diff options
| author | Bartek IwaĆczuk <biwanczuk@gmail.com> | 2024-06-19 15:09:17 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-06-19 16:09:17 +0200 |
| commit | b94707af7df757db13f24b7b70dbd7956d1e1e1c (patch) | |
| tree | 5e2ce944f66f4fda8b0982b68e7e422c2960753a /tests/util | |
| parent | f4eead61ebd0af203784134c0a8b6339874531b5 (diff) | |
Revert "chore: upgrade to reqwest 0.12.4 and rustls 0.22 (#24056)" (#24262)
This reverts commit fb31eaa9ca59f6daaee0210d5cd206185c7041b9.
Reverting because users reported spurious errors when downloading
dependencies - https://github.com/denoland/deno/issues/24260.
Closes https://github.com/denoland/deno/issues/24260
Diffstat (limited to 'tests/util')
| -rw-r--r-- | tests/util/server/src/https.rs | 53 |
1 files changed, 26 insertions, 27 deletions
diff --git a/tests/util/server/src/https.rs b/tests/util/server/src/https.rs index 617fd5cae..8a2524dca 100644 --- a/tests/util/server/src/https.rs +++ b/tests/util/server/src/https.rs @@ -2,9 +2,9 @@ use anyhow::anyhow; use futures::Stream; use futures::StreamExt; +use rustls::Certificate; +use rustls::PrivateKey; use rustls_tokio_stream::rustls; -use rustls_tokio_stream::rustls::pki_types::CertificateDer; -use rustls_tokio_stream::rustls::pki_types::PrivateKeyDer; use rustls_tokio_stream::TlsStream; use std::io; use std::num::NonZeroUsize; @@ -68,30 +68,30 @@ pub fn get_tls_config( let key_file = std::fs::File::open(key_path)?; let ca_file = std::fs::File::open(ca_path)?; - let certs_result: Result<Vec<CertificateDer<'static>>, io::Error> = { + let certs: Vec<Certificate> = { let mut cert_reader = io::BufReader::new(cert_file); - rustls_pemfile::certs(&mut cert_reader).collect() + rustls_pemfile::certs(&mut cert_reader) + .unwrap() + .into_iter() + .map(Certificate) + .collect() }; - let certs = certs_result?; let mut ca_cert_reader = io::BufReader::new(ca_file); let ca_cert = rustls_pemfile::certs(&mut ca_cert_reader) - .collect::<Vec<_>>() - .remove(0)?; + .expect("Cannot load CA certificate") + .remove(0); let mut key_reader = io::BufReader::new(key_file); let key = { - let pkcs8_keys = rustls_pemfile::pkcs8_private_keys(&mut key_reader) - .collect::<Result<Vec<_>, _>>()?; - let rsa_keys = rustls_pemfile::rsa_private_keys(&mut key_reader) - .collect::<Result<Vec<_>, _>>()?; - - if !pkcs8_keys.is_empty() { - let key = pkcs8_keys[0].clone_key(); - Some(PrivateKeyDer::from(key)) - } else if !rsa_keys.is_empty() { - let key = rsa_keys[0].clone_key(); - Some(PrivateKeyDer::from(key)) + let pkcs8_key = rustls_pemfile::pkcs8_private_keys(&mut key_reader) + .expect("Cannot load key file"); + let rsa_key = rustls_pemfile::rsa_private_keys(&mut key_reader) + .expect("Cannot load key file"); + if !pkcs8_key.is_empty() { + Some(pkcs8_key[0].clone()) + } else if !rsa_key.is_empty() { + Some(rsa_key[0].clone()) } else { None } @@ -100,19 +100,18 @@ pub fn get_tls_config( match key { Some(key) => { let mut root_cert_store = rustls::RootCertStore::empty(); - root_cert_store.add(ca_cert).unwrap(); + root_cert_store.add(&rustls::Certificate(ca_cert)).unwrap(); // Allow (but do not require) client authentication. - let client_verifier = rustls::server::WebPkiClientVerifier::builder( - Arc::new(root_cert_store), - ) - .allow_unauthenticated() - .build() - .unwrap(); let mut config = rustls::ServerConfig::builder() - .with_client_cert_verifier(client_verifier) - .with_single_cert(certs, key) + .with_safe_defaults() + .with_client_cert_verifier(Arc::new( + rustls::server::AllowAnyAnonymousOrAuthenticatedClient::new( + root_cert_store, + ), + )) + .with_single_cert(certs, PrivateKey(key)) .map_err(|e| anyhow!("Error setting cert: {:?}", e)) .unwrap(); |