Make TLS work

2025-08-01 13:37:49 +00:00 · 2024-01-07 12:57:50 +03:00 · 2024-01-07 12:57:50 +03:00 · aab216f317
commit aab216f317
parent 274e91eea3
3 changed files with 22 additions and 23 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1317,20 +1317,13 @@ dependencies = [

 [[package]]
 name = "rustls-pemfile"
-version = "2.0.0"
+version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "35e4980fa29e4c4b212ffb3db068a564cbf560e51d3944b7c88bd8bf5bec64f4"
+checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c"
 dependencies = [
 "base64",
- "rustls-pki-types",
 ]

-[[package]]
-name = "rustls-pki-types"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e9d979b3ce68192e42760c7810125eb6cf2ea10efae545a156063e61f314e2a"
-
 [[package]]
 name = "rustls-webpki"
 version = "0.101.7"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -22,8 +22,8 @@ maud           = { version = "0.25.0", features = [ "actix-web" ] }
 mime_guess     = "2.0.4"
 minify-js      = "0.6.0"
 pulldown-cmark = "0.9.3"
-rustls         = "0.21"
-rustls-pemfile = "2.0.0"
+rustls         = "0.21.10"
+rustls-pemfile = "1.0.4"

 [patch.crates-io]
 proc-macro2 = { git = "https://github.com/RGBCube/proc-macro2" }
--- a/src/main.rs
+++ b/src/main.rs
@ -22,12 +22,13 @@ use actix_web::{
 use anyhow::Context;
 use clap::Parser;
 use rustls::{
-    pki_types::PrivateKeyDer,
+    Certificate,
+    PrivateKey,
    ServerConfig,
 };
 use rustls_pemfile::{
    certs,
-    rsa_private_keys,
+    pkcs8_private_keys,
 };

 #[derive(Parser)]
@ -69,28 +70,33 @@ async fn main() -> anyhow::Result<()> {
        && let Some(key_path) = args.key
    {
        let certificates = certs(&mut BufReader::new(
-            File::open(certificate_path).with_context(|| {
+            File::open(&certificate_path).with_context(|| {
                format!(
                    "Failed to open certificate file at {}",
                    certificate_path.display()
                )
            })?,
-        ));
+        ))
+        .unwrap()
+        .into_iter()
+        .map(Certificate)
+        .collect();

-        let mut keys = rsa_private_keys(&mut BufReader::new(
-            File::open(key_path)
+        let mut keys = pkcs8_private_keys(&mut BufReader::new(
+            File::open(&key_path)
                .with_context(|| format!("Failed to open key file at {}", key_path.display()))?,
-        ));
+        ))
+        .unwrap()
+        .into_iter()
+        .map(PrivateKey);

        let tls_config = ServerConfig::builder()
+            .with_safe_defaults()
            .with_no_client_auth()
-            .with_single_cert(
-                certificates.try_collect::<Vec<_>>()?,
-                PrivateKeyDer::Pkcs1(keys.next().unwrap()?),
-            )
+            .with_single_cert(certificates, keys.next().unwrap())
            .unwrap();

-        server.bind_rustls(("0.0.0.0", args.port), tls_config)
+        server.bind_rustls_021(("0.0.0.0", args.port), tls_config)
    } else {
        server.bind(("0.0.0.0", args.port))
    };