tuxmain/rust-rpxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

rustls_pemfile is deprecated. use rustls-pki-types (rustls::pki_types) instead

Browse source
This commit is contained in:
Jun Kurihara 2025-10-08 15:55:32 +09:00
commit 7a4d7c7402
No known key found for this signature in database
GPG key ID: D992B3E3DE1DED23
3 changed files with 14 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Cargo.lock generated
View file

@ -2122,7 +2122,6 @@ dependencies = [
"derive_builder", "derive_builder",
"hot_reload", "hot_reload",
"rustls", "rustls",
"rustls-pemfile",
"rustls-post-quantum", "rustls-post-quantum",
"rustls-webpki", "rustls-webpki",
"thiserror 2.0.16", "thiserror 2.0.16",

1
rpxy-certs/Cargo.toml
View file

@ -26,7 +26,6 @@ rustls = { version = "0.23.32", default-features = false, features = [
"std", "std",
"aws_lc_rs", "aws_lc_rs",
] } ] }
rustls-pemfile = { version = "2.2.0" }
rustls-webpki = { version = "0.103.6", default-features = false, features = [ rustls-webpki = { version = "0.103.6", default-features = false, features = [
"std", "std",
"aws-lc-rs", "aws-lc-rs",

21
rpxy-certs/src/crypto_source.rs
View file

@ -1,6 +1,7 @@
use crate::{certs::SingleServerCertsKeys, error::*, log::*}; use crate::{certs::SingleServerCertsKeys, error::*, log::*};
use async_trait::async_trait; use async_trait::async_trait;
use derive_builder::Builder; use derive_builder::Builder;
use rustls::pki_types::{self, pem::PemObject};
use std::{ use std::{
fs::File, fs::File,
io::{self, BufReader, Cursor, Read}, io::{self, BufReader, Cursor, Read},
@ -88,7 +89,7 @@ fn read_certs_and_keys(
format!("Unable to load the certificates [{}]: {e}", cert_path.display()), format!("Unable to load the certificates [{}]: {e}", cert_path.display()),
) )
})?); })?);
let raw_certs = rustls_pemfile::certs(&mut reader) let raw_certs = pki_types::CertificateDer::pem_reader_iter(&mut reader)
.collect::<Result<Vec<_>, _>>() .collect::<Result<Vec<_>, _>>()
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "Unable to parse the certificates"))?; .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "Unable to parse the certificates"))?;
@ -104,8 +105,8 @@ fn read_certs_and_keys(
})? })?
.read_to_end(&mut encoded_keys)?; .read_to_end(&mut encoded_keys)?;
let mut reader = Cursor::new(encoded_keys); let mut reader = Cursor::new(encoded_keys);
let pkcs8_keys = rustls_pemfile::pkcs8_private_keys(&mut reader) let pkcs8_keys = pki_types::PrivatePkcs8KeyDer::pem_reader_iter(&mut reader)
.map(|v| v.map(rustls::pki_types::PrivateKeyDer::Pkcs8)) .map(|v| v.map(pki_types::PrivateKeyDer::Pkcs8))
.collect::<Result<Vec<_>, _>>() .collect::<Result<Vec<_>, _>>()
.map_err(|_| { .map_err(|_| {
io::Error::new( io::Error::new(
@ -114,9 +115,15 @@ fn read_certs_and_keys(
) )
})?; })?;
reader.set_position(0); reader.set_position(0);
let mut rsa_keys = rustls_pemfile::rsa_private_keys(&mut reader) let mut rsa_keys = pki_types::PrivatePkcs1KeyDer::pem_reader_iter(&mut reader)
.map(|v| v.map(rustls::pki_types::PrivateKeyDer::Pkcs1)) .map(|v| v.map(pki_types::PrivateKeyDer::Pkcs1))
.collect::<Result<Vec<_>, _>>()?; .collect::<Result<Vec<_>, _>>()
.map_err(|_| {
io::Error::new(
io::ErrorKind::InvalidInput,
"Unable to parse the certificates private keys (RSA)",
)
})?;
let mut raw_cert_keys = pkcs8_keys; let mut raw_cert_keys = pkcs8_keys;
raw_cert_keys.append(&mut rsa_keys); raw_cert_keys.append(&mut rsa_keys);
if raw_cert_keys.is_empty() { if raw_cert_keys.is_empty() {
@ -139,7 +146,7 @@ fn read_certs_and_keys(
) )
})?; })?;
let mut reader = BufReader::new(inner); let mut reader = BufReader::new(inner);
rustls_pemfile::certs(&mut reader) pki_types::CertificateDer::pem_reader_iter(&mut reader)
.collect::<Result<Vec<_>, _>>() .collect::<Result<Vec<_>, _>>()
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "Unable to parse the client certificates")) .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "Unable to parse the client certificates"))
}) })