index : static-web-server.git

ascending towards madness

author Jose Quintana <joseluisquintana20@gmail.com> 2023-05-31 22:51:29.0 +00:00:00
committer Jose Quintana <joseluisquintana20@gmail.com> 2023-05-31 22:51:29.0 +00:00:00
commit 
e8560a0a831236e7e79837f08d4e5bec79450b3e [patch]
tree 
c8a79a5f981b77c64fe15417d6f93039ef4a3be8
parent 
946b4e5d690fba0a63c781e630328c8074acdebf
download 
e8560a0a831236e7e79837f08d4e5bec79450b3e.tar.gz

refactor: tokio-rustls 0.24 for tls client_auth




Diff


 Cargo.lock | 31 +++++++++++++++----------------
 Cargo.toml |  2 +-
 src/tls.rs | 27 ++++++++++++---------------
 3 files changed, 28 insertions(+), 32 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 13cb136..0b68d43 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -954,14 +954,14 @@ dependencies = [

[[package]]
name = "rustls"
version = "0.20.8"
version = "0.21.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fff78fc74d175294f4e83b28343315ffcfb114b156f0185e9741cb5570f50e2f"
checksum = "c911ba11bc8433e811ce56fde130ccf32f5127cab0e0194e9c68c5a5b671791e"
dependencies = [
 "log",
 "ring",
 "rustls-webpki",
 "sct",
 "webpki",
]

[[package]]
@@ -974,6 +974,16 @@ dependencies = [
]

[[package]]
name = "rustls-webpki"
version = "0.100.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d6207cd5ed3d8dca7816f8f3725513a34609c0c765bf652b8c3cb4cfd87db46b"
dependencies = [
 "ring",
 "untrusted",
]

[[package]]
name = "ryu"
version = "1.0.13"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1306,13 +1316,12 @@ dependencies = [

[[package]]
name = "tokio-rustls"
version = "0.23.4"
version = "0.24.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c43ee83903113e03984cb9e5cebe6c04a5116269e900e3ddba8f068a62adda59"
checksum = "e0d409377ff5b1e3ca6437aa86c1eb7d40c134bfec254e44c830defa92669db5"
dependencies = [
 "rustls",
 "tokio",
 "webpki",
]

[[package]]
@@ -1535,16 +1544,6 @@ dependencies = [
]

[[package]]
name = "webpki"
version = "0.22.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd"
dependencies = [
 "ring",
 "untrusted",
]

[[package]]
name = "widestring"
version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
diff --git a/Cargo.toml b/Cargo.toml
index c46273f..5a2c847 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -73,7 +73,7 @@ serde_repr = "0.1"
structopt = { version = "0.3", default-features = false }
chrono = { version = "0.4", default-features = false, features = ["std", "clock"] }
tokio = { version = "1", default-features = false, features = ["rt-multi-thread", "macros", "fs", "io-util", "signal"] }
tokio-rustls = { version = "0.23", optional = true }
tokio-rustls = { version = "0.24", optional = true }
tokio-util = { version = "0.7", default-features = false, features = ["io"] }
toml = "0.5"
tracing = { version = "0.1", default-features = false, features = ["std"] }
diff --git a/src/tls.rs b/src/tls.rs
index 72d8878..4d8788b 100644
--- a/src/tls.rs
+++ b/src/tls.rs
@@ -34,12 +34,12 @@ pub enum TlsConfigError {
    Io(io::Error),
    /// An Error parsing the Certificate
    CertParseError,
    /// An Error parsing a Pkcs8 key
    Pkcs8ParseError,
    /// An Error parsing a Rsa key
    RsaParseError,
    /// Identity PEM is invalid
    InvalidIdentityPem,
    /// An error from an empty key
    EmptyKey,
    /// Unknown private key format
    UnknownPrivateKeyFormat,
    /// An error from an invalid key
    InvalidKey(TlsError),
}
@@ -49,8 +49,8 @@ impl std::fmt::Display for TlsConfigError {
        match self {
            TlsConfigError::Io(err) => err.fmt(f),
            TlsConfigError::CertParseError => write!(f, "certificate parse error"),
            TlsConfigError::Pkcs8ParseError => write!(f, "pkcs8 parse error"),
            TlsConfigError::RsaParseError => write!(f, "rsa parse error"),
            TlsConfigError::InvalidIdentityPem => write!(f, "identity PEM is invalid"),
            TlsConfigError::UnknownPrivateKeyFormat => write!(f, "unknown private key format"),
            TlsConfigError::EmptyKey => write!(f, "key contains no private key"),
            TlsConfigError::InvalidKey(err) => write!(f, "key contains an invalid key, {err}"),
        }
@@ -197,18 +197,14 @@ impl TlsConfigBuilder {

        let mut key = None;
        let mut reader = std::io::Cursor::new(key_vec);
        for item in
            rustls_pemfile::read_all(&mut reader).map_err(|_e| TlsConfigError::Pkcs8ParseError)?
        for item in rustls_pemfile::read_all(&mut reader)
            .map_err(|_e| TlsConfigError::InvalidIdentityPem)?
        {
            match item {
                rustls_pemfile::Item::RSAKey(k) => key = Some(PrivateKey(k)),
                rustls_pemfile::Item::PKCS8Key(k) => key = Some(PrivateKey(k)),
                rustls_pemfile::Item::ECKey(k) => key = Some(PrivateKey(k)),
                _ => {
                    return Err(TlsConfigError::InvalidKey(
                        TlsError::InvalidCertificateData("unknown private key format".to_owned()),
                    ))
                }
                _ => return Err(TlsConfigError::UnknownPrivateKeyFormat),
            }
        }
        let key = match key {
@@ -233,12 +229,13 @@ impl TlsConfigBuilder {
        }

        let client_auth = match self.client_auth {
            TlsClientAuth::Off => NoClientAuth::new(),
            TlsClientAuth::Off => NoClientAuth::boxed(),
            TlsClientAuth::Optional(trust_anchor) => {
                AllowAnyAnonymousOrAuthenticatedClient::new(read_trust_anchor(trust_anchor)?)
                    .boxed()
            }
            TlsClientAuth::Required(trust_anchor) => {
                AllowAnyAuthenticatedClient::new(read_trust_anchor(trust_anchor)?)
                AllowAnyAuthenticatedClient::new(read_trust_anchor(trust_anchor)?).boxed()
            }
        };