From c79bcaae0433d4f13901540221af4e1830e1d44f Mon Sep 17 00:00:00 2001
From: Sven-Hendrik Haase <svenstaro@gmail.com>
Date: Fri, 27 Aug 2021 18:23:14 +0200
Subject: Conditionally enable TLS only on supported platforms

---
 Cargo.toml    | 10 +++++++++-
 README.md     |  1 +
 src/args.rs   | 12 ++++++++++++
 src/config.rs | 36 ++++++++++++++++++++++++++++++++++++
 src/main.rs   | 18 ++++++++++++++++++
 5 files changed, 76 insertions(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index d317ebb..67701dd 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -9,6 +9,7 @@ readme = "README.md"
 keywords = ["serve", "http-server", "static-files", "http", "server"]
 categories = ["command-line-utilities", "network-programming", "web-programming::http-server"]
 edition = "2018"
+resolver = "2"
 
 [profile.release]
 lto = true
@@ -17,7 +18,7 @@ codegen-units = 1
 panic = 'abort'
 
 [dependencies]
-actix-web = { version = "3", features = ["rustls"] }
+actix-web = "3"
 actix-files = "0.5"
 actix-multipart = "0.3"
 actix-web-httpauth = "0.5"
@@ -50,7 +51,14 @@ httparse = "1"
 http = "0.2"
 bytes = "1"
 atty = "0.2"
+
+# Use rustls only on architecturs supported by ring.
+# See also https://github.com/briansmith/ring/issues/1182
+# and https://github.com/briansmith/ring/issues/562
+# and https://github.com/briansmith/ring/issues/1367
+[target.'cfg(any(target_arch = "x86", target_arch = "x86_64", target_arch = "aarch64", target_arch = "arm"))'.dependencies]
 rustls = "0.18"
+actix-web = { version = "3", features = ["rustls"] }
 
 [dev-dependencies]
 assert_cmd = "2"
diff --git a/README.md b/README.md
index 922bd81..ba007e2 100644
--- a/README.md
+++ b/README.md
@@ -75,6 +75,7 @@ Sometimes this is just a more practical and quick way than doing things properly
 - Scan QR code for quick access
 - Shell completions
 - Sane and secure defaults
+- TLS (for supported architectures)
 
 ## Usage
 
diff --git a/src/args.rs b/src/args.rs
index c2b2bf2..b6bb092 100644
--- a/src/args.rs
+++ b/src/args.rs
@@ -135,10 +135,22 @@ pub struct CliArgs {
     pub print_completions: Option<structopt::clap::Shell>,
 
     /// TLS certificate to use
+    #[cfg(any(
+        target_arch = "x86",
+        target_arch = "x86_64",
+        target_arch = "aarch64",
+        target_arch = "arm"
+    ))]
     #[structopt(long = "tls-cert", requires = "tls-key")]
     pub tls_cert: Option<PathBuf>,
 
     /// TLS private key to use
+    #[cfg(any(
+        target_arch = "x86",
+        target_arch = "x86_64",
+        target_arch = "aarch64",
+        target_arch = "arm"
+    ))]
     #[structopt(long = "tls-key", requires = "tls-cert")]
     pub tls_key: Option<PathBuf>,
 }
diff --git a/src/config.rs b/src/config.rs
index 6eeafef..66cd81a 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -7,6 +7,13 @@ use std::{
 
 use anyhow::{anyhow, Context, Result};
 use http::HeaderMap;
+
+#[cfg(any(
+    target_arch = "x86",
+    target_arch = "x86_64",
+    target_arch = "aarch64",
+    target_arch = "arm"
+))]
 use rustls::internal::pemfile::{certs, pkcs8_private_keys};
 
 use crate::{args::CliArgs, auth::RequiredAuth};
@@ -95,7 +102,21 @@ pub struct MiniserveConfig {
     pub hide_version_footer: bool,
 
     /// If set, use provided rustls config for TLS
+    #[cfg(any(
+        target_arch = "x86",
+        target_arch = "x86_64",
+        target_arch = "aarch64",
+        target_arch = "arm"
+    ))]
     pub tls_rustls_config: Option<rustls::ServerConfig>,
+
+    #[cfg(not(any(
+        target_arch = "x86",
+        target_arch = "x86_64",
+        target_arch = "aarch64",
+        target_arch = "arm"
+    )))]
+    pub tls_rustls_config: Option<()>,
 }
 
 impl MiniserveConfig {
@@ -131,6 +152,12 @@ impl MiniserveConfig {
             _ => args.port,
         };
 
+        #[cfg(any(
+            target_arch = "x86",
+            target_arch = "x86_64",
+            target_arch = "aarch64",
+            target_arch = "arm"
+        ))]
         let tls_rustls_server_config = if let (Some(tls_cert), Some(tls_key)) =
             (args.tls_cert, args.tls_key)
         {
@@ -150,6 +177,15 @@ impl MiniserveConfig {
         } else {
             None
         };
+
+        #[cfg(not(any(
+            target_arch = "x86",
+            target_arch = "x86_64",
+            target_arch = "aarch64",
+            target_arch = "arm"
+        )))]
+        let tls_rustls_server_config = None;
+
         Ok(MiniserveConfig {
             verbose: args.verbose,
             path: args.path.unwrap_or_else(|| PathBuf::from(".")),
diff --git a/src/main.rs b/src/main.rs
index 1432a1a..9b3d732 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -227,6 +227,12 @@ async fn run(miniserve_config: MiniserveConfig) -> Result<(), ContextualError> {
             .default_service(web::get().to(error_404))
     });
 
+    #[cfg(any(
+        target_arch = "x86",
+        target_arch = "x86_64",
+        target_arch = "aarch64",
+        target_arch = "arm"
+    ))]
     let srv = if let Some(tls_config) = miniserve_config.tls_rustls_config {
         srv.bind_rustls(socket_addresses.as_slice(), tls_config)
             .map_err(|e| ContextualError::IoError("Failed to bind server".to_string(), e))?
@@ -239,6 +245,18 @@ async fn run(miniserve_config: MiniserveConfig) -> Result<(), ContextualError> {
             .run()
     };
 
+    #[cfg(not(any(
+        target_arch = "x86",
+        target_arch = "x86_64",
+        target_arch = "aarch64",
+        target_arch = "arm"
+    )))]
+    let srv = srv
+        .bind(socket_addresses.as_slice())
+        .map_err(|e| ContextualError::IoError("Failed to bind server".to_string(), e))?
+        .shutdown_timeout(0)
+        .run();
+
     println!(
         "Serving path {path} at {addresses}",
         path = Color::Yellow.paint(path_string).bold(),
-- 
cgit v1.2.3