Drop dependency on rustls-pemfile

Author: djc

Cargo.lock

@@ -28,7 +28,6 @@ http = "1"
 hyper = { version = "1", default-features = false }
 hyper-util = { version = "0.1", default-features = false, features = ["client-legacy", "tokio"] }
 log = { version = "0.4.4", optional = true }
-pki-types = { package = "rustls-pki-types", version = "1" }
 rustls-native-certs = { version = "0.8", optional = true }
 rustls-platform-verifier = { version = "0.6", optional = true }
 rustls = { version = "0.23", default-features = false }
@@ -42,7 +41,6 @@ cfg-if = "1"
 http-body-util = "0.1"
 hyper-util = { version = "0.1", default-features = false, features = ["server-auto"] }
 rustls = { version = "0.23", default-features = false, features = ["tls12"] }
-rustls-pemfile = "2"
 tokio = { version = "1.0", features = ["io-std", "macros", "net", "rt-multi-thread"] }
 
 [[example]]

Cargo.toml

@@ -7,10 +7,12 @@ use http_body_util::{BodyExt, Empty};
 use hyper::body::Bytes;
 use hyper_rustls::ConfigBuilderExt;
 use hyper_util::{client::legacy::Client, rt::TokioExecutor};
+use rustls::pki_types::pem::PemObject;
+use rustls::pki_types::CertificateDer;
 use rustls::RootCertStore;
 
 use std::str::FromStr;
-use std::{env, fs, io};
+use std::{env, io};
 
 fn main() {
     // Send GET request and inspect result, with proper error handling.
@@ -41,22 +43,14 @@ async fn run_client() -> io::Result<()> {
         }
     };
 
-    // Second parameter is custom Root-CA store (optional, defaults to native cert store).
-    let mut ca = match env::args().nth(2) {
-        Some(ref path) => {
-            let f =
-                fs::File::open(path).map_err(|e| error(format!("failed to open {path}: {e}")))?;
-            let rd = io::BufReader::new(f);
-            Some(rd)
-        }
-        None => None,
-    };
-
     // Prepare the TLS client config
-    let tls = match ca {
-        Some(ref mut rd) => {
+    let tls = match env::args().nth(2) {
+        Some(path) => {
             // Read trust roots
-            let certs = rustls_pemfile::certs(rd).collect::<Result<Vec<_>, _>>()?;
+            let certs = CertificateDer::pem_file_iter(&path)
+                .and_then(|res| res.collect::<Result<Vec<_>, _>>())
+                .map_err(|err| error(format!("could not read CA store {path}: {err}")))?;
+
             let mut roots = RootCertStore::empty();
             roots.add_parsable_certificates(certs);
             // TLS client config using the custom CA store for lookups

examples/client.rs

@@ -7,15 +7,16 @@
 
 use std::net::{Ipv4Addr, SocketAddr};
 use std::sync::Arc;
-use std::{env, fs, io};
+use std::{env, io};
 
 use http::{Method, Request, Response, StatusCode};
 use http_body_util::{BodyExt, Full};
 use hyper::body::{Bytes, Incoming};
 use hyper::service::service_fn;
 use hyper_util::rt::{TokioExecutor, TokioIo};
 use hyper_util::server::conn::auto::Builder;
-use pki_types::{CertificateDer, PrivateKeyDer};
+use rustls::pki_types::pem::PemObject;
+use rustls::pki_types::{CertificateDer, PrivateKeyDer};
 use rustls::ServerConfig;
 use tokio::net::TcpListener;
 use tokio_rustls::TlsAcceptor;
@@ -48,9 +49,12 @@ async fn run_server() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
     let addr = SocketAddr::new(Ipv4Addr::LOCALHOST.into(), port);
 
     // Load public certificate.
-    let certs = load_certs("examples/sample.pem")?;
+    let certs = CertificateDer::pem_file_iter("examples/sample.pem")?
+        .collect::<Result<Vec<_>, _>>()
+        .map_err(|e| error(format!("could not read certificate file: {e}")))?;
     // Load private key.
-    let key = load_private_key("examples/sample.rsa")?;
+    let key = PrivateKeyDer::from_pem_file("examples/sample.rsa")
+        .map_err(|e| error(format!("could not read private key file: {e}")))?;
 
     println!("Starting to serve on https://{addr}");
 
@@ -114,25 +118,3 @@ async fn echo(req: Request<Incoming>) -> Result<Response<Full<Bytes>>, hyper::Er
     };
     Ok(response)
 }
-
-// Load public certificate from file.
-fn load_certs(filename: &str) -> io::Result<Vec<CertificateDer<'static>>> {
-    // Open certificate file.
-    let certfile =
-        fs::File::open(filename).map_err(|e| error(format!("failed to open {filename}: {e}")))?;
-    let mut reader = io::BufReader::new(certfile);
-
-    // Load and return certificate.
-    rustls_pemfile::certs(&mut reader).collect()
-}
-
-// Load private key from file.
-fn load_private_key(filename: &str) -> io::Result<PrivateKeyDer<'static>> {
-    // Open keyfile.
-    let keyfile =
-        fs::File::open(filename).map_err(|e| error(format!("failed to open {filename}: {e}")))?;
-    let mut reader = io::BufReader::new(keyfile);
-
-    // Load and return a single private key.
-    rustls_pemfile::private_key(&mut reader).map(|key| key.unwrap())
-}

examples/server.rs

@@ -8,7 +8,7 @@ use http::Uri;
 use hyper::rt;
 use hyper_util::client::legacy::connect::Connection;
 use hyper_util::rt::TokioIo;
-use pki_types::ServerName;
+use rustls::pki_types::ServerName;
 use tokio_rustls::TlsConnector;
 use tower_service::Service;
 

src/connector.rs

@@ -7,6 +7,7 @@ use hyper_util::client::legacy::connect::HttpConnector;
     feature = "webpki-roots"
 ))]
 use rustls::crypto::CryptoProvider;
+use rustls::pki_types::ServerName;
 use rustls::ClientConfig;
 
 use super::{DefaultServerNameResolver, HttpsConnector, ResolveServerName};
@@ -16,7 +17,6 @@ use super::{DefaultServerNameResolver, HttpsConnector, ResolveServerName};
     feature = "rustls-platform-verifier"
 ))]
 use crate::config::ConfigBuilderExt;
-use pki_types::ServerName;
 
 /// A builder for an [`HttpsConnector`]
 ///