diff options
Diffstat (limited to 'src/main.rs')
| -rw-r--r-- | src/main.rs | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/src/main.rs b/src/main.rs index 07f3d5c..c026aac 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,6 +1,7 @@ #![feature(try_trait_v2)] #![feature(exclusive_range_pattern)] #![feature(slice_split_once)] +#![feature(iterator_try_collect)] pub mod config; pub mod error; @@ -13,7 +14,7 @@ use crate::{ config::{Config, RouteFilter}, filters::{files::serve_files, proxy::proxy_request}, }; -use anyhow::{bail, Context, Result}; +use anyhow::{anyhow, Context, Result}; use bytes::Bytes; use config::setup_file_watch; use error::ServiceError; @@ -31,6 +32,7 @@ use hyper::{ use log::{debug, error, info, warn}; #[cfg(feature = "mond")] use reporting::Reporting; +use rustls::pki_types::{CertificateDer, PrivateKeyDer}; use std::{ collections::HashMap, io::BufReader, @@ -156,7 +158,6 @@ async fn serve_https(state: Arc<State>) -> Result<()> { let certs = load_certs(&https_config.tls_cert)?; let key = load_private_key(&https_config.tls_key)?; let mut cfg = rustls::ServerConfig::builder() - .with_safe_defaults() .with_no_client_auth() .with_single_cert(certs, key)?; cfg.alpn_protocols = vec![ @@ -229,19 +230,17 @@ pub async fn serve_stream<T: Unpin + Send + 'static + hyper::rt::Read + hyper::r } } -fn load_certs(path: &Path) -> anyhow::Result<Vec<rustls::Certificate>> { +fn load_certs(path: &Path) -> anyhow::Result<Vec<CertificateDer<'static>>> { let mut reader = BufReader::new(std::fs::File::open(path).context("reading tls certs")?); - let certs = rustls_pemfile::certs(&mut reader).context("parsing tls certs")?; - Ok(certs.into_iter().map(rustls::Certificate).collect()) + let certs = rustls_pemfile::certs(&mut reader) + .try_collect::<Vec<_>>() + .context("parsing tls certs")?; + Ok(certs) } -fn load_private_key(path: &Path) -> anyhow::Result<rustls::PrivateKey> { +fn load_private_key(path: &Path) -> anyhow::Result<PrivateKeyDer<'static>> { let mut reader = BufReader::new(std::fs::File::open(path).context("reading tls private key")?); - let keys = - rustls_pemfile::pkcs8_private_keys(&mut reader).context("parsing tls private key")?; - if keys.len() != 1 { - bail!("expected a single private key, found {}", keys.len()) - } - Ok(rustls::PrivateKey(keys[0].clone())) + let keys = rustls_pemfile::private_key(&mut reader).context("parsing tls private key")?; + Ok(keys.ok_or(anyhow!("no private key found"))?) } async fn service( |