Skip to content

Commit

Permalink
tls: Update dependencies and fixes for removed types
Browse files Browse the repository at this point in the history
This unbreaks building spin on RiscV, and is otherwise good dependency
hygiene.

Signed-off-by: Danielle Lancashire <[email protected]>
  • Loading branch information
endocrimes committed Mar 23, 2024
1 parent fc0baf4 commit 09925aa
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 101 deletions.
102 changes: 16 additions & 86 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 3 additions & 5 deletions crates/trigger-http/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ http-body-util = { workspace = true }
indexmap = "1"
outbound-http = { path = "../outbound-http" }
percent-encoding = "2"
rustls-pemfile = "0.3.0"
rustls-pemfile = "2.1.1"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1"
spin-app = { path = "../app" }
Expand All @@ -31,13 +31,11 @@ spin-telemetry = { path = "../telemetry" }
spin-trigger = { path = "../trigger" }
spin-world = { path = "../world" }
terminal = { path = "../terminal" }
tls-listener = { version = "0.4.0", features = [
tls-listener = { version = "0.10.0", features = [
"rustls",
"hyper-h1",
"hyper-h2",
] }
tokio = { version = "1.23", features = ["full"] }
tokio-rustls = { version = "0.23.2" }
tokio-rustls = { version = "0.25.0" }
url = "2.4.1"
tracing = { workspace = true }
wasmtime = { workspace = true }
Expand Down
19 changes: 9 additions & 10 deletions crates/trigger-http/src/tls.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
use crate::tls::rustls::pki_types::{CertificateDer, PrivatePkcs8KeyDer};
use rustls_pemfile::{certs, pkcs8_private_keys};
use std::{
fs, io,
Expand All @@ -22,25 +23,23 @@ impl TlsConfig {
let mut keys = load_keys(&self.key_path)?;

let cfg = rustls::ServerConfig::builder()
.with_safe_defaults()
.with_no_client_auth()
.with_single_cert(certs, keys.remove(0))
.with_single_cert(
certs,
tokio_rustls::rustls::pki_types::PrivateKeyDer::Pkcs8(keys.remove(0)),
)
.map_err(|e| anyhow::anyhow!("{}", e))?;

Ok(Arc::new(cfg).into())
}
}

// Loads public certificate from file.
fn load_certs(path: impl AsRef<Path>) -> io::Result<Vec<rustls::Certificate>> {
certs(&mut io::BufReader::new(fs::File::open(path)?))
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert"))
.map(|mut certs| certs.drain(..).map(rustls::Certificate).collect())
fn load_certs(path: impl AsRef<Path>) -> io::Result<Vec<CertificateDer<'static>>> {
certs(&mut io::BufReader::new(fs::File::open(path)?)).collect()
}

// Loads private key from file.
fn load_keys(path: impl AsRef<Path>) -> io::Result<Vec<rustls::PrivateKey>> {
pkcs8_private_keys(&mut io::BufReader::new(fs::File::open(path)?))
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"))
.map(|mut keys| keys.drain(..).map(rustls::PrivateKey).collect())
fn load_keys(path: impl AsRef<Path>) -> io::Result<Vec<PrivatePkcs8KeyDer<'static>>> {
pkcs8_private_keys(&mut io::BufReader::new(fs::File::open(path)?)).collect()
}

0 comments on commit 09925aa

Please sign in to comment.