asonix/rustls-resolver
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Update rustls

Browse source
This commit is contained in:
asonix 2024-02-03 21:39:30 -06:00
parent 3f8cb9de1b
commit 06282ee085
4 changed files with 15 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Cargo.toml
View file

@ -1,7 +1,7 @@
[package]
name = "rustls-channel-resolver"
description = "A simple single-cert channel-ish rustls resolver for live-reloading certificate files"
version = "0.1.0"
version = "0.2.0"
license = "AGPL-3.0"
authors = ["asonix <asonix@asonix.dog>"]
repository = "https://git.asonix.dog/asonix/rustls-resolver"
@ -13,10 +13,10 @@ edition = "2021"
[dependencies]
nanorand = "0.7.0"
rustls = "0.21"
rustls = "0.22"
[dev-dependencies]
actix-web = { version = "4.4.1", features = ["rustls-0_21"] }
actix-web = { version = "4.4.1", features = ["rustls-0_22"] }
criterion = "0.5"
rustls-pemfile = "2.0.0"
tokio = { version = "1.35.1", features = ["fs"] }

5
benches/parallel_access.rs
View file

@ -15,7 +15,6 @@ fn prepare_key() -> CertifiedKey {
let certfile = std::fs::File::open("./out/example.crt").unwrap();
let mut reader = BufReader::new(certfile);
let certs = rustls_pemfile::certs(&mut reader)
.map(|res| res.map(|c| rustls::Certificate(c.to_vec())))
.collect::<Result<Vec<_>, _>>()
.unwrap();
@ -23,9 +22,7 @@ fn prepare_key() -> CertifiedKey {
let mut reader = BufReader::new(keyfile);
let private_key = rustls_pemfile::private_key(&mut reader).unwrap().unwrap();
let private_key =
rustls::sign::any_supported_type(&rustls::PrivateKey(Vec::from(private_key.secret_der())))
.unwrap();
let private_key = rustls::crypto::ring::sign::any_supported_type(&private_key).unwrap();
CertifiedKey::new(certs, private_key)
}

10
examples/demo.rs
View file

@ -29,12 +29,11 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
});
let server_config = rustls::ServerConfig::builder()
.with_safe_defaults()
.with_no_client_auth()
.with_cert_resolver(rx);
HttpServer::new(|| App::new().route("/", web::get().to(index)))
.bind_rustls_021("0.0.0.0:8443", server_config)?
.bind_rustls_0_22("0.0.0.0:8443", server_config)?
.bind("0.0.0.0:8080")?
.run()
.await?;
@ -46,17 +45,14 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
async fn read_key() -> Result<Option<rustls::sign::CertifiedKey>, Box<dyn std::error::Error>> {
let cert_bytes = tokio::fs::read("./out/example.crt").await?;
let certs = rustls_pemfile::certs(&mut cert_bytes.as_slice())
.map(|res| res.map(|c| rustls::Certificate(c.to_vec())))
.collect::<Result<Vec<_>, _>>()?;
let certs = rustls_pemfile::certs(&mut cert_bytes.as_slice()).collect::<Result<Vec<_>, _>>()?;
let key_bytes = tokio::fs::read("./out/example.key").await?;
let Some(private_key) = rustls_pemfile::private_key(&mut key_bytes.as_slice())? else {
return Ok(None);
};
let private_key =
rustls::sign::any_supported_type(&rustls::PrivateKey(Vec::from(private_key.secret_der())))?;
let private_key = rustls::crypto::ring::sign::any_supported_type(&private_key)?;
Ok(Some(rustls::sign::CertifiedKey::new(certs, private_key)))
}

8
src/lib.rs
View file

@ -128,6 +128,14 @@ impl<const SHARDS: usize> ChannelResolver<SHARDS> {
}
}
impl<const SHARDS: usize> std::fmt::Debug for ChannelResolver<SHARDS> {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
f.debug_struct("ChannelResolver")
.field("locks", &format!("[Lock; {SHARDS}]"))
.finish()
}
}
impl<const SHARDS: usize> rustls::server::ResolvesServerCert for ChannelResolver<SHARDS> {
fn resolve(&self, _: rustls::server::ClientHello) -> Option<Arc<CertifiedKey>> {
Some(self.read())