YGGverse/agate
1
0
Fork 0
mirror of https://github.com/YGGverse/agate.git synced 2026-04-08 20:45:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

use certificate store

Browse source
This commit is contained in:
Johann150 2021-02-27 20:02:19 +01:00
parent f374598fd3
commit 5a4907292f
No known key found for this signature in database
GPG key ID: 9EE6577A2A06F8F1
1 changed files with 10 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

43
src/main.rs
View file

@ -7,17 +7,12 @@ use metadata::{FileOptions, PresetMeta};
use { use {
once_cell::sync::Lazy, once_cell::sync::Lazy,
percent_encoding::{percent_decode_str, percent_encode, AsciiSet, CONTROLS}, percent_encoding::{percent_decode_str, percent_encode, AsciiSet, CONTROLS},
rustls::{ rustls::{NoClientAuth, ServerConfig},
internal::pemfile::{certs, pkcs8_private_keys},
Certificate, NoClientAuth, PrivateKey, ServerConfig,
},
std::{ std::{
borrow::Cow, borrow::Cow,
error::Error, error::Error,
ffi::OsStr, ffi::OsStr,
fmt::Write, fmt::Write,
fs::File,
io::BufReader,
net::SocketAddr, net::SocketAddr,
path::{Path, PathBuf}, path::{Path, PathBuf},
sync::Arc, sync::Arc,
@ -78,8 +73,7 @@ static ARGS: Lazy<Args> = Lazy::new(|| {
struct Args { struct Args {
addrs: Vec<SocketAddr>, addrs: Vec<SocketAddr>,
content_dir: PathBuf, content_dir: PathBuf,
cert_chain: Vec<Certificate>, certs: Arc<certificates::CertStore>,
key: PrivateKey,
hostnames: Vec<Host>, hostnames: Vec<Host>,
language: Option<String>, language: Option<String>,
silent: bool, silent: bool,
@ -100,15 +94,9 @@ fn args() -> Result<Args> {
); );
opts.optopt( opts.optopt(
"", "",
"cert", "certs",
"TLS certificate PEM file (default ./cert.pem)", "folder for certificate files (default ./.certificates/)",
"FILE", "FOLDER",
);
opts.optopt(
"",
"key",
"PKCS8 private key file (default ./key.rsa)",
"FILE",
); );
opts.optmulti( opts.optmulti(
"", "",
@ -172,25 +160,14 @@ fn args() -> Result<Args> {
]; ];
} }
let cert_file = File::open(check_path( let certs = Arc::new(certificates::CertStore::load_from(check_path(
matches.opt_get_default("cert", "cert.pem".into())?, matches.opt_get_default("certs", ".certificates".into())?,
)?)?; )?)?);
let cert_chain = certs(&mut BufReader::new(cert_file)).or(Err("bad cert"))?;
let key_file = File::open(check_path(
matches.opt_get_default("key", "key.rsa".into())?,
)?)?;
let key = pkcs8_private_keys(&mut BufReader::new(key_file))
.or(Err("bad key file"))?
.drain(..)
.next()
.ok_or("no keys found")?;
Ok(Args { Ok(Args {
addrs, addrs,
content_dir: check_path(matches.opt_get_default("content", "content".into())?)?, content_dir: check_path(matches.opt_get_default("content", "content".into())?)?,
cert_chain, certs,
key,
hostnames, hostnames,
language: matches.opt_str("lang"), language: matches.opt_str("lang"),
silent: matches.opt_present("s"), silent: matches.opt_present("s"),
@ -218,7 +195,7 @@ fn acceptor() -> Result<TlsAcceptor> {
if ARGS.only_tls13 { if ARGS.only_tls13 {
config.versions = vec![rustls::ProtocolVersion::TLSv1_3]; config.versions = vec![rustls::ProtocolVersion::TLSv1_3];
} }
config.set_single_cert(ARGS.cert_chain.clone(), ARGS.key.clone())?; config.cert_resolver = ARGS.certs.clone();
Ok(TlsAcceptor::from(Arc::new(config))) Ok(TlsAcceptor::from(Arc::new(config)))
} }