diff options
| author | metamuffin <metamuffin@disroot.org> | 2024-08-18 22:02:03 +0200 |
|---|---|---|
| committer | metamuffin <metamuffin@disroot.org> | 2024-08-18 22:02:03 +0200 |
| commit | 311d8dc828446d4cfd936706782d2d6b22ed5d86 (patch) | |
| tree | 256d785ff19a2346f7db79e6ebeb0e5c2508e80a /src/main.rs | |
| parent | f46b05a0afa776b39764bb3ddf8ecab6cde13a2c (diff) | |
| download | gnix-311d8dc828446d4cfd936706782d2d6b22ed5d86.tar gnix-311d8dc828446d4cfd936706782d2d6b22ed5d86.tar.bz2 gnix-311d8dc828446d4cfd936706782d2d6b22ed5d86.tar.zst | |
new cert loading method
Diffstat (limited to 'src/main.rs')
| -rw-r--r-- | src/main.rs | 35 |
1 files changed, 10 insertions, 25 deletions
diff --git a/src/main.rs b/src/main.rs index eecb946..56a9b19 100644 --- a/src/main.rs +++ b/src/main.rs @@ -2,13 +2,15 @@ #![feature(slice_split_once)] #![feature(iterator_try_collect)] +pub mod certs; pub mod config; pub mod error; pub mod helper; pub mod modules; use aes_gcm_siv::{aead::generic_array::GenericArray, Aes256GcmSiv, KeyInit}; -use anyhow::{anyhow, Context, Result}; +use anyhow::{Context, Result}; +use certs::CertPool; use config::{setup_file_watch, Config, NODE_KINDS}; use error::ServiceError; use futures::future::try_join_all; @@ -24,15 +26,8 @@ use hyper::{ }; use log::{debug, error, info, warn, LevelFilter}; use modules::{NodeContext, MODULES}; -use rustls::pki_types::{CertificateDer, PrivateKeyDer}; use std::{ - collections::HashMap, - io::BufReader, - net::SocketAddr, - path::{Path, PathBuf}, - process::exit, - str::FromStr, - sync::Arc, + collections::HashMap, net::SocketAddr, path::PathBuf, process::exit, str::FromStr, sync::Arc, }; use tokio::{ fs::File, @@ -58,6 +53,10 @@ async fn main() -> anyhow::Result<()> { .parse_env("LOG") .init(); + rustls::crypto::ring::default_provider() + .install_default() + .unwrap(); + NODE_KINDS .write() .unwrap() @@ -147,11 +146,10 @@ async fn serve_https(state: Arc<State>) -> Result<()> { None => return Ok(()), }; let tls_config = { - let certs = load_certs(&https_config.tls_cert)?; - let key = load_private_key(&https_config.tls_key)?; + let certs = CertPool::load(&https_config.cert_path)?; let mut cfg = rustls::ServerConfig::builder() .with_no_client_auth() - .with_single_cert(certs, key)?; + .with_cert_resolver(Arc::new(certs)); cfg.alpn_protocols = vec![ // b"h2".to_vec(), b"http/1.1".to_vec(), @@ -222,19 +220,6 @@ pub async fn serve_stream<T: Unpin + Send + 'static + hyper::rt::Read + hyper::r } } -fn load_certs(path: &Path) -> anyhow::Result<Vec<CertificateDer<'static>>> { - let mut reader = BufReader::new(std::fs::File::open(path).context("reading tls certs")?); - let certs = rustls_pemfile::certs(&mut reader) - .try_collect::<Vec<_>>() - .context("parsing tls certs")?; - Ok(certs) -} -fn load_private_key(path: &Path) -> anyhow::Result<PrivateKeyDer<'static>> { - let mut reader = BufReader::new(std::fs::File::open(path).context("reading tls private key")?); - let keys = rustls_pemfile::private_key(&mut reader).context("parsing tls private key")?; - keys.ok_or(anyhow!("no private key found")) -} - async fn service( state: Arc<State>, config: Arc<Config>, |