Skip to content

Commit

Permalink
tls: Update dependencies and fixes for removed types
Browse files Browse the repository at this point in the history
This unbreaks building spin on RiscV, and is otherwise good dependency
hygiene.

Signed-off-by: Danielle Lancashire <[email protected]>
  • Loading branch information
endocrimes committed Apr 7, 2024
1 parent c5066c4 commit 1d72a06
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 94 deletions.
95 changes: 13 additions & 82 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions crates/trigger-http/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ http-body-util = { workspace = true }
indexmap = "1"
outbound-http = { path = "../outbound-http" }
percent-encoding = "2"
rustls-pemfile = "0.3.0"
rustls-pemfile = "2.1.1"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1"
spin-app = { path = "../app" }
Expand All @@ -33,7 +33,7 @@ spin-world = { path = "../world" }
terminal = { path = "../terminal" }
tls-listener = { version = "0.10.0", features = ["rustls"] }
tokio = { version = "1.23", features = ["full"] }
tokio-rustls = { version = "0.23.2" }
tokio-rustls = { version = "0.25.0" }
url = "2.4.1"
tracing = { workspace = true }
wasmtime = { workspace = true }
Expand Down
20 changes: 10 additions & 10 deletions crates/trigger-http/src/tls.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
use crate::tls::rustls::pki_types::{CertificateDer, PrivatePkcs8KeyDer};
use rustls_pemfile::{certs, pkcs8_private_keys};
use std::{
fs, io,
Expand All @@ -22,25 +23,24 @@ impl TlsConfig {
let mut keys = load_keys(&self.key_path)?;

let cfg = rustls::ServerConfig::builder()
.with_safe_defaults()
.with_safe_default_protocol_versions()
.with_no_client_auth()
.with_single_cert(certs, keys.remove(0))
.with_single_cert(
certs,
tokio_rustls::rustls::pki_types::PrivateKeyDer::Pkcs8(keys.remove(0)),
)
.map_err(|e| anyhow::anyhow!("{}", e))?;

Ok(Arc::new(cfg).into())
}
}

// Loads public certificate from file.
fn load_certs(path: impl AsRef<Path>) -> io::Result<Vec<rustls::Certificate>> {
certs(&mut io::BufReader::new(fs::File::open(path)?))
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert"))
.map(|mut certs| certs.drain(..).map(rustls::Certificate).collect())
fn load_certs(path: impl AsRef<Path>) -> io::Result<Vec<CertificateDer<'static>>> {
certs(&mut io::BufReader::new(fs::File::open(path)?)).collect()
}

// Loads private key from file.
fn load_keys(path: impl AsRef<Path>) -> io::Result<Vec<rustls::PrivateKey>> {
pkcs8_private_keys(&mut io::BufReader::new(fs::File::open(path)?))
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"))
.map(|mut keys| keys.drain(..).map(rustls::PrivateKey).collect())
fn load_keys(path: impl AsRef<Path>) -> io::Result<Vec<PrivatePkcs8KeyDer<'static>>> {
pkcs8_private_keys(&mut io::BufReader::new(fs::File::open(path)?)).collect()
}

0 comments on commit 1d72a06

Please sign in to comment.