From b94707af7df757db13f24b7b70dbd7956d1e1e1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Wed, 19 Jun 2024 15:09:17 +0100 Subject: Revert "chore: upgrade to reqwest 0.12.4 and rustls 0.22 (#24056)" (#24262) This reverts commit fb31eaa9ca59f6daaee0210d5cd206185c7041b9. Reverting because users reported spurious errors when downloading dependencies - https://github.com/denoland/deno/issues/24260. Closes https://github.com/denoland/deno/issues/24260 --- tests/util/server/src/https.rs | 53 +++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 27 deletions(-) (limited to 'tests/util/server/src') diff --git a/tests/util/server/src/https.rs b/tests/util/server/src/https.rs index 617fd5cae..8a2524dca 100644 --- a/tests/util/server/src/https.rs +++ b/tests/util/server/src/https.rs @@ -2,9 +2,9 @@ use anyhow::anyhow; use futures::Stream; use futures::StreamExt; +use rustls::Certificate; +use rustls::PrivateKey; use rustls_tokio_stream::rustls; -use rustls_tokio_stream::rustls::pki_types::CertificateDer; -use rustls_tokio_stream::rustls::pki_types::PrivateKeyDer; use rustls_tokio_stream::TlsStream; use std::io; use std::num::NonZeroUsize; @@ -68,30 +68,30 @@ pub fn get_tls_config( let key_file = std::fs::File::open(key_path)?; let ca_file = std::fs::File::open(ca_path)?; - let certs_result: Result>, io::Error> = { + let certs: Vec = { let mut cert_reader = io::BufReader::new(cert_file); - rustls_pemfile::certs(&mut cert_reader).collect() + rustls_pemfile::certs(&mut cert_reader) + .unwrap() + .into_iter() + .map(Certificate) + .collect() }; - let certs = certs_result?; let mut ca_cert_reader = io::BufReader::new(ca_file); let ca_cert = rustls_pemfile::certs(&mut ca_cert_reader) - .collect::>() - .remove(0)?; + .expect("Cannot load CA certificate") + .remove(0); let mut key_reader = io::BufReader::new(key_file); let key = { - let pkcs8_keys = rustls_pemfile::pkcs8_private_keys(&mut key_reader) - .collect::, _>>()?; - let rsa_keys = rustls_pemfile::rsa_private_keys(&mut key_reader) - .collect::, _>>()?; - - if !pkcs8_keys.is_empty() { - let key = pkcs8_keys[0].clone_key(); - Some(PrivateKeyDer::from(key)) - } else if !rsa_keys.is_empty() { - let key = rsa_keys[0].clone_key(); - Some(PrivateKeyDer::from(key)) + let pkcs8_key = rustls_pemfile::pkcs8_private_keys(&mut key_reader) + .expect("Cannot load key file"); + let rsa_key = rustls_pemfile::rsa_private_keys(&mut key_reader) + .expect("Cannot load key file"); + if !pkcs8_key.is_empty() { + Some(pkcs8_key[0].clone()) + } else if !rsa_key.is_empty() { + Some(rsa_key[0].clone()) } else { None } @@ -100,19 +100,18 @@ pub fn get_tls_config( match key { Some(key) => { let mut root_cert_store = rustls::RootCertStore::empty(); - root_cert_store.add(ca_cert).unwrap(); + root_cert_store.add(&rustls::Certificate(ca_cert)).unwrap(); // Allow (but do not require) client authentication. - let client_verifier = rustls::server::WebPkiClientVerifier::builder( - Arc::new(root_cert_store), - ) - .allow_unauthenticated() - .build() - .unwrap(); let mut config = rustls::ServerConfig::builder() - .with_client_cert_verifier(client_verifier) - .with_single_cert(certs, key) + .with_safe_defaults() + .with_client_cert_verifier(Arc::new( + rustls::server::AllowAnyAnonymousOrAuthenticatedClient::new( + root_cert_store, + ), + )) + .with_single_cert(certs, PrivateKey(key)) .map_err(|e| anyhow!("Error setting cert: {:?}", e)) .unwrap(); -- cgit v1.2.3