Skip to content

Commit 1ba2336

Browse files
cpucpu
committed
take rustls 0.23.14+, use pki-types for PEM
Sets the minimum rustls version to 0.23.14 to ensure pki-types 1.10 is re-exported. This is the version that added the PEM decoder bits that allow removing a dependency on rustls-pemfile.
1 parent dd72bd1 commit 1ba2336

File tree

5 files changed

+26
-39
lines changed

5 files changed

+26
-39
lines changed

Cargo.lock

Lines changed: 0 additions & 17 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,5 +14,4 @@ env_logger = "0.10"
1414
log = "0.4"
1515
openssl-probe = "0.1"
1616
openssl-sys = "0.9"
17-
rustls = "0.23"
18-
rustls-pemfile = "2"
17+
rustls = "0.23.14"

src/entry.rs

Lines changed: 12 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -9,13 +9,6 @@ use std::os::raw::{c_char, c_int, c_long, c_uchar, c_uint, c_void};
99
use std::sync::Arc;
1010
use std::{fs, path::PathBuf};
1111

12-
use openssl_sys::{
13-
stack_st_SSL_CIPHER, stack_st_X509, stack_st_X509_NAME, stack_st_void, NID_undef,
14-
OPENSSL_malloc, TLSEXT_NAMETYPE_host_name, BIGNUM, EVP_CIPHER_CTX, EVP_PKEY, HMAC_CTX,
15-
OPENSSL_NPN_NEGOTIATED, OPENSSL_NPN_NO_OVERLAP, X509, X509_STORE, X509_STORE_CTX,
16-
};
17-
use rustls::pki_types::{CertificateDer, PrivatePkcs8KeyDer};
18-
1912
use crate::bio::{Bio, BIO, BIO_METHOD};
2013
use crate::callbacks::SslCallbackContext;
2114
use crate::constants::{named_group_to_nid, sig_scheme_to_type_nid};
@@ -31,6 +24,13 @@ use crate::not_thread_safe::NotThreadSafe;
3124
use crate::sign::OpenSslCertifiedKey;
3225
use crate::x509::{load_certs, OwnedX509, OwnedX509Stack};
3326
use crate::{conf, HandshakeState, ShutdownResult};
27+
use openssl_sys::{
28+
stack_st_SSL_CIPHER, stack_st_X509, stack_st_X509_NAME, stack_st_void, NID_undef,
29+
OPENSSL_malloc, TLSEXT_NAMETYPE_host_name, BIGNUM, EVP_CIPHER_CTX, EVP_PKEY, HMAC_CTX,
30+
OPENSSL_NPN_NEGOTIATED, OPENSSL_NPN_NO_OVERLAP, X509, X509_STORE, X509_STORE_CTX,
31+
};
32+
use rustls::pki_types::pem::PemObject;
33+
use rustls::pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer};
3434

3535
/// Makes a entry function definition.
3636
///
@@ -462,12 +462,12 @@ pub(crate) fn use_cert_chain_file(file_name: &str) -> Result<Vec<CertificateDer<
462462
};
463463

464464
let mut chain = Vec::new();
465-
for cert in rustls_pemfile::certs(&mut file_reader) {
465+
for cert in CertificateDer::pem_reader_iter(&mut file_reader) {
466466
let cert = match cert {
467467
Ok(cert) => cert,
468468
Err(err) => {
469469
log::trace!("Failed to parse {file_name:?}: {err:?}");
470-
return Err(Error::from_io(err));
470+
return Err(Error::from_pem(err));
471471
}
472472
};
473473

@@ -507,15 +507,11 @@ pub(crate) fn use_private_key_file(file_name: &str, file_type: c_int) -> Result<
507507
Err(err) => return Err(Error::from_io(err)),
508508
};
509509

510-
match rustls_pemfile::private_key(&mut file_reader) {
511-
Ok(Some(key)) => key,
512-
Ok(None) => {
513-
log::trace!("No keys found in {file_name:?}");
514-
return Err(Error::bad_data("pem file"));
515-
}
510+
match PrivateKeyDer::from_pem_reader(&mut file_reader) {
511+
Ok(key) => key,
516512
Err(err) => {
517513
log::trace!("Failed to read {file_name:?}: {err:?}");
518-
return Err(Error::from_io(err));
514+
return Err(Error::from_pem(err));
519515
}
520516
}
521517
}

src/error.rs

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ use core::ptr;
33
use std::ffi::CString;
44

55
use openssl_sys::{ERR_new, ERR_set_error, ERR_RFLAGS_OFFSET, ERR_RFLAG_FATAL};
6+
use rustls::pki_types::pem;
67
use rustls::AlertDescription;
78

89
// See openssl/err.h for the source of these magic numbers.
@@ -100,6 +101,14 @@ impl Error {
100101
}
101102
}
102103

104+
pub fn from_pem(err: pem::Error) -> Self {
105+
Self {
106+
lib: Lib::User,
107+
reason: Reason::OperationFailed,
108+
string: Some(err.to_string()),
109+
}
110+
}
111+
103112
pub fn from_io(err: std::io::Error) -> Self {
104113
match err.kind() {
105114
std::io::ErrorKind::WouldBlock => Self {

src/x509.rs

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,15 +3,15 @@ use core::{ptr, slice};
33
use std::path::PathBuf;
44
use std::{fs, io};
55

6+
use crate::error::Error;
67
use openssl_sys::{
78
d2i_X509, i2d_X509, stack_st_X509, OPENSSL_free, OPENSSL_sk_new_null, OPENSSL_sk_num,
89
OPENSSL_sk_push, OPENSSL_sk_value, X509_STORE_free, X509_STORE_new, X509_free, OPENSSL_STACK,
910
X509, X509_STORE,
1011
};
12+
use rustls::pki_types::pem::PemObject;
1113
use rustls::pki_types::CertificateDer;
1214

13-
use crate::error::Error;
14-
1515
/// Safe, owning wrapper around an OpenSSL `STACK_OF(X509)` object.
1616
///
1717
/// The items are owned by the stack.
@@ -273,12 +273,12 @@ pub(crate) fn load_certs<'a>(
273273
Err(err) => return Err(Error::from_io(err).raise()),
274274
};
275275

276-
for cert in rustls_pemfile::certs(&mut file_reader) {
276+
for cert in CertificateDer::pem_reader_iter(&mut file_reader) {
277277
match cert {
278278
Ok(cert) => certs.push(cert),
279279
Err(err) => {
280280
log::trace!("Failed to parse {file_name:?}: {err:?}");
281-
return Err(Error::from_io(err).raise());
281+
return Err(Error::from_pem(err).raise());
282282
}
283283
};
284284
}

0 commit comments

Comments
 (0)