Use OpenSSL

2025-07-31 13:07:46 +00:00 · 2024-01-07 13:37:07 +03:00 · 2024-01-07 13:37:07 +03:00 · a5ffcce3c8
commit a5ffcce3c8
parent aab216f317
4 changed files with 88 additions and 65 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -131,14 +131,14 @@ dependencies = [
 "actix-utils",
 "futures-core",
 "impl-more",
+ "openssl",
 "pin-project-lite",
 "rustls",
 "rustls-webpki",
 "tokio",
- "tokio-rustls",
+ "tokio-openssl",
 "tokio-util",
 "tracing",
- "webpki-roots",
 ]

 [[package]]
@ -665,6 +665,21 @@ version = "1.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"

+[[package]]
+name = "foreign-types"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
+dependencies = [
+ "foreign-types-shared",
+]
+
+[[package]]
+name = "foreign-types-shared"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
+
 [[package]]
 name = "form_urlencoded"
 version = "1.2.1"
@ -1062,6 +1077,44 @@ version = "1.19.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"

+[[package]]
+name = "openssl"
+version = "0.10.62"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8cde4d2d9200ad5909f8dac647e29482e07c3a35de8a13fce7c9c7747ad9f671"
+dependencies = [
+ "bitflags 2.4.1",
+ "cfg-if",
+ "foreign-types",
+ "libc",
+ "once_cell",
+ "openssl-macros",
+ "openssl-sys",
+]
+
+[[package]]
+name = "openssl-macros"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.48",
+]
+
+[[package]]
+name = "openssl-sys"
+version = "0.9.98"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c1665caf8ab2dc9aef43d1c0023bd904633a6a05cb30b0ad59bec2ae986e57a7"
+dependencies = [
+ "cc",
+ "libc",
+ "pkg-config",
+ "vcpkg",
+]
+
 [[package]]
 name = "parking_lot"
 version = "0.12.1"
@ -1315,15 +1368,6 @@ dependencies = [
 "sct",
 ]

-[[package]]
-name = "rustls-pemfile"
-version = "1.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c"
-dependencies = [
- "base64",
-]
-
 [[package]]
 name = "rustls-webpki"
 version = "0.101.7"
@ -1450,9 +1494,8 @@ dependencies = [
 "maud",
 "mime_guess",
 "minify-js",
+ "openssl",
 "pulldown-cmark",
- "rustls",
- "rustls-pemfile",
 ]

 [[package]]
@ -1585,12 +1628,14 @@ dependencies = [
 ]

 [[package]]
-name = "tokio-rustls"
-version = "0.24.1"
+name = "tokio-openssl"
+version = "0.6.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
+checksum = "6ffab79df67727f6acf57f1ff743091873c24c579b1e2ce4d8f53e47ded4d63d"
 dependencies = [
- "rustls",
+ "futures-util",
+ "openssl",
+ "openssl-sys",
 "tokio",
 ]

@ -1727,6 +1772,12 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a"

+[[package]]
+name = "vcpkg"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
+
 [[package]]
 name = "version_check"
 version = "0.9.4"
@ -1793,12 +1844,6 @@ version = "0.2.89"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7ab9b36309365056cd639da3134bf87fa8f3d86008abf99e612384a6eecd459f"

-[[package]]
-name = "webpki-roots"
-version = "0.25.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1778a42e8b3b90bff8d0f5032bf22250792889a5cdc752aa0020c84abe3aaf10"
-
 [[package]]
 name = "winapi"
 version = "0.3.9"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -9,7 +9,7 @@ repositoty  = "https://github.com/RGBCube/rgbcube.github.io"
 edition     = "2021"

 [dependencies]
-actix-web      = { version = "4.4.1", features = [ "rustls-0_21" ] }
+actix-web      = { version = "4.4.1", features = [ "openssl" ] }
 anyhow         = "1.0.77"
 bytes          = "1.5.0"
 cargo_toml     = "0.17.2"
@ -21,9 +21,8 @@ log            = { version = "0.4.20", features = [ "serde" ] }
 maud           = { version = "0.25.0", features = [ "actix-web" ] }
 mime_guess     = "2.0.4"
 minify-js      = "0.6.0"
+openssl        = "0.10.62"
 pulldown-cmark = "0.9.3"
-rustls         = "0.21.10"
-rustls-pemfile = "1.0.4"

 [patch.crates-io]
 proc-macro2 = { git = "https://github.com/RGBCube/proc-macro2" }
--- a/flake.nix
+++ b/flake.nix
@ -72,7 +72,12 @@
      inherit cargoArtifacts;
    });
  in {
-    devShells.${system}.default = crane.devShell {};
+    devShells.${system}.default = crane.devShell {
+      packages = with nixpkgs.legacyPackages.${system}; [
+        openssl
+        pkg-config
+      ];
+    };

    checks.${system} = {
      inherit site;
--- a/src/main.rs
+++ b/src/main.rs
@ -7,11 +7,7 @@ mod minify;
 mod page;
 mod routes;

-use std::{
-    fs::File,
-    io::BufReader,
-    path::PathBuf,
-};
+use std::path::PathBuf;

 use actix_web::{
    main as async_main,
@ -21,14 +17,10 @@ use actix_web::{
 };
 use anyhow::Context;
 use clap::Parser;
-use rustls::{
-    Certificate,
-    PrivateKey,
-    ServerConfig,
-};
-use rustls_pemfile::{
-    certs,
-    pkcs8_private_keys,
+use openssl::ssl::{
+    SslAcceptor,
+    SslFiletype,
+    SslMethod,
 };

 #[derive(Parser)]
@ -69,34 +61,16 @@ async fn main() -> anyhow::Result<()> {
    let server = if let Some(certificate_path) = args.certificate
        && let Some(key_path) = args.key
    {
-        let certificates = certs(&mut BufReader::new(
-            File::open(&certificate_path).with_context(|| {
-                format!(
-                    "Failed to open certificate file at {}",
-                    certificate_path.display()
-                )
-            })?,
-        ))
-        .unwrap()
-        .into_iter()
-        .map(Certificate)
-        .collect();
+        let mut builder = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();

-        let mut keys = pkcs8_private_keys(&mut BufReader::new(
-            File::open(&key_path)
-                .with_context(|| format!("Failed to open key file at {}", key_path.display()))?,
-        ))
-        .unwrap()
-        .into_iter()
-        .map(PrivateKey);
-
-        let tls_config = ServerConfig::builder()
-            .with_safe_defaults()
-            .with_no_client_auth()
-            .with_single_cert(certificates, keys.next().unwrap())
+        builder
+            .set_private_key_file(key_path, SslFiletype::PEM)
+            .unwrap();
+        builder
+            .set_certificate_chain_file(certificate_path)
            .unwrap();

-        server.bind_rustls_021(("0.0.0.0", args.port), tls_config)
+        server.bind_openssl(("0.0.0.0", args.port), builder)
    } else {
        server.bind(("0.0.0.0", args.port))
    };