencies
## rustls
arc-swap = { version = "1", optional = true }
rustls = { version = "0.22.0", optional = true }
rustls = { version = "0.21", optional = true }
rustls-pemfile = { version = "2.0.0", optional = true }
tokio-rustls = { version = "0.24", optional = true }

Expand All @@ -51,7 +51,7 @@ tokio-openssl = { version = "0.6", optional = true }

[dev-dependencies]
serial_test = "2.0"
axum = "0.7.1"
axum = "0.7"
hyper = { version = "1.0.1", features = ["full"] }
tokio = { version = "1", features = ["full"] }
tower = { version = "0.4", features = ["util"] }
Expand Down
29 changes: 15 additions & 14 deletions src/tls_rustls/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,11 +96,11 @@ impl RustlsAcceptor {
let inner = DefaultAcceptor::new();

#[cfg(not(test))]
let handshake_timeout = Duration::from_secs(10);
let handshake_timeout = Duration::from_secs(10);

// Don't force tests to wait too long.
#[cfg(test)]
let handshake_timeout = Duration::from_secs(1);
let handshake_timeout = Duration::from_secs(1);

Self {
inner,
Expand Down Expand Up @@ -128,9 +128,9 @@ impl<A> RustlsAcceptor<A> {
}

impl<A, I, S> Accept<I, S> for RustlsAcceptor<A>
where
A: Accept<I, S>,
A::Stream: AsyncRead + AsyncWrite + Unpin,
where
A: Accept<I, S>,
A::Stream: AsyncRead + AsyncWrite + Unpin,
{
type Stream = TlsStream<A::Stream>;
type Service = A::Service;
Expand Down Expand Up @@ -283,12 +283,13 @@ fn config_from_der(cert: Vec<Vec<u8>>, key: Vec<u8>) -> io::Result<ServerConfig>
fn config_from_pem(cert: Vec<u8>, key: Vec<u8>) -> io::Result<ServerConfig> {
use rustls_pemfile::Item;

let cert = rustls_pemfile::certs(&mut cert.as_ref())?;
let cert = rustls_pemfile::certs(&mut cert.as_ref()).map(|it| it.map(|it| it.to_vec())).collect::<Result<Vec<_>, _>>()?;
// Check the entire PEM file for the key in case it is not first section
let mut key_vec: Vec<Vec<u8>> = rustls_pemfile::read_all(&mut key.as_ref())?
.into_iter()
.filter_map(|i| match i {
Item::RSAKey(key) | Item::PKCS8Key(key) | Item::ECKey(key) => Some(key),
let mut key_vec: Vec<Vec<u8>> = rustls_pemfile::read_all(&mut key.as_ref())
.filter_map(|i| match i.ok()? {
Item::Sec1Key(key) => Some(key.secret_sec1_der().to_vec()),
Item::Pkcs1Key(key) => Some(key.secret_pkcs1_der().to_vec().into()),
Item::Pkcs8Key(key) => Some(key.secret_pkcs8_der().to_vec().into()),
_ => None,
})
.collect();
Expand Down Expand Up @@ -376,8 +377,8 @@ mod tests {
"examples/self-signed-certs/cert.pem",
"examples/self-signed-certs/key.pem",
)
.await
.unwrap();
.await
.unwrap();

let server_handle = handle.clone();
let rustls_config = config.clone();
Expand Down Expand Up @@ -505,7 +506,7 @@ mod tests {
"examples/self-signed-certs/cert.pem",
"examples/self-signed-certs/key.pem",
)
.await?;
.await?;

let addr = SocketAddr::from(([127, 0, 0, 1], 0));

Expand Down Expand Up @@ -565,7 +566,7 @@ mod tests {
_end_entity: &Certificate,
_intermediates: &[Certificate],
_server_name: &ServerName,
_scts: &mut dyn Iterator<Item = &[u8]>,
_scts: &mut dyn Iterator<Item=&[u8]>,
_ocsp_response: &[u8],
_now: SystemTime,
) -> Result<ServerCertVerified, rustls::Error> {
Expand Down

0 comments on commit 3003040

Please sign in to comment.