YGGverse/agate
1
0
Fork 0
mirror of https://github.com/YGGverse/agate.git synced 2026-04-08 20:45:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

update rustls and related dependencies (#72)

Browse source 
* chore(deps): bump rustls from 0.19.1 to 0.20.0
* chore(deps): bump webpki from 0.21.4 to 0.22.0
* chore(deps): bump tokio-rustls from 0.22.0 to 0.23.0
* update rustls calls
* update webpki naming
* update tests
This commit is contained in:
Johann150 2021-10-19 00:30:38 +02:00
parent 824d384693
commit b5a416fc35
No known key found for this signature in database
GPG key ID: 9EE6577A2A06F8F1
5 changed files with 121 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

55
src/certificates.rs
View file

@ -1,7 +1,7 @@
use {
rustls::{
sign::{any_supported_type, CertifiedKey},
ResolvesServerCert,
server::{ClientHello, ResolvesServerCert},
sign::{any_supported_type, CertifiedKey, SignError},
},
std::{
ffi::OsStr,
@ -9,7 +9,6 @@ use {
path::Path,
sync::Arc,
},
webpki::DNSNameRef,
};
/// A struct that holds all loaded certificates and the respective domain
@ -17,7 +16,7 @@ use {
pub(crate) struct CertStore {
/// Stores the certificates and the domains they apply to, sorted by domain
/// names, longest matches first
certs: Vec<(String, CertifiedKey)>,
certs: Vec<(String, Arc<CertifiedKey>)>,
}
pub static CERT_FILE_NAME: &str = "cert.der";
@ -29,14 +28,9 @@ pub enum CertLoadError {
NoReadCertDir,
/// no certificates or keys were found
Empty,
/// the specified domain name cannot be processed correctly
BadDomain(String),
/// the key file for the specified domain is bad (e.g. does not contain a
/// key or is invalid)
BadKey(String),
/// The certificate file for the specified domain is bad (e.g. invalid)
/// The second parameter is the error message.
BadCert(String, String),
BadKey(String, SignError),
/// the key file for the specified domain is missing (but a certificate
/// file was present)
MissingKey(String),
@ -53,16 +47,7 @@ impl Display for CertLoadError {
match self {
Self::NoReadCertDir => write!(f, "Could not read from certificate directory."),
Self::Empty => write!(f, "No keys or certificates were found in the given directory.\nSpecify the --hostname option to generate these automatically."),
Self::BadDomain(domain) if !domain.is_ascii() => write!(
f,
"The domain name {} cannot be processed, it must be punycoded.",
domain
),
Self::BadDomain(domain) => write!(f, "The domain name {} cannot be processed.", domain),
Self::BadKey(domain) => write!(f, "The key file for {} is malformed.", domain),
Self::BadCert(domain, e) => {
write!(f, "The certificate file for {} is malformed: {}", domain, e)
}
Self::BadKey(domain, err) => write!(f, "The key file for {} is malformed: {:?}", domain, err),
Self::MissingKey(domain) => write!(f, "The key file for {} is missing.", domain),
Self::MissingCert(domain) => {
write!(f, "The certificate file for {} is missing.", domain)
@ -106,9 +91,9 @@ fn load_domain(certs_dir: &Path, domain: String) -> Result<CertifiedKey, CertLoa
// transform key to correct format
let key = match any_supported_type(&key) {
Ok(key) => key,
Err(()) => return Err(CertLoadError::BadKey(domain)),
Err(e) => return Err(CertLoadError::BadKey(domain, e)),
};
Ok(CertifiedKey::new(vec![cert], Arc::new(key)))
Ok(CertifiedKey::new(vec![cert], key))
}
impl CertStore {
@ -127,14 +112,9 @@ impl CertStore {
// certificate directory.
match load_domain(certs_dir, String::new()) {
Err(CertLoadError::EmptyDomain(_)) => { /* there are no fallback keys */ }
Err(CertLoadError::Empty)
| Err(CertLoadError::NoReadCertDir)
| Err(CertLoadError::BadDomain(_)) => unreachable!(),
Err(CertLoadError::BadKey(_)) => {
return Err(CertLoadError::BadKey("fallback".to_string()))
}
Err(CertLoadError::BadCert(_, e)) => {
return Err(CertLoadError::BadCert("fallback".to_string(), e))
Err(CertLoadError::Empty) | Err(CertLoadError::NoReadCertDir) => unreachable!(),
Err(CertLoadError::BadKey(_, e)) => {
return Err(CertLoadError::BadKey("fallback".to_string(), e))
}
Err(CertLoadError::MissingKey(_)) => {
return Err(CertLoadError::MissingKey("fallback".to_string()))
@ -145,7 +125,7 @@ impl CertStore {
// For the fallback keys there is no domain name to verify them
// against, so we can skip that step and only have to do it for the
// other keys below.
Ok(key) => certs.push((String::new(), key)),
Ok(key) => certs.push((String::new(), Arc::new(key))),
}
for file in certs_dir
@ -163,16 +143,9 @@ impl CertStore {
.unwrap()
.to_string();
let dns_name = match DNSNameRef::try_from_ascii_str(&filename) {
Ok(name) => name,
Err(_) => return Err(CertLoadError::BadDomain(filename)),
};
let key = load_domain(certs_dir, filename.clone())?;
key.cross_check_end_entity_cert(Some(dns_name))
.map_err(|e| CertLoadError::BadCert(filename.clone(), e.to_string()))?;
certs.push((filename, key));
certs.push((filename, Arc::new(key)));
}
if certs.is_empty() {
@ -211,9 +184,9 @@ impl CertStore {
}
impl ResolvesServerCert for CertStore {
fn resolve(&self, client_hello: rustls::ClientHello<'_>) -> Option<CertifiedKey> {
fn resolve(&self, client_hello: ClientHello<'_>) -> Option<Arc<CertifiedKey>> {
if let Some(name) = client_hello.server_name() {
let name: &str = name.into();
let name: &str = name;
// The certificate list is sorted so the longest match will always
// appear first. We have to find the first that is either this
// domain or a parent domain of the current one.