From 83e4277ff0e8dc3c8faed136b7181122e57a4d96 Mon Sep 17 00:00:00 2001 From: Jose Quintana <1700322+joseluisq@users.noreply.github.com> Date: Sat, 20 Jan 2024 00:15:15 +0100 Subject: [PATCH] refactor: migrate to tokio-rustls 0.25 (#303) - rustls 0.22 - rustls-pemfile 2.0 - bytes 1.5 --- Cargo.lock | 39 ++++++++++++++++++++------------------- Cargo.toml | 8 ++++---- src/tls.rs | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++---------------------------------- tests/tls/local.dev_cert.ecc.pem | 12 ------------ tests/tls/local.dev_cert.pem | 26 -------------------------- tests/tls/local.dev_cert.pkcs8.pem | 26 ++++++++++++++++++++++++++ tests/tls/local.dev_cert.rsa_pkcs1.pem | 22 ++++++++++++++++++++++ tests/tls/local.dev_cert.sec1_ec.pem | 12 ++++++++++++ tests/tls/local.dev_key.ecc.pem | 5 ----- tests/tls/local.dev_key.pem | 28 ---------------------------- tests/tls/local.dev_key.pkcs8.pem | 28 ++++++++++++++++++++++++++++ tests/tls/local.dev_key.rsa_pkcs1.pem | 27 +++++++++++++++++++++++++++ tests/tls/local.dev_key.sec1_ec.pem | 5 +++++ tests/toml/config.toml | 4 ++-- 14 files changed, 199 insertions(+), 130 deletions(-) delete mode 100644 tests/tls/local.dev_cert.ecc.pem delete mode 100644 tests/tls/local.dev_cert.pem create mode 100644 tests/tls/local.dev_cert.pkcs8.pem create mode 100644 tests/tls/local.dev_cert.rsa_pkcs1.pem create mode 100644 tests/tls/local.dev_cert.sec1_ec.pem delete mode 100644 tests/tls/local.dev_key.ecc.pem delete mode 100644 tests/tls/local.dev_key.pem create mode 100644 tests/tls/local.dev_key.pkcs8.pem create mode 100644 tests/tls/local.dev_key.rsa_pkcs1.pem create mode 100644 tests/tls/local.dev_key.sec1_ec.pem diff --git a/Cargo.lock b/Cargo.lock index 669ceb4..220523d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -981,32 +981,42 @@ checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" [[package]] name = "rustls" -version = "0.21.10" +version = "0.22.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" +checksum = "e87c9956bd9807afa1f77e0f7594af32566e830e088a5576d27c5b6f30f49d41" dependencies = [ "log", "ring", + "rustls-pki-types", "rustls-webpki", - "sct", + "subtle", + "zeroize", ] [[package]] name = "rustls-pemfile" -version = "1.0.4" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" +checksum = "35e4980fa29e4c4b212ffb3db068a564cbf560e51d3944b7c88bd8bf5bec64f4" dependencies = [ "base64", + "rustls-pki-types", ] [[package]] +name = "rustls-pki-types" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e9d979b3ce68192e42760c7810125eb6cf2ea10efae545a156063e61f314e2a" + +[[package]] name = "rustls-webpki" -version = "0.101.7" +version = "0.102.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" +checksum = "ef4ca26037c909dedb327b48c3327d0ba91d3dd3c4e05dad328f210ffb68e95b" dependencies = [ "ring", + "rustls-pki-types", "untrusted", ] @@ -1023,16 +1033,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] -name = "sct" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" -dependencies = [ - "ring", - "untrusted", -] - -[[package]] name = "serde" version = "1.0.195" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1301,11 +1301,12 @@ dependencies = [ [[package]] name = "tokio-rustls" -version = "0.24.1" +version = "0.25.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" +checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f" dependencies = [ "rustls", + "rustls-pki-types", "tokio", ] diff --git a/Cargo.toml b/Cargo.toml index a7f33dd..9d2fdbe 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -57,7 +57,7 @@ aho-corasick = "1.1" anyhow = "1.0" async-compression = { version = "0.4", default-features = false, optional = true, features = ["brotli", "deflate", "gzip", "zstd", "tokio"] } bcrypt = { version = "0.15", optional = true } -bytes = "1.4" +bytes = "1.5" chrono = { version = "0.4", default-features = false, features = ["std", "clock"], optional = true } clap = { version = "4.4", features = ["derive", "env"] } form_urlencoded = "1.2" @@ -74,12 +74,12 @@ num_cpus = { version = "1.16" } percent-encoding = "2.3" pin-project = "1.1" regex = "1.10" -rustls-pemfile = { version = "1.0", optional = true } +rustls-pemfile = { version = "2.0", optional = true } serde = { version = "1.0", default-features = false, features = ["derive"] } serde_ignored = "0.1" serde_repr = "0.1" tokio = { version = "1", default-features = false, features = ["rt-multi-thread", "macros", "fs", "io-util", "signal"] } -tokio-rustls = { version = "0.24", optional = true } +tokio-rustls = { version = "0.25", optional = true } tokio-util = { version = "0.7", default-features = false, features = ["io"] } toml = "0.8" tracing = { version = "0.1", default-features = false, features = ["std"] } @@ -96,7 +96,7 @@ signal-hook-tokio = { version = "0.3", features = ["futures-v0_3"], default-feat windows-service = "0.6" [dev-dependencies] -bytes = "1.4" +bytes = "1.5" serde_json = "1.0" [profile.release] diff --git a/src/tls.rs b/src/tls.rs index 28265d4..b638972 100644 --- a/src/tls.rs +++ b/src/tls.rs @@ -20,9 +20,7 @@ use std::pin::Pin; use std::sync::Arc; use std::task::{Context, Poll}; use tokio::io::{AsyncRead, AsyncWrite, ReadBuf}; -use tokio_rustls::rustls::{ - server::NoClientAuth, Certificate, Error as TlsError, PrivateKey, ServerConfig, -}; +use tokio_rustls::rustls::{pki_types::PrivateKeyDer, Error as TlsError, ServerConfig}; use crate::transport::Transport; @@ -113,42 +111,42 @@ impl TlsConfigBuilder { pub fn build(mut self) -> Result { let mut cert_rdr = BufReader::new(self.cert); let cert = rustls_pemfile::certs(&mut cert_rdr) - .map_err(|_e| TlsConfigError::CertParseError)? - .into_iter() - .map(Certificate) - .collect(); + .collect::, _>>() + .map_err(|_e| TlsConfigError::CertParseError)?; // convert it to Vec to allow reading it again if key is RSA - let mut key_vec = Vec::new(); + let mut key_buf = Vec::new(); self.key - .read_to_end(&mut key_vec) + .read_to_end(&mut key_buf) .map_err(TlsConfigError::Io)?; - if key_vec.is_empty() { + if key_buf.is_empty() { return Err(TlsConfigError::EmptyKey); } - let mut key = None; - let mut reader = std::io::Cursor::new(key_vec); - for item in rustls_pemfile::read_all(&mut reader) - .map_err(|_e| TlsConfigError::InvalidIdentityPem)? - { - match item { - rustls_pemfile::Item::RSAKey(k) => key = Some(PrivateKey(k)), - rustls_pemfile::Item::PKCS8Key(k) => key = Some(PrivateKey(k)), - rustls_pemfile::Item::ECKey(k) => key = Some(PrivateKey(k)), + let mut key: Option> = None; + let mut reader = Cursor::new(key_buf); + for item in std::iter::from_fn(|| rustls_pemfile::read_one(&mut reader).transpose()) { + match item.map_err(|_e| TlsConfigError::InvalidIdentityPem)? { + // rsa pkcs1 key + rustls_pemfile::Item::Pkcs1Key(k) => key = Some(k.into()), + // pkcs8 key + rustls_pemfile::Item::Pkcs8Key(k) => key = Some(k.into()), + // sec1 ec key + rustls_pemfile::Item::Sec1Key(k) => key = Some(k.into()), + // unknown format _ => return Err(TlsConfigError::UnknownPrivateKeyFormat), } } + let key = match key { Some(k) => k, _ => return Err(TlsConfigError::EmptyKey), }; let mut config = ServerConfig::builder() - .with_safe_defaults() - .with_client_cert_verifier(NoClientAuth::boxed()) - .with_single_cert_with_ocsp_and_sct(cert, key, Vec::new(), Vec::new()) + .with_no_client_auth() + .with_single_cert(cert, key) .map_err(TlsConfigError::InvalidKey)?; config.alpn_protocols = vec!["h2".into(), "http/1.1".into()]; Ok(config) @@ -313,18 +311,39 @@ mod tests { use super::*; #[test] - fn file_cert_key() { + fn file_cert_key_rsa_pkcs1() { + TlsConfigBuilder::new() + .cert_path("tests/tls/local.dev_cert.rsa_pkcs1.pem") + .key_path("tests/tls/local.dev_key.rsa_pkcs1.pem") + .build() + .unwrap(); + } + + #[test] + fn bytes_cert_key_rsa_pkcs1() { + let cert = include_str!("../tests/tls/local.dev_cert.rsa_pkcs1.pem"); + let key = include_str!("../tests/tls/local.dev_key.rsa_pkcs1.pem"); + + TlsConfigBuilder::new() + .key(key.as_bytes()) + .cert(cert.as_bytes()) + .build() + .unwrap(); + } + + #[test] + fn file_cert_key_pkcs8() { TlsConfigBuilder::new() - .cert_path("tests/tls/local.dev_cert.pem") - .key_path("tests/tls/local.dev_key.pem") + .cert_path("tests/tls/local.dev_cert.pkcs8.pem") + .key_path("tests/tls/local.dev_key.pkcs8.pem") .build() .unwrap(); } #[test] - fn bytes_cert_key() { - let cert = include_str!("../tests/tls/local.dev_cert.pem"); - let key = include_str!("../tests/tls/local.dev_key.pem"); + fn bytes_cert_key_pkcs8() { + let cert = include_str!("../tests/tls/local.dev_cert.pkcs8.pem"); + let key = include_str!("../tests/tls/local.dev_key.pkcs8.pem"); TlsConfigBuilder::new() .key(key.as_bytes()) @@ -334,18 +353,18 @@ mod tests { } #[test] - fn file_cert_key_ecc() { + fn file_cert_key_sec1_ec() { TlsConfigBuilder::new() - .cert_path("tests/tls/local.dev_cert.ecc.pem") - .key_path("tests/tls/local.dev_key.ecc.pem") + .cert_path("tests/tls/local.dev_cert.sec1_ec.pem") + .key_path("tests/tls/local.dev_key.sec1_ec.pem") .build() .unwrap(); } #[test] - fn bytes_cert_key_ecc() { - let cert = include_str!("../tests/tls/local.dev_cert.ecc.pem"); - let key = include_str!("../tests/tls/local.dev_key.ecc.pem"); + fn bytes_cert_key_sec1_ec() { + let cert = include_str!("../tests/tls/local.dev_cert.sec1_ec.pem"); + let key = include_str!("../tests/tls/local.dev_key.sec1_ec.pem"); TlsConfigBuilder::new() .key(key.as_bytes()) diff --git a/tests/tls/local.dev_cert.ecc.pem b/tests/tls/local.dev_cert.ecc.pem deleted file mode 100644 index f661a63..0000000 --- a/tests/tls/local.dev_cert.ecc.pem +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBtDCCAVoCCQDFz95/8CeJaDAKBggqhkjOPQQDAjBiMQswCQYDVQQGEwJERTEQ -MA4GA1UECAwHR2VybWFueTEQMA4GA1UEBwwHTGVpcHppZzESMBAGA1UEAwwJbG9j -YWwuZGV2MRswGQYJKoZIhvcNAQkBFgxoaUBsb2NhbC5kZXYwHhcNMjMwNTI4MTk0 -NzA4WhcNMjYwNTI3MTk0NzA4WjBiMQswCQYDVQQGEwJERTEQMA4GA1UECAwHR2Vy -bWFueTEQMA4GA1UEBwwHTGVpcHppZzESMBAGA1UEAwwJbG9jYWwuZGV2MRswGQYJ -KoZIhvcNAQkBFgxoaUBsb2NhbC5kZXYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC -AATZR4F60X+iHjeD6kySZfXljNckDb22QYQ76Ts4GFYWkdDstU6yehxyER+MZWsm -UnTE/Gy3mnpSmMzoSBfoKRmHMAoGCCqGSM49BAMCA0gAMEUCIQChOTwbAYlx6zg0 -yc3Oc+zrNY8Yd8oRUD+cG/wdz+gN/wIgP199zXAPXiYUFFd1CnIYmWJSglaOUbYj -ZP/ixZR9HQs= ------END CERTIFICATE----- diff --git a/tests/tls/local.dev_cert.pem b/tests/tls/local.dev_cert.pem deleted file mode 100644 index dbfa7eb..0000000 --- a/tests/tls/local.dev_cert.pem +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEUDCCArigAwIBAgIRAJ+wfoSa2gGM7bMna/sxtB4wDQYJKoZIhvcNAQELBQAw -YTEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMRswGQYDVQQLDBJqb3Nl -bHVpc3FAcXVpbnRhbmExIjAgBgNVBAMMGW1rY2VydCBqb3NlbHVpc3FAcXVpbnRh -bmEwHhcNMTkwODI1MjIzNDM4WhcNMjkwODI1MjIzNDM4WjBGMScwJQYDVQQKEx5t -a2NlcnQgZGV2ZWxvcG1lbnQgY2VydGlmaWNhdGUxGzAZBgNVBAsMEmpvc2VsdWlz -cUBxdWludGFuYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL7Lg4jL -kuabbfC2Qbv2iU+fCPKMht9LUT16VBh0cOxqpd75aTj6qikaDmYQZYJcAJYD2Hfh -fgP6dsT6/VRw7oWWYD/h9f7cz9xKjLRl/jBN1ob7VMbzJTFiJ4ajMZI5g/Yy6azC -/HEAlFGkXWfwblJPQdZHoQLksTSaHS5NR7RnmFMkgYxyaqIpkXNqUtyc+f5nUW6t -1VRoVBfG6V+LFY4IRYXoYehI5q+uK6w6jNEDHnDUTLagFc+D2UgMXQtG7TtvHAQz -jjTzpmb4pwmemkdc1xJlRa/1UdsPYHffjE2vUm6xrVJ07zvcxkS9gLwXKLLzuHnU -I2brgY0DdzFx3s0CAwEAAaOBnTCBmjAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAww -CgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBTmeQONv1LFhIi6 -WK47Dmc46TuFBDBEBgNVHREEPTA7gglsb2NhbC5kZXaCCyoubG9jYWwuZGV2ggls -b2NhbGhvc3SHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQAD -ggGBADlgyQy/bwIekxRITUXnArLO9//C+I9hDOVs4GnY6nZJ0XwUOfWHq90U92Yh -YmCcQOBstYclBL9KzVHAOLa0erTEqbh1+2ZRrY8vzAf7RGwaZsE4uj6bB3KdOa00 -zvkyHNYJnvL1xdOJAWckbaMgnBJwEGQGA9Bk5urozDYhbwIZS5PKXGPcLeiHIvn5 -taC4x0fsCk4QkkPhOk92NjUD5t70vGQ5ty69fD11p1GOrC0szHZjnEdeW7SfPtsY -5qES+U9ppbJFeaFK/hhlRSdXjqk4a/P/HdM52QDvkrujk3DJYmNSQGdCa3fxiAnK -ivEBoYVIyVKRrCKNhyw8D4uWEUrMbsoo9/joAJYFOPHeYhSmkxA9HN0GvGBQ1MH4 -zPd9B+hw90f8YokfGOH3dQiHAvvUyb1//uYN1FOlp/a9cTx0Y8oXTZuTvRL/259+ -NjAizN+fctVbGloPEvTlxPkqveLNmzzJBk1bbj+Gt6tPqXN+DecNQMsMRzJ3HFOk -4EcwBQ== ------END CERTIFICATE----- diff --git a/tests/tls/local.dev_cert.pkcs8.pem b/tests/tls/local.dev_cert.pkcs8.pem new file mode 100644 index 0000000..dbfa7eb --- /dev/null +++ b/tests/tls/local.dev_cert.pkcs8.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEUDCCArigAwIBAgIRAJ+wfoSa2gGM7bMna/sxtB4wDQYJKoZIhvcNAQELBQAw +YTEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMRswGQYDVQQLDBJqb3Nl +bHVpc3FAcXVpbnRhbmExIjAgBgNVBAMMGW1rY2VydCBqb3NlbHVpc3FAcXVpbnRh +bmEwHhcNMTkwODI1MjIzNDM4WhcNMjkwODI1MjIzNDM4WjBGMScwJQYDVQQKEx5t +a2NlcnQgZGV2ZWxvcG1lbnQgY2VydGlmaWNhdGUxGzAZBgNVBAsMEmpvc2VsdWlz +cUBxdWludGFuYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL7Lg4jL +kuabbfC2Qbv2iU+fCPKMht9LUT16VBh0cOxqpd75aTj6qikaDmYQZYJcAJYD2Hfh +fgP6dsT6/VRw7oWWYD/h9f7cz9xKjLRl/jBN1ob7VMbzJTFiJ4ajMZI5g/Yy6azC +/HEAlFGkXWfwblJPQdZHoQLksTSaHS5NR7RnmFMkgYxyaqIpkXNqUtyc+f5nUW6t +1VRoVBfG6V+LFY4IRYXoYehI5q+uK6w6jNEDHnDUTLagFc+D2UgMXQtG7TtvHAQz +jjTzpmb4pwmemkdc1xJlRa/1UdsPYHffjE2vUm6xrVJ07zvcxkS9gLwXKLLzuHnU +I2brgY0DdzFx3s0CAwEAAaOBnTCBmjAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBTmeQONv1LFhIi6 +WK47Dmc46TuFBDBEBgNVHREEPTA7gglsb2NhbC5kZXaCCyoubG9jYWwuZGV2ggls +b2NhbGhvc3SHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQELBQAD +ggGBADlgyQy/bwIekxRITUXnArLO9//C+I9hDOVs4GnY6nZJ0XwUOfWHq90U92Yh +YmCcQOBstYclBL9KzVHAOLa0erTEqbh1+2ZRrY8vzAf7RGwaZsE4uj6bB3KdOa00 +zvkyHNYJnvL1xdOJAWckbaMgnBJwEGQGA9Bk5urozDYhbwIZS5PKXGPcLeiHIvn5 +taC4x0fsCk4QkkPhOk92NjUD5t70vGQ5ty69fD11p1GOrC0szHZjnEdeW7SfPtsY +5qES+U9ppbJFeaFK/hhlRSdXjqk4a/P/HdM52QDvkrujk3DJYmNSQGdCa3fxiAnK +ivEBoYVIyVKRrCKNhyw8D4uWEUrMbsoo9/joAJYFOPHeYhSmkxA9HN0GvGBQ1MH4 +zPd9B+hw90f8YokfGOH3dQiHAvvUyb1//uYN1FOlp/a9cTx0Y8oXTZuTvRL/259+ +NjAizN+fctVbGloPEvTlxPkqveLNmzzJBk1bbj+Gt6tPqXN+DecNQMsMRzJ3HFOk +4EcwBQ== +-----END CERTIFICATE----- diff --git a/tests/tls/local.dev_cert.rsa_pkcs1.pem b/tests/tls/local.dev_cert.rsa_pkcs1.pem new file mode 100644 index 0000000..5e1f6f3 --- /dev/null +++ b/tests/tls/local.dev_cert.rsa_pkcs1.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkzCCAnugAwIBAgIUJp3ctAZ+PQ8xARgV54wCRB5l6AUwDQYJKoZIhvcNAQEL +BQAwWTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9jYWwuZGV2MB4X +DTI0MDExOTIyNTE1M1oXDTI5MDExNzIyNTE1M1owWTELMAkGA1UEBhMCQVUxEzAR +BgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5 +IEx0ZDESMBAGA1UEAwwJbG9jYWwuZGV2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEA4R1tUHMq7bmtL3MZovOWehsO29HvMjmRkjzDTS82o38TqHtjCUth +ztizHyrF2fpkeqldblcwtaOxfyqdtcEB46iTi8aaVUerweFHlmsvwjo7jF0CVZ8+ +GIYTtVAkwXR8H0ce5G0CNqyBwo5HItPx9vn6Xd4y/tvidIU8zIARitIaaiWJtBoR +G/x6cCb2RqGrF/zCtG/bsFCjYLBgHbx69jhEvZr+5YuwJmxb44Ns1C0tHfEo687d +dJYD7Ey2qiJecgdBWrE0Qy8nEXb37bnA3HZljW9aEeZonGale8PYryCA2ojk4NvK +f/672ZfkE1SLe1ObgsG6xIAZTArkyoO+BQIDAQABo1MwUTAdBgNVHQ4EFgQU5bG0 +Dvb4RdWXeCb8qeDdhpfxymAwHwYDVR0jBBgwFoAU5bG0Dvb4RdWXeCb8qeDdhpfx +ymAwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAE1P8E5aFBSS7 +S1VNQWyIXlWXZcuNA74BhP9Ny0CPN+wMca4IBZMezb+Y+t8/VueGxQr676B0Fuaw +Di8tZo8T8i/QUsPxE4F4Nm7tGi1Ru6AhiF/erDNGoe01VJW5kjjv/MFD/WHhBMPJ +nQi+ahZeQNjg9QG/RHTpMPOlK1MdllSFLp4oBVOdsUvYQmWjHJzSwKv6XN2YomwL +x8rnTmT6fSyUPdGRmdbr6qdxaUDQcY8j9GXW8KcmRvl77mCkH8v/ZfNU43nx/Cmu +HwhIEAsBD/g7qfQH/WECbWoT3b9SCthWlfdMKvNutnrpP0KRmO0/WWU8SxTkk7hz +XorEyHHayA== +-----END CERTIFICATE----- diff --git a/tests/tls/local.dev_cert.sec1_ec.pem b/tests/tls/local.dev_cert.sec1_ec.pem new file mode 100644 index 0000000..f661a63 --- /dev/null +++ b/tests/tls/local.dev_cert.sec1_ec.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBtDCCAVoCCQDFz95/8CeJaDAKBggqhkjOPQQDAjBiMQswCQYDVQQGEwJERTEQ +MA4GA1UECAwHR2VybWFueTEQMA4GA1UEBwwHTGVpcHppZzESMBAGA1UEAwwJbG9j +YWwuZGV2MRswGQYJKoZIhvcNAQkBFgxoaUBsb2NhbC5kZXYwHhcNMjMwNTI4MTk0 +NzA4WhcNMjYwNTI3MTk0NzA4WjBiMQswCQYDVQQGEwJERTEQMA4GA1UECAwHR2Vy +bWFueTEQMA4GA1UEBwwHTGVpcHppZzESMBAGA1UEAwwJbG9jYWwuZGV2MRswGQYJ +KoZIhvcNAQkBFgxoaUBsb2NhbC5kZXYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC +AATZR4F60X+iHjeD6kySZfXljNckDb22QYQ76Ts4GFYWkdDstU6yehxyER+MZWsm +UnTE/Gy3mnpSmMzoSBfoKRmHMAoGCCqGSM49BAMCA0gAMEUCIQChOTwbAYlx6zg0 +yc3Oc+zrNY8Yd8oRUD+cG/wdz+gN/wIgP199zXAPXiYUFFd1CnIYmWJSglaOUbYj +ZP/ixZR9HQs= +-----END CERTIFICATE----- diff --git a/tests/tls/local.dev_key.ecc.pem b/tests/tls/local.dev_key.ecc.pem deleted file mode 100644 index 9287db7..0000000 --- a/tests/tls/local.dev_key.ecc.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MHcCAQEEIPwp3LAnLEyWe2lLz66Y3QCCJ/BEMJheTM0shZnnSw6toAoGCCqGSM49 -AwEHoUQDQgAE2UeBetF/oh43g+pMkmX15YzXJA29tkGEO+k7OBhWFpHQ7LVOsnoc -chEfjGVrJlJ0xPxst5p6UpjM6EgX6CkZhw== ------END EC PRIVATE KEY----- diff --git a/tests/tls/local.dev_key.pem b/tests/tls/local.dev_key.pem deleted file mode 100644 index d924d4d..0000000 --- a/tests/tls/local.dev_key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC+y4OIy5Lmm23w -tkG79olPnwjyjIbfS1E9elQYdHDsaqXe+Wk4+qopGg5mEGWCXACWA9h34X4D+nbE -+v1UcO6FlmA/4fX+3M/cSoy0Zf4wTdaG+1TG8yUxYieGozGSOYP2MumswvxxAJRR -pF1n8G5ST0HWR6EC5LE0mh0uTUe0Z5hTJIGMcmqiKZFzalLcnPn+Z1FurdVUaFQX -xulfixWOCEWF6GHoSOavriusOozRAx5w1Ey2oBXPg9lIDF0LRu07bxwEM44086Zm -+KcJnppHXNcSZUWv9VHbD2B334xNr1Jusa1SdO873MZEvYC8Fyiy87h51CNm64GN -A3cxcd7NAgMBAAECggEBALSchOR/CY3hvt4qOenMBMnpm5e3rYk9jCctYORRfgBf -KKv94Dy/FUuZTd4SUXVo0GkyNL2vKRJtC/eGPT+tNC4jXvO6XJspvl8j9zRihJCH -brgSvXsj+qZX62DJpYhth90M7yXK4xu51629cWqOMHEcdA97eRD7GkDYTx1grKs5 -7ykYki3NNGQFDncSmQz/ZjHs/W44byVKdKVLUHWeexfkOFZ4tmr4gDcLG+M6f6m3 -TTDOIdh9FvpNBOyg+GDWgJbn1nw6PYF3c2cOMQopRwAQKuHfVwpbF+zzxvtcCTkF -GmsprSdLTeXY4v2RT+kla9Hmgot1XIPY6iMvXUkkhwUCgYEA07BuPYWTxY0gfNo3 -CrTNhhGyW4IA8wjwA57ao71Eg7vzhTub+sMZXCMMpFibIGD3pEcW8hG4ke5ghH3n -4jxNBCtFX0q3OHAbBtStX03iggsDoy8piYLxjHrRp+pxEDncwqFaIhWhR0S5wi/M -u2+hE0A9pWAhc/y+DWnoUZvFTL8CgYEA5rtyavAGMA0m8hN9uwMtmc7gSFp0oo8a -mm1pDFe8Z8Mv/SG16pYAuM3wUa+KqfdRXOf6vHvI4OmX1PuiqocECf6acOJu9lzg -bU0WTwoweusGISY5oYUzQ98lkbOVpGR5+1kslACVQmzvX8+EHqFIbdS2de29TGux -vj9drfYX23MCgYEAobKGwp+h/KiMRFI68QaiZuJlpthq+Tm+fEV/JMuR5j5PCVo7 -DxSv7l0nbvHvrI/lGarjsAwxO+cl+o5h7cG54pFa8CsWQRoAyvrxY3cOqd7X7HI9 -/Df1YiT+uJCvxIEuS80MGDUFeHbanaX9cL8X/qh3bjc71mkckwpu1sdxsekCgYEA -tYjnpeGBTM8cRDw3oSsH9srAxcx9leS3zqakjvR8pLr6h9O9GHu6x6woF2zg0Ydn -uYw/R4qw6tx+/DCbtEWUVPS/uG8/VJCQdw6+raNbr2o4oV4826s8QXtRSMidxQDU -xIBNxYiL5v5ke+J+lcbZgKhqgnBxjq3w47lhUFyeOqcCgYEAy3leJK+E9xtXcCGO -WszUz9LU6UqrTqtiFP29ZLmd+VG17/1bt8az6wChMqUJfHa7i8DuG1hANNmiJimE -lpTJY6rxzoq8wkaUi7MqZnkACeWLnLT9i5BZDPTwsNSxkKezYg7j3zoQVj4d86PN -A/DYsS6Gzzwo60cYfO/Kcfwb6vE= ------END PRIVATE KEY----- diff --git a/tests/tls/local.dev_key.pkcs8.pem b/tests/tls/local.dev_key.pkcs8.pem new file mode 100644 index 0000000..d924d4d --- /dev/null +++ b/tests/tls/local.dev_key.pkcs8.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC+y4OIy5Lmm23w +tkG79olPnwjyjIbfS1E9elQYdHDsaqXe+Wk4+qopGg5mEGWCXACWA9h34X4D+nbE ++v1UcO6FlmA/4fX+3M/cSoy0Zf4wTdaG+1TG8yUxYieGozGSOYP2MumswvxxAJRR +pF1n8G5ST0HWR6EC5LE0mh0uTUe0Z5hTJIGMcmqiKZFzalLcnPn+Z1FurdVUaFQX +xulfixWOCEWF6GHoSOavriusOozRAx5w1Ey2oBXPg9lIDF0LRu07bxwEM44086Zm ++KcJnppHXNcSZUWv9VHbD2B334xNr1Jusa1SdO873MZEvYC8Fyiy87h51CNm64GN +A3cxcd7NAgMBAAECggEBALSchOR/CY3hvt4qOenMBMnpm5e3rYk9jCctYORRfgBf +KKv94Dy/FUuZTd4SUXVo0GkyNL2vKRJtC/eGPT+tNC4jXvO6XJspvl8j9zRihJCH +brgSvXsj+qZX62DJpYhth90M7yXK4xu51629cWqOMHEcdA97eRD7GkDYTx1grKs5 +7ykYki3NNGQFDncSmQz/ZjHs/W44byVKdKVLUHWeexfkOFZ4tmr4gDcLG+M6f6m3 +TTDOIdh9FvpNBOyg+GDWgJbn1nw6PYF3c2cOMQopRwAQKuHfVwpbF+zzxvtcCTkF +GmsprSdLTeXY4v2RT+kla9Hmgot1XIPY6iMvXUkkhwUCgYEA07BuPYWTxY0gfNo3 +CrTNhhGyW4IA8wjwA57ao71Eg7vzhTub+sMZXCMMpFibIGD3pEcW8hG4ke5ghH3n +4jxNBCtFX0q3OHAbBtStX03iggsDoy8piYLxjHrRp+pxEDncwqFaIhWhR0S5wi/M +u2+hE0A9pWAhc/y+DWnoUZvFTL8CgYEA5rtyavAGMA0m8hN9uwMtmc7gSFp0oo8a +mm1pDFe8Z8Mv/SG16pYAuM3wUa+KqfdRXOf6vHvI4OmX1PuiqocECf6acOJu9lzg +bU0WTwoweusGISY5oYUzQ98lkbOVpGR5+1kslACVQmzvX8+EHqFIbdS2de29TGux +vj9drfYX23MCgYEAobKGwp+h/KiMRFI68QaiZuJlpthq+Tm+fEV/JMuR5j5PCVo7 +DxSv7l0nbvHvrI/lGarjsAwxO+cl+o5h7cG54pFa8CsWQRoAyvrxY3cOqd7X7HI9 +/Df1YiT+uJCvxIEuS80MGDUFeHbanaX9cL8X/qh3bjc71mkckwpu1sdxsekCgYEA +tYjnpeGBTM8cRDw3oSsH9srAxcx9leS3zqakjvR8pLr6h9O9GHu6x6woF2zg0Ydn +uYw/R4qw6tx+/DCbtEWUVPS/uG8/VJCQdw6+raNbr2o4oV4826s8QXtRSMidxQDU +xIBNxYiL5v5ke+J+lcbZgKhqgnBxjq3w47lhUFyeOqcCgYEAy3leJK+E9xtXcCGO +WszUz9LU6UqrTqtiFP29ZLmd+VG17/1bt8az6wChMqUJfHa7i8DuG1hANNmiJimE +lpTJY6rxzoq8wkaUi7MqZnkACeWLnLT9i5BZDPTwsNSxkKezYg7j3zoQVj4d86PN +A/DYsS6Gzzwo60cYfO/Kcfwb6vE= +-----END PRIVATE KEY----- diff --git a/tests/tls/local.dev_key.rsa_pkcs1.pem b/tests/tls/local.dev_key.rsa_pkcs1.pem new file mode 100644 index 0000000..0dd3a9a --- /dev/null +++ b/tests/tls/local.dev_key.rsa_pkcs1.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA4R1tUHMq7bmtL3MZovOWehsO29HvMjmRkjzDTS82o38TqHtj +CUthztizHyrF2fpkeqldblcwtaOxfyqdtcEB46iTi8aaVUerweFHlmsvwjo7jF0C +VZ8+GIYTtVAkwXR8H0ce5G0CNqyBwo5HItPx9vn6Xd4y/tvidIU8zIARitIaaiWJ +tBoRG/x6cCb2RqGrF/zCtG/bsFCjYLBgHbx69jhEvZr+5YuwJmxb44Ns1C0tHfEo +687ddJYD7Ey2qiJecgdBWrE0Qy8nEXb37bnA3HZljW9aEeZonGale8PYryCA2ojk +4NvKf/672ZfkE1SLe1ObgsG6xIAZTArkyoO+BQIDAQABAoIBAQDAZNEHX9aBpB4S +npF7hinGJBf34R1IVJFIZWwZLE/LPhFD/mgvCmEGUogMDBdaa7iyaMt0QUpdAxDw ++TAepV0DABFR9aPzXLS7l9kCAounuPMpzFfxa467kOOJI3y2ZeKrLLKHUW8B4T9p +UwYTCwcSKKVE0mHNFYoeQb0rngzgEYSECYnb0poJ2hdUa3u1iH10WYNyi0DPvv3m +TOy8ZuYktTxqpm+JUduRAZiOfPk+0yFeLKzN3wbzS7voCe/zwvswO3tYdQs4PEXA +CnhjB/pG5yJ9x3KkhDZ2TGSZYNCe3HmSGVf1BHUafoeJ8C+sco5JJa9wXBMATtSt +gIGiUeWhAoGBAPcjRc0ylLki+978bTKl4PYz1B3UkF9Xe/uVdxIfPPADnaiqo+Rx +ps6fVojcHdRyDkQsTEMV2BY6WBi6GqI85vVfm/ej1dDseKjcPoHjG1TsgCprM+h9 +KqKMhy6tcB+Sdsw4IT8yDdqTvkFPsGD6ZL6Rwijpa/dvxtzinzXRFHEJAoGBAOkv +/Ahxk6Zo+HwM2AZqwpp6l+acuDR4iGSn7lax5wDdVeVO52OVEwaLhu2+Rmu+a7+y +tAIQwpMO2JuAMm+zmasxXh9G9Z/WanLVwT75MumFuiPyo7kVIScYuzOz1ZhAVwzW +pFDwYD5wssmY+9khU8EtNk7/t5WdYKQQuoieh3AdAoGAdF5EgNGfW+mQJbhAhse6 +vNM8vusXK/2aoKUJUxwoam+ZbhEjaO7m94XpjjnvRdiKxSkCo9gGTrkcQFBpOBlr +OwDRBPM9O8oNKp3CRRC2Du/pjY+6+m7tg2qeQKlkEUm67IBFj2c3RMOqo0AtsgxV +IbKqdO8sam9UeS+wffu8H1kCgYEAy+wKm9e3J2/k3Zbd077JMA7FiAbFkB1YKa4x +3970BO2KkF3QPGXBnZenB4G+U7rSv3GnuaaugawaAOK7OLP3Tp59kRyc8IqxzHrh +5BBJVa58ebNXOiQgOfCGxVAfGmYpujB6wc10XSZxM5t1owxiEi1XsP4vrcdTHCcE ++TSpfIECgYAgLxjYbTOYlxtikJrxo1K7C3tWrkZfjyJB6hAsSSAf/0VzM8ePqS3G +Nw4ng3CM0ee88Rz+7q1nfOaN30Rhu/u2PzHvmxFvk2yiEywJYz/fWgJC7QkfMbFL +ZiyZjwOhmMjIFvUYR7hzLqv04a5womyqUrEnseKrNLaq50oLUACrfA== +-----END RSA PRIVATE KEY----- diff --git a/tests/tls/local.dev_key.sec1_ec.pem b/tests/tls/local.dev_key.sec1_ec.pem new file mode 100644 index 0000000..9287db7 --- /dev/null +++ b/tests/tls/local.dev_key.sec1_ec.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIPwp3LAnLEyWe2lLz66Y3QCCJ/BEMJheTM0shZnnSw6toAoGCCqGSM49 +AwEHoUQDQgAE2UeBetF/oh43g+pMkmX15YzXJA29tkGEO+k7OBhWFpHQ7LVOsnoc +chEfjGVrJlJ0xPxst5p6UpjM6EgX6CkZhw== +-----END EC PRIVATE KEY----- diff --git a/tests/toml/config.toml b/tests/toml/config.toml index c8702c7..1db5b7e 100644 --- a/tests/toml/config.toml +++ b/tests/toml/config.toml @@ -20,8 +20,8 @@ page50x = "./50x.html" #### HTTP/2 + TLS http2 = false -http2-tls-cert = "tests/tls/local.dev_cert.ecc.pem" -http2-tls-key = "tests/tls/local.dev_key.ecc.pem" +http2-tls-cert = "tests/tls/local.dev_cert.sec1_ec.pem" +http2-tls-key = "tests/tls/local.dev_key.sec1_ec.pem" https-redirect = false https-redirect-host = "localhost" https-redirect-from-port = 80 -- libgit2 1.7.2