diff options
| author | Bartek IwaĆczuk <biwanczuk@gmail.com> | 2024-06-19 15:09:17 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-06-19 16:09:17 +0200 |
| commit | b94707af7df757db13f24b7b70dbd7956d1e1e1c (patch) | |
| tree | 5e2ce944f66f4fda8b0982b68e7e422c2960753a /ext/tls/tls_key.rs | |
| parent | f4eead61ebd0af203784134c0a8b6339874531b5 (diff) | |
Revert "chore: upgrade to reqwest 0.12.4 and rustls 0.22 (#24056)" (#24262)
This reverts commit fb31eaa9ca59f6daaee0210d5cd206185c7041b9.
Reverting because users reported spurious errors when downloading
dependencies - https://github.com/denoland/deno/issues/24260.
Closes https://github.com/denoland/deno/issues/24260
Diffstat (limited to 'ext/tls/tls_key.rs')
| -rw-r--r-- | ext/tls/tls_key.rs | 46 |
1 files changed, 18 insertions, 28 deletions
diff --git a/ext/tls/tls_key.rs b/ext/tls/tls_key.rs index 1e60e7cf0..18064a91a 100644 --- a/ext/tls/tls_key.rs +++ b/ext/tls/tls_key.rs @@ -11,6 +11,8 @@ //! key lookup can handle closing one end of the pair, in which case they will just //! attempt to clean up the associated resources. +use crate::Certificate; +use crate::PrivateKey; use deno_core::anyhow::anyhow; use deno_core::error::AnyError; use deno_core::futures::future::poll_fn; @@ -30,21 +32,12 @@ use std::sync::Arc; use tokio::sync::broadcast; use tokio::sync::mpsc; use tokio::sync::oneshot; -use webpki::types::CertificateDer; -use webpki::types::PrivateKeyDer; type ErrorType = Rc<AnyError>; /// A TLS certificate/private key pair. -/// see https://docs.rs/rustls-pki-types/latest/rustls_pki_types/#cloning-private-keys -#[derive(Debug, PartialEq, Eq)] -pub struct TlsKey(pub Vec<CertificateDer<'static>>, pub PrivateKeyDer<'static>); - -impl Clone for TlsKey { - fn clone(&self) -> Self { - Self(self.0.clone(), self.1.clone_key()) - } -} +#[derive(Clone, Debug, PartialEq, Eq)] +pub struct TlsKey(pub Vec<Certificate>, pub PrivateKey); #[derive(Clone, Debug, Default)] pub enum TlsKeys { @@ -116,8 +109,9 @@ impl TlsKeyResolver { let key = self.resolve(sni).await?; let mut tls_config = ServerConfig::builder() + .with_safe_defaults() .with_no_client_auth() - .with_single_cert(key.0, key.1.clone_key())?; + .with_single_cert(key.0, key.1)?; tls_config.alpn_protocols = alpn; Ok(tls_config.into()) } @@ -257,18 +251,14 @@ impl TlsKeyLookup { pub mod tests { use super::*; use deno_core::unsync::spawn; + use rustls::Certificate; + use rustls::PrivateKey; fn tls_key_for_test(sni: &str) -> TlsKey { - let manifest_dir = - std::path::PathBuf::from(std::env::var("CARGO_MANIFEST_DIR").unwrap()); - let sni = sni.replace(".com", ""); - let cert_file = manifest_dir.join(format!("testdata/{}_cert.der", sni)); - let prikey_file = manifest_dir.join(format!("testdata/{}_prikey.der", sni)); - let cert = std::fs::read(cert_file).unwrap(); - let prikey = std::fs::read(prikey_file).unwrap(); - let cert = CertificateDer::from(cert); - let prikey = PrivateKeyDer::try_from(prikey).unwrap(); - TlsKey(vec![cert], prikey) + TlsKey( + vec![Certificate(format!("{sni}-cert").into_bytes())], + PrivateKey(format!("{sni}-key").into_bytes()), + ) } #[tokio::test] @@ -280,8 +270,8 @@ pub mod tests { } }); - let key = resolver.resolve("example1.com".to_owned()).await.unwrap(); - assert_eq!(tls_key_for_test("example1.com"), key); + let key = resolver.resolve("example.com".to_owned()).await.unwrap(); + assert_eq!(tls_key_for_test("example.com"), key); drop(resolver); task.await.unwrap(); @@ -296,13 +286,13 @@ pub mod tests { } }); - let f1 = resolver.resolve("example1.com".to_owned()); - let f2 = resolver.resolve("example1.com".to_owned()); + let f1 = resolver.resolve("example.com".to_owned()); + let f2 = resolver.resolve("example.com".to_owned()); let key = f1.await.unwrap(); - assert_eq!(tls_key_for_test("example1.com"), key); + assert_eq!(tls_key_for_test("example.com"), key); let key = f2.await.unwrap(); - assert_eq!(tls_key_for_test("example1.com"), key); + assert_eq!(tls_key_for_test("example.com"), key); drop(resolver); task.await.unwrap(); |