From 6c77c04bc0b647404e9bd991f55c9d6c82396388 Mon Sep 17 00:00:00 2001 From: Florian Lemaitre Date: Sat, 20 Jul 2024 14:08:46 +0200 Subject: [PATCH] Upgrade rcgen --- Cargo.lock | 6 +++--- Cargo.toml | 3 +-- src/server.rs | 24 +++++++++--------------- 3 files changed, 13 insertions(+), 20 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d76ed88..d84bbd8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -805,12 +805,13 @@ dependencies = [ [[package]] name = "rcgen" -version = "0.12.1" +version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48406db8ac1f3cbc7dcdb56ec355343817958a356ff430259bb07baf7607e1e1" +checksum = "54077e1872c46788540de1ea3d7f4ccb1983d12f9aa909b234468676c1a36779" dependencies = [ "pem", "ring", + "rustls-pki-types", "time", "yasna", ] @@ -1084,7 +1085,6 @@ dependencies = [ "async-trait", "base64", "futures", - "pem", "prost", "rand", "rcgen", diff --git a/Cargo.toml b/Cargo.toml index 8b9e168..2c3b0cf 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,9 +20,8 @@ async-stream = "0.3" async-trait = "0.1" base64 = "0.22" futures = "0.3" -pem = "3.0" prost = "0.13" -rcgen = "0.12" +rcgen = "0.13" rmp-serde = "1.1" serde = { version = "1.0", features = ["derive"] } serde_bytes = "0.11" diff --git a/src/server.rs b/src/server.rs index 78ed35a..e414d67 100644 --- a/src/server.rs +++ b/src/server.rs @@ -313,16 +313,12 @@ impl TlsConfig { let client_cert = tonic::transport::Certificate::from_pem(env_cert); // Parameters to generate the server certificate - let mut cp = rcgen::CertificateParams::new(vec!["localhost".to_string()]); - cp.alg = &rcgen::PKCS_ECDSA_P384_SHA384; + let mut cp = rcgen::CertificateParams::new(["localhost".to_string()])?; cp.not_before = time::OffsetDateTime::now_utc().saturating_sub(30.seconds()); cp.not_after = time::OffsetDateTime::now_utc().saturating_add((30 * 365).days()); let mut dn = rcgen::DistinguishedName::new(); dn.push(rcgen::DnType::OrganizationName, "Hashicorp"); - dn.push( - rcgen::DnType::CommonName, - rcgen::DnValue::PrintableString("localhost".to_string()), - ); + dn.push(rcgen::DnType::CommonName, "localhost"); cp.distinguished_name = dn; cp.is_ca = IsCa::Ca(BasicConstraints::Unconstrained); cp.key_usages = vec![ @@ -338,22 +334,20 @@ impl TlsConfig { cp.key_identifier_method = rcgen::KeyIdMethod::Sha512; // Generate the server certificate and its keys - let server_cert = rcgen::Certificate::from_params(cp)?; - let server_cert_der = server_cert.serialize_der_with_signer(&server_cert)?; - - let p = pem::Pem::new("CERTIFICATE".to_string(), server_cert_der.clone()); - let server_cert_pem = pem::encode(&p); - - let server_cert_key_pem = server_cert.serialize_private_key_pem(); + let keypair = rcgen::KeyPair::generate_for(&rcgen::PKCS_ECDSA_P384_SHA384)?; + let server_cert = cp.self_signed(&keypair)?; let tls_config = ServerTlsConfig::new() .client_ca_root(client_cert) .client_auth_optional(true) - .identity(Identity::from_pem(server_cert_pem, server_cert_key_pem)); + .identity(Identity::from_pem( + server_cert.pem(), + keypair.serialize_pem(), + )); Ok(Self { server: Some(tls_config), - cert: server_cert_der, + cert: server_cert.der().to_vec(), }) }