From e8560a0a831236e7e79837f08d4e5bec79450b3e Mon Sep 17 00:00:00 2001
From: Jose Quintana <joseluisquintana20@gmail.com>
Date: Thu, 1 Jun 2023 00:51:29 +0200
Subject: [PATCH] refactor: tokio-rustls 0.24 for tls client_auth

---
 Cargo.lock | 31 +++++++++++++++----------------
 Cargo.toml |  2 +-
 src/tls.rs | 27 ++++++++++++---------------
 3 files changed, 28 insertions(+), 32 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 13cb136..0b68d43 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -954,14 +954,14 @@ dependencies = [
 
 [[package]]
 name = "rustls"
-version = "0.20.8"
+version = "0.21.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fff78fc74d175294f4e83b28343315ffcfb114b156f0185e9741cb5570f50e2f"
+checksum = "c911ba11bc8433e811ce56fde130ccf32f5127cab0e0194e9c68c5a5b671791e"
 dependencies = [
  "log",
  "ring",
+ "rustls-webpki",
  "sct",
- "webpki",
 ]
 
 [[package]]
@@ -974,6 +974,16 @@ dependencies = [
 ]
 
 [[package]]
+name = "rustls-webpki"
+version = "0.100.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d6207cd5ed3d8dca7816f8f3725513a34609c0c765bf652b8c3cb4cfd87db46b"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
+[[package]]
 name = "ryu"
 version = "1.0.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1306,13 +1316,12 @@ dependencies = [
 
 [[package]]
 name = "tokio-rustls"
-version = "0.23.4"
+version = "0.24.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c43ee83903113e03984cb9e5cebe6c04a5116269e900e3ddba8f068a62adda59"
+checksum = "e0d409377ff5b1e3ca6437aa86c1eb7d40c134bfec254e44c830defa92669db5"
 dependencies = [
  "rustls",
  "tokio",
- "webpki",
 ]
 
 [[package]]
@@ -1535,16 +1544,6 @@ dependencies = [
 ]
 
 [[package]]
-name = "webpki"
-version = "0.22.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd"
-dependencies = [
- "ring",
- "untrusted",
-]
-
-[[package]]
 name = "widestring"
 version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
diff --git a/Cargo.toml b/Cargo.toml
index c46273f..5a2c847 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -73,7 +73,7 @@ serde_repr = "0.1"
 structopt = { version = "0.3", default-features = false }
 chrono = { version = "0.4", default-features = false, features = ["std", "clock"] }
 tokio = { version = "1", default-features = false, features = ["rt-multi-thread", "macros", "fs", "io-util", "signal"] }
-tokio-rustls = { version = "0.23", optional = true }
+tokio-rustls = { version = "0.24", optional = true }
 tokio-util = { version = "0.7", default-features = false, features = ["io"] }
 toml = "0.5"
 tracing = { version = "0.1", default-features = false, features = ["std"] }
diff --git a/src/tls.rs b/src/tls.rs
index 72d8878..4d8788b 100644
--- a/src/tls.rs
+++ b/src/tls.rs
@@ -34,12 +34,12 @@ pub enum TlsConfigError {
     Io(io::Error),
     /// An Error parsing the Certificate
     CertParseError,
-    /// An Error parsing a Pkcs8 key
-    Pkcs8ParseError,
-    /// An Error parsing a Rsa key
-    RsaParseError,
+    /// Identity PEM is invalid
+    InvalidIdentityPem,
     /// An error from an empty key
     EmptyKey,
+    /// Unknown private key format
+    UnknownPrivateKeyFormat,
     /// An error from an invalid key
     InvalidKey(TlsError),
 }
@@ -49,8 +49,8 @@ impl std::fmt::Display for TlsConfigError {
         match self {
             TlsConfigError::Io(err) => err.fmt(f),
             TlsConfigError::CertParseError => write!(f, "certificate parse error"),
-            TlsConfigError::Pkcs8ParseError => write!(f, "pkcs8 parse error"),
-            TlsConfigError::RsaParseError => write!(f, "rsa parse error"),
+            TlsConfigError::InvalidIdentityPem => write!(f, "identity PEM is invalid"),
+            TlsConfigError::UnknownPrivateKeyFormat => write!(f, "unknown private key format"),
             TlsConfigError::EmptyKey => write!(f, "key contains no private key"),
             TlsConfigError::InvalidKey(err) => write!(f, "key contains an invalid key, {err}"),
         }
@@ -197,18 +197,14 @@ impl TlsConfigBuilder {
 
         let mut key = None;
         let mut reader = std::io::Cursor::new(key_vec);
-        for item in
-            rustls_pemfile::read_all(&mut reader).map_err(|_e| TlsConfigError::Pkcs8ParseError)?
+        for item in rustls_pemfile::read_all(&mut reader)
+            .map_err(|_e| TlsConfigError::InvalidIdentityPem)?
         {
             match item {
                 rustls_pemfile::Item::RSAKey(k) => key = Some(PrivateKey(k)),
                 rustls_pemfile::Item::PKCS8Key(k) => key = Some(PrivateKey(k)),
                 rustls_pemfile::Item::ECKey(k) => key = Some(PrivateKey(k)),
-                _ => {
-                    return Err(TlsConfigError::InvalidKey(
-                        TlsError::InvalidCertificateData("unknown private key format".to_owned()),
-                    ))
-                }
+                _ => return Err(TlsConfigError::UnknownPrivateKeyFormat),
             }
         }
         let key = match key {
@@ -233,12 +229,13 @@ impl TlsConfigBuilder {
         }
 
         let client_auth = match self.client_auth {
-            TlsClientAuth::Off => NoClientAuth::new(),
+            TlsClientAuth::Off => NoClientAuth::boxed(),
             TlsClientAuth::Optional(trust_anchor) => {
                 AllowAnyAnonymousOrAuthenticatedClient::new(read_trust_anchor(trust_anchor)?)
+                    .boxed()
             }
             TlsClientAuth::Required(trust_anchor) => {
-                AllowAnyAuthenticatedClient::new(read_trust_anchor(trust_anchor)?)
+                AllowAnyAuthenticatedClient::new(read_trust_anchor(trust_anchor)?).boxed()
             }
         };
 
--
libgit2 1.7.2