diff options
| author | metamuffin <metamuffin@disroot.org> | 2024-04-30 02:11:41 +0200 |
|---|---|---|
| committer | metamuffin <metamuffin@disroot.org> | 2024-04-30 02:11:41 +0200 |
| commit | d9c195efe76aa7258059564dd7daf117169a19d5 (patch) | |
| tree | 35664ae8370a44fdc89f5661335b3c91f12da73d /src | |
| parent | fcc558d8e1c6759c19adc81c55bbe6b0a1a0ee35 (diff) | |
| download | gnix-d9c195efe76aa7258059564dd7daf117169a19d5.tar gnix-d9c195efe76aa7258059564dd7daf117169a19d5.tar.bz2 gnix-d9c195efe76aa7258059564dd7daf117169a19d5.tar.zst | |
bump versions, refactor key loading
Diffstat (limited to 'src')
| -rw-r--r-- | src/filters/files.rs | 2 | ||||
| -rw-r--r-- | src/main.rs | 23 |
2 files changed, 12 insertions, 13 deletions
diff --git a/src/filters/files.rs b/src/filters/files.rs index 0b313e2..ee40d70 100644 --- a/src/filters/files.rs +++ b/src/filters/files.rs @@ -229,7 +229,7 @@ fn bytes_range(range: Option<headers::Range>, max_len: u64) -> Result<Range<u64> }; let ret = range - .iter() + .satisfiable_ranges(max_len) .map(|(start, end)| { let start = match start { Bound::Unbounded => 0, diff --git a/src/main.rs b/src/main.rs index 07f3d5c..c026aac 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,6 +1,7 @@ #![feature(try_trait_v2)] #![feature(exclusive_range_pattern)] #![feature(slice_split_once)] +#![feature(iterator_try_collect)] pub mod config; pub mod error; @@ -13,7 +14,7 @@ use crate::{ config::{Config, RouteFilter}, filters::{files::serve_files, proxy::proxy_request}, }; -use anyhow::{bail, Context, Result}; +use anyhow::{anyhow, Context, Result}; use bytes::Bytes; use config::setup_file_watch; use error::ServiceError; @@ -31,6 +32,7 @@ use hyper::{ use log::{debug, error, info, warn}; #[cfg(feature = "mond")] use reporting::Reporting; +use rustls::pki_types::{CertificateDer, PrivateKeyDer}; use std::{ collections::HashMap, io::BufReader, @@ -156,7 +158,6 @@ async fn serve_https(state: Arc<State>) -> Result<()> { let certs = load_certs(&https_config.tls_cert)?; let key = load_private_key(&https_config.tls_key)?; let mut cfg = rustls::ServerConfig::builder() - .with_safe_defaults() .with_no_client_auth() .with_single_cert(certs, key)?; cfg.alpn_protocols = vec![ @@ -229,19 +230,17 @@ pub async fn serve_stream<T: Unpin + Send + 'static + hyper::rt::Read + hyper::r } } -fn load_certs(path: &Path) -> anyhow::Result<Vec<rustls::Certificate>> { +fn load_certs(path: &Path) -> anyhow::Result<Vec<CertificateDer<'static>>> { let mut reader = BufReader::new(std::fs::File::open(path).context("reading tls certs")?); - let certs = rustls_pemfile::certs(&mut reader).context("parsing tls certs")?; - Ok(certs.into_iter().map(rustls::Certificate).collect()) + let certs = rustls_pemfile::certs(&mut reader) + .try_collect::<Vec<_>>() + .context("parsing tls certs")?; + Ok(certs) } -fn load_private_key(path: &Path) -> anyhow::Result<rustls::PrivateKey> { +fn load_private_key(path: &Path) -> anyhow::Result<PrivateKeyDer<'static>> { let mut reader = BufReader::new(std::fs::File::open(path).context("reading tls private key")?); - let keys = - rustls_pemfile::pkcs8_private_keys(&mut reader).context("parsing tls private key")?; - if keys.len() != 1 { - bail!("expected a single private key, found {}", keys.len()) - } - Ok(rustls::PrivateKey(keys[0].clone())) + let keys = rustls_pemfile::private_key(&mut reader).context("parsing tls private key")?; + Ok(keys.ok_or(anyhow!("no private key found"))?) } async fn service( |