Use OpenSSL

Cargo.lock

@@ -131,14 +131,14 @@ dependencies = [
  "actix-utils",
  "futures-core",
  "impl-more",
+ "openssl",
  "pin-project-lite",
  "rustls",
  "rustls-webpki",
  "tokio",
- "tokio-rustls",
+ "tokio-openssl",
  "tokio-util",
  "tracing",
- "webpki-roots",
 ]
 
 [[package]]
@@ -665,6 +665,21 @@ version = "1.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
 
+[[package]]
+name = "foreign-types"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
+dependencies = [
+ "foreign-types-shared",
+]
+
+[[package]]
+name = "foreign-types-shared"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
+
 [[package]]
 name = "form_urlencoded"
 version = "1.2.1"
@@ -1062,6 +1077,44 @@ version = "1.19.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
 
+[[package]]
+name = "openssl"
+version = "0.10.62"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8cde4d2d9200ad5909f8dac647e29482e07c3a35de8a13fce7c9c7747ad9f671"
+dependencies = [
+ "bitflags 2.4.1",
+ "cfg-if",
+ "foreign-types",
+ "libc",
+ "once_cell",
+ "openssl-macros",
+ "openssl-sys",
+]
+
+[[package]]
+name = "openssl-macros"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.48",
+]
+
+[[package]]
+name = "openssl-sys"
+version = "0.9.98"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c1665caf8ab2dc9aef43d1c0023bd904633a6a05cb30b0ad59bec2ae986e57a7"
+dependencies = [
+ "cc",
+ "libc",
+ "pkg-config",
+ "vcpkg",
+]
+
 [[package]]
 name = "parking_lot"
 version = "0.12.1"
@@ -1315,15 +1368,6 @@ dependencies = [
  "sct",
 ]
 
-[[package]]
-name = "rustls-pemfile"
-version = "1.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c"
-dependencies = [
- "base64",
-]
-
 [[package]]
 name = "rustls-webpki"
 version = "0.101.7"
@@ -1450,9 +1494,8 @@ dependencies = [
  "maud",
  "mime_guess",
  "minify-js",
+ "openssl",
  "pulldown-cmark",
- "rustls",
- "rustls-pemfile",
 ]
 
 [[package]]
@@ -1585,12 +1628,14 @@ dependencies = [
 ]
 
 [[package]]
-name = "tokio-rustls"
+name = "tokio-openssl"
-version = "0.24.1"
+version = "0.6.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
+checksum = "6ffab79df67727f6acf57f1ff743091873c24c579b1e2ce4d8f53e47ded4d63d"
 dependencies = [
- "rustls",
+ "futures-util",
+ "openssl",
+ "openssl-sys",
  "tokio",
 ]
 
@@ -1727,6 +1772,12 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a"
 
+[[package]]
+name = "vcpkg"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
+
 [[package]]
 name = "version_check"
 version = "0.9.4"
@@ -1793,12 +1844,6 @@ version = "0.2.89"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7ab9b36309365056cd639da3134bf87fa8f3d86008abf99e612384a6eecd459f"
 
-[[package]]
-name = "webpki-roots"
-version = "0.25.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1778a42e8b3b90bff8d0f5032bf22250792889a5cdc752aa0020c84abe3aaf10"
-
 [[package]]
 name = "winapi"
 version = "0.3.9"

Cargo.toml

@@ -9,7 +9,7 @@ repositoty  = "https://github.com/RGBCube/rgbcube.github.io"
 edition     = "2021"
 
 [dependencies]
-actix-web      = { version = "4.4.1", features = [ "rustls-0_21" ] }
+actix-web      = { version = "4.4.1", features = [ "openssl" ] }
 anyhow         = "1.0.77"
 bytes          = "1.5.0"
 cargo_toml     = "0.17.2"
@@ -21,9 +21,8 @@ log            = { version = "0.4.20", features = [ "serde" ] }
 maud           = { version = "0.25.0", features = [ "actix-web" ] }
 mime_guess     = "2.0.4"
 minify-js      = "0.6.0"
+openssl        = "0.10.62"
 pulldown-cmark = "0.9.3"
-rustls         = "0.21.10"
-rustls-pemfile = "1.0.4"
 
 [patch.crates-io]
 proc-macro2 = { git = "https://github.com/RGBCube/proc-macro2" }

flake.nix

@@ -72,7 +72,12 @@
       inherit cargoArtifacts;
     });
   in {
-    devShells.${system}.default = crane.devShell {};
+    devShells.${system}.default = crane.devShell {
+      packages = with nixpkgs.legacyPackages.${system}; [
+        openssl
+        pkg-config
+      ];
+    };
 
     checks.${system} = {
       inherit site;

src/main.rs

@@ -7,11 +7,7 @@ mod minify;
 mod page;
 mod routes;
 
-use std::{
+use std::path::PathBuf;
-    fs::File,
-    io::BufReader,
-    path::PathBuf,
-};
 
 use actix_web::{
     main as async_main,
@@ -21,14 +17,10 @@ use actix_web::{
 };
 use anyhow::Context;
 use clap::Parser;
-use rustls::{
+use openssl::ssl::{
-    Certificate,
+    SslAcceptor,
-    PrivateKey,
+    SslFiletype,
-    ServerConfig,
+    SslMethod,
-};
-use rustls_pemfile::{
-    certs,
-    pkcs8_private_keys,
 };
 
 #[derive(Parser)]
@@ -69,34 +61,16 @@ async fn main() -> anyhow::Result<()> {
     let server = if let Some(certificate_path) = args.certificate
         && let Some(key_path) = args.key
     {
-        let certificates = certs(&mut BufReader::new(
+        let mut builder = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
-            File::open(&certificate_path).with_context(|| {
-                format!(
-                    "Failed to open certificate file at {}",
-                    certificate_path.display()
-                )
-            })?,
-        ))
-        .unwrap()
-        .into_iter()
-        .map(Certificate)
-        .collect();
 
-        let mut keys = pkcs8_private_keys(&mut BufReader::new(
+        builder
-            File::open(&key_path)
+            .set_private_key_file(key_path, SslFiletype::PEM)
-                .with_context(|| format!("Failed to open key file at {}", key_path.display()))?,
+            .unwrap();
-        ))
+        builder
-        .unwrap()
+            .set_certificate_chain_file(certificate_path)
-        .into_iter()
-        .map(PrivateKey);
-
-        let tls_config = ServerConfig::builder()
-            .with_safe_defaults()
-            .with_no_client_auth()
-            .with_single_cert(certificates, keys.next().unwrap())
             .unwrap();
 
-        server.bind_rustls_021(("0.0.0.0", args.port), tls_config)
+        server.bind_openssl(("0.0.0.0", args.port), builder)
     } else {
         server.bind(("0.0.0.0", args.port))
     };