diff --git a/Cargo.lock b/Cargo.lock index 61c0ae4ce..7a3d6be84 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -214,7 +214,7 @@ dependencies = [ "futures-core", "log", "pin-project-lite", - "tokio-rustls", + "tokio-rustls 0.23.4", "tokio-util", "webpki-roots", ] @@ -334,7 +334,7 @@ version = "0.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47" dependencies = [ - "getrandom 0.2.7", + "getrandom 0.2.11", "once_cell", "version_check", ] @@ -496,7 +496,7 @@ dependencies = [ "regex", "rio_api 0.7.1", "rio_turtle 0.7.1", - "rustls", + "rustls 0.20.6", "rustls-pemfile", "sanitize-filename", "serde", @@ -534,7 +534,7 @@ dependencies = [ "ntest", "rand 0.8.5", "regex", - "ring", + "ring 0.17.6", "rio_api 0.8.2", "rio_turtle 0.8.2", "serde", @@ -682,11 +682,12 @@ checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" [[package]] name = "cc" -version = "1.0.73" +version = "1.0.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11" +checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" dependencies = [ "jobserver", + "libc", ] [[package]] @@ -1545,9 +1546,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.7" +version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6" +checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" dependencies = [ "cfg-if", "libc", @@ -1725,16 +1726,17 @@ dependencies = [ [[package]] name = "hyper-rustls" -version = "0.23.2" +version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1788965e61b367cd03a62950836d5cd41560c3577d90e40e0819373194d1661c" +checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590" dependencies = [ + "futures-util", "http", "hyper", - "rustls", + "rustls 0.21.9", "rustls-native-certs", "tokio", - "tokio-rustls", + "tokio-rustls 0.24.1", ] [[package]] @@ -1809,14 +1811,14 @@ dependencies = [ [[package]] name = "instant-acme" -version = "0.1.3" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b610f3da5efb8193805de5f7b74110ca0eb76ae550a03e0a11a24d29e3230ed" +checksum = "dfd67650b79d84a42241813361d52f313271987a48330606653995881fe47ef4" dependencies = [ "base64 0.21.0", "hyper", "hyper-rustls", - "ring", + "ring 0.17.6", "serde", "serde_json", "thiserror", @@ -2507,11 +2509,12 @@ checksum = "498a099351efa4becc6a19c72aa9270598e8fd274ca47052e37455241c88b696" [[package]] name = "pem" -version = "1.1.1" +version = "3.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8" +checksum = "3163d2912b7c3b52d651a055f2c7eec9ba5cd22d26ef75b8dd3a59980b185923" dependencies = [ - "base64 0.13.0", + "base64 0.21.0", + "serde", ] [[package]] @@ -2855,7 +2858,7 @@ version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" dependencies = [ - "getrandom 0.2.7", + "getrandom 0.2.11", ] [[package]] @@ -2902,12 +2905,12 @@ dependencies = [ [[package]] name = "rcgen" -version = "0.10.0" +version = "0.11.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffbe84efe2f38dea12e9bfc1f65377fdf03e53a18cb3b995faedf7934c7e785b" +checksum = "52c4f3084aa3bc7dfbba4eff4fab2a54db4324965d8872ab933565e6fbd83bc6" dependencies = [ "pem", - "ring", + "ring 0.16.20", "time 0.3.14", "yasna", ] @@ -2927,7 +2930,7 @@ version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b033d837a7cf162d7993aded9304e30a83213c648b6e389db233191f891e5c2b" dependencies = [ - "getrandom 0.2.7", + "getrandom 0.2.11", "redox_syscall", "thiserror", ] @@ -2976,12 +2979,26 @@ dependencies = [ "cc", "libc", "once_cell", - "spin", - "untrusted", + "spin 0.5.2", + "untrusted 0.7.1", "web-sys", "winapi", ] +[[package]] +name = "ring" +version = "0.17.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "684d5e6e18f669ccebf64a92236bb7db9a34f07be010e3627368182027180866" +dependencies = [ + "cc", + "getrandom 0.2.11", + "libc", + "spin 0.9.8", + "untrusted 0.9.0", + "windows-sys 0.48.0", +] + [[package]] name = "rio_api" version = "0.7.1" @@ -3075,11 +3092,22 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5aab8ee6c7097ed6057f43c187a62418d0c05a4bd5f18b3571db50ee0f9ce033" dependencies = [ "log", - "ring", + "ring 0.16.20", "sct", "webpki", ] +[[package]] +name = "rustls" +version = "0.21.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "629648aced5775d558af50b2b4c7b02983a04b312126d45eeead26e7caa498b9" +dependencies = [ + "ring 0.17.6", + "rustls-webpki", + "sct", +] + [[package]] name = "rustls-native-certs" version = "0.6.2" @@ -3101,6 +3129,16 @@ dependencies = [ "base64 0.13.0", ] +[[package]] +name = "rustls-webpki" +version = "0.101.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" +dependencies = [ + "ring 0.17.6", + "untrusted 0.9.0", +] + [[package]] name = "rustversion" version = "1.0.9" @@ -3190,8 +3228,8 @@ version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" dependencies = [ - "ring", - "untrusted", + "ring 0.16.20", + "untrusted 0.7.1", ] [[package]] @@ -3431,6 +3469,12 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + [[package]] name = "stable_deref_trait" version = "1.2.0" @@ -3855,11 +3899,21 @@ version = "0.23.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c43ee83903113e03984cb9e5cebe6c04a5116269e900e3ddba8f068a62adda59" dependencies = [ - "rustls", + "rustls 0.20.6", "tokio", "webpki", ] +[[package]] +name = "tokio-rustls" +version = "0.24.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" +dependencies = [ + "rustls 0.21.9", + "tokio", +] + [[package]] name = "tokio-util" version = "0.7.4" @@ -4111,6 +4165,12 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + [[package]] name = "ureq" version = "2.5.0" @@ -4122,7 +4182,7 @@ dependencies = [ "flate2", "log", "once_cell", - "rustls", + "rustls 0.20.6", "url", "webpki", "webpki-roots", @@ -4169,7 +4229,7 @@ version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dd6469f4314d5f1ffec476e05f17cc9a78bc7a27a6a857842170bdf8d6f98d2f" dependencies = [ - "getrandom 0.2.7", + "getrandom 0.2.11", "serde", ] @@ -4303,8 +4363,8 @@ version = "0.22.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07ecc0cd7cac091bf682ec5efa18b1cff79d617b84181f38b3951dbe135f607f" dependencies = [ - "ring", - "untrusted", + "ring 0.16.20", + "untrusted 0.7.1", ] [[package]] @@ -4532,9 +4592,9 @@ dependencies = [ [[package]] name = "yasna" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aed2e7a52e3744ab4d0c05c20aa065258e84c49fd4226f5191b2ed29712710b4" +checksum = "e17bb3549cc1321ae1296b9cdc2698e2b6cb1992adfa19a8c72e5b7a738f44cd" dependencies = [ "time 0.3.14", ] diff --git a/lib/Cargo.toml b/lib/Cargo.toml index 9c3a3c332..26bca206e 100644 --- a/lib/Cargo.toml +++ b/lib/Cargo.toml @@ -24,7 +24,7 @@ kuchikiki = {version = "0.8.2", optional = true} lol_html = {version = "0.3.1", optional = true} rand = {version = "0.8"} regex = "1" -ring = "0.16.19" +ring = "0.17.6" rio_api = {version = "0.8", optional = true} rio_turtle = {version = "0.8", optional = true} serde = {version = "1", features = ["derive"]} diff --git a/server/Cargo.toml b/server/Cargo.toml index d260b761a..2790b752c 100644 --- a/server/Cargo.toml +++ b/server/Cargo.toml @@ -51,11 +51,11 @@ urlencoding = "2" [dependencies.instant-acme] optional = true -version = "0.1" +version = "0.4" [dependencies.rcgen] optional = true -version = "0.10" +version = "0.11" [dependencies.tracing-opentelemetry] optional = true diff --git a/server/src/https.rs b/server/src/https.rs index 24f32f2d9..dcf6b3fc9 100644 --- a/server/src/https.rs +++ b/server/src/https.rs @@ -190,13 +190,14 @@ pub async fn request_cert(config: &crate::config::Config) -> AtomicServerResult< info!("Creating LetsEncrypt account with email {}", email); - let account = instant_acme::Account::create( + let (account, _creds) = instant_acme::Account::create( &instant_acme::NewAccount { contact: &[&format!("mailto:{}", email)], terms_of_service_agreed: true, only_return_existing: false, }, lets_encrypt_url, + None, ) .await .map_err(|e| format!("Failed to create account: {}", e))?; @@ -211,18 +212,21 @@ pub async fn request_cert(config: &crate::config::Config) -> AtomicServerResult< domain = format!("*.{}", domain); } let identifier = instant_acme::Identifier::Dns(domain); - let (mut order, state) = account + let mut order = account .new_order(&instant_acme::NewOrder { identifiers: &[identifier], }) .await .unwrap(); - assert!(matches!(state.status, instant_acme::OrderStatus::Pending)); + assert!(matches!( + order.state().status, + instant_acme::OrderStatus::Pending + )); // Pick the desired challenge type and prepare the response. - let authorizations = order.authorizations(&state.authorizations).await.unwrap(); + let authorizations = order.authorizations().await.unwrap(); let mut challenges = Vec::with_capacity(authorizations.len()); // if we have H11p01 challenges, we need to start a server to handle them, and eventually turn that off again @@ -276,7 +280,7 @@ pub async fn request_cert(config: &crate::config::Config) -> AtomicServerResult< let url = authorizations.get(0).expect("Authorizations is empty"); let state = loop { actix::clock::sleep(delay).await; - let state = order.state().await.unwrap(); + let state = order.state(); if let instant_acme::OrderStatus::Ready | instant_acme::OrderStatus::Invalid = state.status { info!("order state: {:#?}", state); @@ -314,16 +318,18 @@ pub async fn request_cert(config: &crate::config::Config) -> AtomicServerResult< // Finalize the order and print certificate chain, private key and account credentials. + order.finalize(&csr).await.map_err(|e| e.to_string())?; let cert_chain_pem = order - .finalize(&csr, &state.finalize) + .certificate() .await - .map_err(|e| e.to_string())?; - info!("certficate chain:\n\n{}", cert_chain_pem,); + .map_err(|e| format!("Error getting certificate {}", e))? + .expect("No cert found"); + info!("certficate chain:\n\n{}", cert_chain_pem); info!("private key:\n\n{}", cert.serialize_private_key_pem()); - info!( - "account credentials:\n\n{}", - serde_json::to_string_pretty(&account.credentials()).map_err(|e| e.to_string())? - ); + // info!( + // "account credentials:\n\n{}", + // serde_json::to_string_pretty(&account.credentials()).map_err(|e| e.to_string())? + // ); write_certs(config, cert_chain_pem, cert)?; if let Some(hnd) = handle {