diff options
Diffstat (limited to 'src/config.rs')
| -rw-r--r-- | src/config.rs | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/src/config.rs b/src/config.rs index fda2f84..ccff7e3 100644 --- a/src/config.rs +++ b/src/config.rs @@ -11,7 +11,7 @@ use anyhow::{Context, Result}; use http::HeaderMap; #[cfg(feature = "tls")] -use rustls::internal::pemfile::{certs, pkcs8_private_keys}; +use rustls_pemfile as pemfile; use crate::{args::CliArgs, auth::RequiredAuth}; @@ -156,7 +156,6 @@ impl MiniserveConfig { let tls_rustls_server_config = if let (Some(tls_cert), Some(tls_key)) = (args.tls_cert, args.tls_key) { - let mut server_config = rustls::ServerConfig::new(rustls::NoClientAuth::new()); let cert_file = &mut BufReader::new( File::open(&tls_cert) .context(format!("Couldn't access TLS certificate {:?}", tls_cert))?, @@ -164,10 +163,23 @@ impl MiniserveConfig { let key_file = &mut BufReader::new( File::open(&tls_key).context(format!("Couldn't access TLS key {:?}", tls_key))?, ); - let cert_chain = certs(cert_file).map_err(|_| anyhow!("Couldn't load certificates"))?; - let mut keys = - pkcs8_private_keys(key_file).map_err(|_| anyhow!("Couldn't load private key"))?; - server_config.set_single_cert(cert_chain, keys.remove(0))?; + let cert_chain = pemfile::certs(cert_file).context("Reading cert file")?; + let key = pemfile::read_all(key_file) + .context("Reading private key file")? + .into_iter() + .filter_map(|item| match item { + pemfile::Item::RSAKey(key) | pemfile::Item::PKCS8Key(key) => Some(key), + _ => None, + }) + .next() + .ok_or(anyhow!("No supported private key in file"))?; + let server_config = rustls::ServerConfig::builder() + .with_safe_defaults() + .with_no_client_auth() + .with_single_cert( + cert_chain.into_iter().map(rustls::Certificate).collect(), + rustls::PrivateKey(key), + )?; Some(server_config) } else { None |