2
0
Fork 0
mirror of https://git.asonix.dog/asonix/pict-rs synced 2024-12-22 03:11:24 +00:00

Update rustls for actix-web

This commit is contained in:
asonix 2024-02-03 21:58:08 -06:00
parent 527c9642a5
commit 8869b82065
4 changed files with 57 additions and 54 deletions

87
Cargo.lock generated
View file

@ -37,9 +37,9 @@ dependencies = [
[[package]]
name = "actix-http"
version = "3.5.1"
version = "3.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "129d4c88e98860e1758c5de288d1632b07970a16d59bdf7b8d66053d582bb71f"
checksum = "d223b13fd481fc0d1f83bb12659ae774d9e3601814c68a0bc539731698cca743"
dependencies = [
"actix-codec",
"actix-rt",
@ -150,9 +150,9 @@ dependencies = [
[[package]]
name = "actix-tls"
version = "3.2.0"
version = "3.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "929e47cc23865cdb856e59673cfba2d28f00b3bbd060dfc80e33a00a3cea8317"
checksum = "d4cce60a2f2b477bc72e5cde0af1812a6e82d8fd85b5570a5dcf2a5bf2c5be5f"
dependencies = [
"actix-rt",
"actix-service",
@ -160,11 +160,11 @@ dependencies = [
"futures-core",
"impl-more",
"pin-project-lite",
"rustls-pki-types",
"tokio",
"tokio-rustls 0.24.1",
"tokio-rustls 0.25.0",
"tokio-util",
"tracing",
"webpki-roots 0.25.3",
]
[[package]]
@ -179,9 +179,9 @@ dependencies = [
[[package]]
name = "actix-web"
version = "4.4.1"
version = "4.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e43428f3bf11dee6d166b00ec2df4e3aa8cc1606aaa0b7433c146852e2f4e03b"
checksum = "43a6556ddebb638c2358714d853257ed226ece6023ef9364f23f0c70737ea984"
dependencies = [
"actix-codec",
"actix-http",
@ -1117,7 +1117,7 @@ dependencies = [
"futures-sink",
"futures-util",
"http",
"indexmap 2.2.1",
"indexmap 2.2.2",
"slab",
"tokio",
"tokio-util",
@ -1277,9 +1277,9 @@ dependencies = [
[[package]]
name = "iana-time-zone"
version = "0.1.59"
version = "0.1.60"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b6a67363e2aa4443928ce15e57ebae94fd8949958fd1223c4cfc0cd473ad7539"
checksum = "e7ffbb5a1b541ea2561f8c41c087286cc091e21e556a4f09a8f6cbf17b69b141"
dependencies = [
"android_system_properties",
"core-foundation-sys",
@ -1332,9 +1332,9 @@ dependencies = [
[[package]]
name = "indexmap"
version = "2.2.1"
version = "2.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "433de089bd45971eecf4668ee0ee8f4cec17db4f8bd8f7bc3197a6ce37aa7d9b"
checksum = "824b2ae422412366ba479e8111fd301f7b5faece8149317bb81925979a53f520"
dependencies = [
"equivalent",
"hashbrown 0.14.3",
@ -1552,9 +1552,9 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
[[package]]
name = "miniz_oxide"
version = "0.7.1"
version = "0.7.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7"
checksum = "9d811f3e15f28568be3407c8e7fdb6514c1cda3cb30683f15b6a1a1dc4ea14a7"
dependencies = [
"adler",
]
@ -1606,6 +1606,12 @@ dependencies = [
"winapi",
]
[[package]]
name = "num-conv"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
[[package]]
name = "num-traits"
version = "0.2.17"
@ -1648,7 +1654,7 @@ checksum = "1e32339a5dc40459130b3bd269e9892439f55b33e772d2a9d402a789baaf4e8a"
dependencies = [
"futures-core",
"futures-sink",
"indexmap 2.2.1",
"indexmap 2.2.2",
"js-sys",
"once_cell",
"pin-project-lite",
@ -1866,7 +1872,6 @@ dependencies = [
"reqwest",
"reqwest-middleware",
"reqwest-tracing",
"rustls 0.21.10",
"rustls 0.22.2",
"rustls-channel-resolver",
"rustls-pemfile 2.0.0",
@ -1896,7 +1901,7 @@ dependencies = [
"tracing-subscriber",
"url",
"uuid",
"webpki-roots 0.26.0",
"webpki-roots 0.26.1",
]
[[package]]
@ -2280,7 +2285,7 @@ dependencies = [
"wasm-bindgen-futures",
"wasm-streams",
"web-sys",
"webpki-roots 0.25.3",
"webpki-roots 0.25.4",
"winreg",
]
@ -2391,19 +2396,19 @@ dependencies = [
"log",
"ring",
"rustls-pki-types",
"rustls-webpki 0.102.1",
"rustls-webpki 0.102.2",
"subtle",
"zeroize",
]
[[package]]
name = "rustls-channel-resolver"
version = "0.1.0"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "de0a6bf546dc283b4c1413532d2bf53a64b3a006ee57f7ca0f4984f35841cacb"
checksum = "ffbd1941204442f051576a9a7ea8e8db074ad7fd43db1eb3378c3633f9f9e166"
dependencies = [
"nanorand",
"rustls 0.21.10",
"rustls 0.22.2",
]
[[package]]
@ -2427,9 +2432,9 @@ dependencies = [
[[package]]
name = "rustls-pki-types"
version = "1.1.0"
version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9e9d979b3ce68192e42760c7810125eb6cf2ea10efae545a156063e61f314e2a"
checksum = "0a716eb65e3158e90e17cd93d855216e27bde02745ab842f2cab4a39dba1bacf"
[[package]]
name = "rustls-webpki"
@ -2443,9 +2448,9 @@ dependencies = [
[[package]]
name = "rustls-webpki"
version = "0.102.1"
version = "0.102.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ef4ca26037c909dedb327b48c3327d0ba91d3dd3c4e05dad328f210ffb68e95b"
checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610"
dependencies = [
"ring",
"rustls-pki-types",
@ -2867,12 +2872,13 @@ dependencies = [
[[package]]
name = "time"
version = "0.3.31"
version = "0.3.34"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f657ba42c3f86e7680e53c8cd3af8abbe56b5491790b46e22e19c0d57463583e"
checksum = "c8248b6521bb14bc45b4067159b9b6ad792e2d6d754d6c41fb50e29fefe38749"
dependencies = [
"deranged",
"itoa",
"num-conv",
"powerfmt",
"serde",
"time-core",
@ -2887,10 +2893,11 @@ checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
[[package]]
name = "time-macros"
version = "0.2.16"
version = "0.2.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "26197e33420244aeb70c3e8c78376ca46571bc4e701e4791c2cd9f57dcb3a43f"
checksum = "7ba3a3ef41e6672a2f0f001392bb5dcd3ff0a9992d618ca761a11c3121547774"
dependencies = [
"num-conv",
"time-core",
]
@ -2911,9 +2918,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
[[package]]
name = "tokio"
version = "1.35.1"
version = "1.36.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104"
checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931"
dependencies = [
"backtrace",
"bytes",
@ -3088,7 +3095,7 @@ version = "0.21.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6a8534fd7f78b5405e860340ad6575217ce99f38d4d5c8f2442cb5ecb50090e1"
dependencies = [
"indexmap 2.2.1",
"indexmap 2.2.2",
"serde",
"serde_spanned",
"toml_datetime",
@ -3521,15 +3528,15 @@ dependencies = [
[[package]]
name = "webpki-roots"
version = "0.25.3"
version = "0.25.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1778a42e8b3b90bff8d0f5032bf22250792889a5cdc752aa0020c84abe3aaf10"
checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1"
[[package]]
name = "webpki-roots"
version = "0.26.0"
version = "0.26.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0de2cfda980f21be5a7ed2eadb3e6fe074d56022bea2cdeb1a62eb220fc04188"
checksum = "b3de34ae270483955a94f4b21bdaaeb83d508bb84a01435f393818edb0012009"
dependencies = [
"rustls-pki-types",
]
@ -3718,9 +3725,9 @@ checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04"
[[package]]
name = "winnow"
version = "0.5.36"
version = "0.5.37"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "818ce546a11a9986bc24f93d0cdf38a8a1a400f1473ea8c82e59f6e0ffab9249"
checksum = "a7cad8365489051ae9f054164e459304af2e7e9bb407c958076c8bf4aef52da5"
dependencies = [
"memchr",
]

View file

@ -18,7 +18,7 @@ io-uring = ["dep:tokio-uring", "sled/io_uring", "actix-web/experimental-io-uring
[dependencies]
actix-form-data = "0.7.0-beta.6"
actix-web = { version = "4.0.0", default-features = false, features = ["rustls-0_21"] }
actix-web = { version = "4.0.0", default-features = false, features = ["rustls-0_22"] }
async-trait = "0.1.51"
barrel = { version = "0.7.0", features = ["pg"] }
base64 = "0.21.0"
@ -48,9 +48,8 @@ reqwest-middleware = "0.2.2"
reqwest-tracing = { version = "0.4.5" }
# pinned to tokio-postgres-rustls
rustls = "0.22.0"
rustls_021 = { package = "rustls", version = "0.21" }
# pinned to rustls
rustls-channel-resolver = "0.1.0"
rustls-channel-resolver = "0.2.0"
# pinned to rustls
rustls-pemfile = "2.0.0"
rusty-s3 = "0.5.0"

View file

@ -1721,14 +1721,13 @@ async fn launch<
let handle = watch_keys(tls, tx);
let config = rustls_021::ServerConfig::builder()
.with_safe_defaults()
let config = rustls::ServerConfig::builder()
.with_no_client_auth()
.with_cert_resolver(rx);
tracing::info!("Starting pict-rs with TLS on {address}");
server.bind_rustls_021(address, config)?.run().await?;
server.bind_rustls_0_22(address, config)?.run().await?;
handle.abort();
let _ = handle.await;

View file

@ -1,5 +1,7 @@
use std::path::PathBuf;
use rustls::{crypto::ring::sign::any_supported_type, sign::CertifiedKey, Error};
pub(super) struct Tls {
certificate: PathBuf,
private_key: PathBuf,
@ -11,7 +13,7 @@ enum TlsError {
Io(#[from] std::io::Error),
#[error("Failed to sign certificate")]
Sign(#[from] rustls_021::sign::SignError),
Sign(#[from] Error),
#[error("No certificates found in certificate file")]
MissingCerts,
@ -33,13 +35,12 @@ impl Tls {
})
}
pub(super) async fn open_keys(&self) -> color_eyre::Result<rustls_021::sign::CertifiedKey> {
pub(super) async fn open_keys(&self) -> color_eyre::Result<CertifiedKey> {
let cert_bytes = tokio::fs::read(&self.certificate)
.await
.map_err(TlsError::from)?;
let certs = rustls_pemfile::certs(&mut cert_bytes.as_slice())
.map(|res| res.map(|c| rustls_021::Certificate(c.to_vec())))
.collect::<Result<Vec<_>, _>>()
.map_err(TlsError::from)?;
@ -55,11 +56,8 @@ impl Tls {
.map_err(TlsError::from)?
.ok_or(TlsError::MissingKey)?;
let private_key = rustls_021::sign::any_supported_type(&rustls_021::PrivateKey(Vec::from(
private_key.secret_der(),
)))
.map_err(TlsError::from)?;
let private_key = any_supported_type(&private_key).map_err(TlsError::from)?;
Ok(rustls_021::sign::CertifiedKey::new(certs, private_key))
Ok(CertifiedKey::new(certs, private_key))
}
}