Skip to content

Commit 0e1d188

Browse files
tottototottoto
authored
chore: replace rustls-pemfile with rustls-pki-types (#2541)
1 parent 705b613 commit 0e1d188

File tree

2 files changed

+20
-21
lines changed

2 files changed

+20
-21
lines changed

Cargo.toml

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -91,11 +91,11 @@ http3 = ["rustls-tls-manual-roots", "dep:h3", "dep:h3-quinn", "dep:quinn", "dep:
9191
# Don't rely on these whatsoever. They may disappear at any time.
9292

9393
# Enables common types used for TLS. Useless on its own.
94-
__tls = ["dep:rustls-pemfile", "tokio/io-util"]
94+
__tls = ["dep:rustls-pki-types", "tokio/io-util"]
9595

9696
# Enables common rustls code.
9797
# Equivalent to rustls-tls-manual-roots but shorter :)
98-
__rustls = ["dep:hyper-rustls", "dep:tokio-rustls", "dep:rustls", "__tls", "dep:rustls-pemfile", "dep:rustls-pki-types"]
98+
__rustls = ["dep:hyper-rustls", "dep:tokio-rustls", "dep:rustls", "__tls"]
9999
__rustls-ring = ["hyper-rustls?/ring", "tokio-rustls?/ring", "rustls?/ring", "quinn?/ring"]
100100

101101
[dependencies]
@@ -134,7 +134,7 @@ pin-project-lite = "0.2.11"
134134
ipnet = "2.3"
135135

136136
# Optional deps...
137-
rustls-pemfile = { version = "2", optional = true }
137+
rustls-pki-types = { version = "1.9.0", features = ["std"], optional = true }
138138

139139
## default-tls
140140
hyper-tls = { version = "0.6", optional = true }
@@ -144,7 +144,6 @@ tokio-native-tls = { version = "0.3.0", optional = true }
144144
# rustls-tls
145145
hyper-rustls = { version = "0.27.0", default-features = false, optional = true, features = ["http1", "tls12"] }
146146
rustls = { version = "0.23.4", optional = true, default-features = false, features = ["std", "tls12"] }
147-
rustls-pki-types = { version = "1.1.0", features = ["alloc"] ,optional = true }
148147
tokio-rustls = { version = "0.26", optional = true, default-features = false, features = ["tls12"] }
149148
webpki-roots = { version = "1", optional = true }
150149
rustls-native-certs = { version = "0.8.0", optional = true }

src/tls.rs

Lines changed: 17 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,7 @@ use rustls::{
5151
server::ParsedCertificate, DigitallySignedStruct, Error as TLSError, RootCertStore,
5252
SignatureScheme,
5353
};
54+
use rustls_pki_types::pem::PemObject;
5455
#[cfg(feature = "__rustls")]
5556
use rustls_pki_types::{ServerName, UnixTime};
5657
use std::{
@@ -228,7 +229,7 @@ impl Certificate {
228229
}
229230

230231
fn read_pem_certs(reader: &mut impl BufRead) -> crate::Result<Vec<Vec<u8>>> {
231-
rustls_pemfile::certs(reader)
232+
rustls_pki_types::CertificateDer::pem_reader_iter(reader)
232233
.map(|result| match result {
233234
Ok(cert) => Ok(cert.as_ref().to_vec()),
234235
Err(_) => Err(crate::error::builder("invalid certificate encoding")),
@@ -339,30 +340,31 @@ impl Identity {
339340
/// This requires the `rustls-tls(-...)` Cargo feature enabled.
340341
#[cfg(feature = "__rustls")]
341342
pub fn from_pem(buf: &[u8]) -> crate::Result<Identity> {
342-
use rustls_pemfile::Item;
343+
use rustls_pki_types::{pem::SectionKind, PrivateKeyDer};
343344
use std::io::Cursor;
344345

345346
let (key, certs) = {
346347
let mut pem = Cursor::new(buf);
347348
let mut sk = Vec::<rustls_pki_types::PrivateKeyDer>::new();
348349
let mut certs = Vec::<rustls_pki_types::CertificateDer>::new();
349350

350-
for result in rustls_pemfile::read_all(&mut pem) {
351-
match result {
352-
Ok(Item::X509Certificate(cert)) => certs.push(cert),
353-
Ok(Item::Pkcs1Key(key)) => sk.push(key.into()),
354-
Ok(Item::Pkcs8Key(key)) => sk.push(key.into()),
355-
Ok(Item::Sec1Key(key)) => sk.push(key.into()),
356-
Ok(_) => {
351+
while let Some((kind, data)) =
352+
rustls_pki_types::pem::from_buf(&mut pem).map_err(|_| {
353+
crate::error::builder(TLSError::General(String::from(
354+
"Invalid identity PEM file",
355+
)))
356+
})?
357+
{
358+
match kind {
359+
SectionKind::Certificate => certs.push(data.into()),
360+
SectionKind::PrivateKey => sk.push(PrivateKeyDer::Pkcs8(data.into())),
361+
SectionKind::RsaPrivateKey => sk.push(PrivateKeyDer::Pkcs1(data.into())),
362+
SectionKind::EcPrivateKey => sk.push(PrivateKeyDer::Sec1(data.into())),
363+
_ => {
357364
return Err(crate::error::builder(TLSError::General(String::from(
358365
"No valid certificate was found",
359366
))))
360367
}
361-
Err(_) => {
362-
return Err(crate::error::builder(TLSError::General(String::from(
363-
"Invalid identity PEM file",
364-
))))
365-
}
366368
}
367369
}
368370

@@ -469,9 +471,7 @@ impl CertificateRevocationList {
469471
/// This requires the `rustls-tls(-...)` Cargo feature enabled.
470472
#[cfg(feature = "__rustls")]
471473
pub fn from_pem_bundle(pem_bundle: &[u8]) -> crate::Result<Vec<CertificateRevocationList>> {
472-
let mut reader = BufReader::new(pem_bundle);
473-
474-
rustls_pemfile::crls(&mut reader)
474+
rustls_pki_types::CertificateRevocationListDer::pem_slice_iter(pem_bundle)
475475
.map(|result| match result {
476476
Ok(crl) => Ok(CertificateRevocationList { inner: crl }),
477477
Err(_) => Err(crate::error::builder("invalid crl encoding")),

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy