From 00598acb2197b8f86dd03c0d79e016882b6a96cd Mon Sep 17 00:00:00 2001
From: jikstra <jikstra@disroot.org>
Date: Tue, 28 Dec 2021 00:28:27 +0100
Subject: Bump actix-web to v4.0-beta.15

Co-authored-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
---
 src/config.rs | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

(limited to 'src/config.rs')

diff --git a/src/config.rs b/src/config.rs
index fda2f84..9bb6928 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -11,7 +11,7 @@ use anyhow::{Context, Result};
 use http::HeaderMap;
 
 #[cfg(feature = "tls")]
-use rustls::internal::pemfile::{certs, pkcs8_private_keys};
+use rustls_pemfile::{certs, pkcs8_private_keys};
 
 use crate::{args::CliArgs, auth::RequiredAuth};
 
@@ -156,7 +156,6 @@ impl MiniserveConfig {
         let tls_rustls_server_config = if let (Some(tls_cert), Some(tls_key)) =
             (args.tls_cert, args.tls_key)
         {
-            let mut server_config = rustls::ServerConfig::new(rustls::NoClientAuth::new());
             let cert_file = &mut BufReader::new(
                 File::open(&tls_cert)
                     .context(format!("Couldn't access TLS certificate {:?}", tls_cert))?,
@@ -164,10 +163,32 @@ impl MiniserveConfig {
             let key_file = &mut BufReader::new(
                 File::open(&tls_key).context(format!("Couldn't access TLS key {:?}", tls_key))?,
             );
-            let cert_chain = certs(cert_file).map_err(|_| anyhow!("Couldn't load certificates"))?;
+            let cert_chain = match rustls_pemfile::read_one(cert_file) {
+                Ok(item) => match item {
+                    Some(item) => match item {
+                        rustls_pemfile::Item::X509Certificate(item) => item,
+                        _ => return Err(anyhow!("Certfile is not a X509Certificate")),
+                    },
+                    None => {
+                        return Err(anyhow!(
+                            "Certfile does not contain any recognized certificates"
+                        ))
+                    }
+                },
+                _ => return Err(anyhow!("Could not read certfile")),
+            };
             let mut keys =
                 pkcs8_private_keys(key_file).map_err(|_| anyhow!("Couldn't load private key"))?;
-            server_config.set_single_cert(cert_chain, keys.remove(0))?;
+            let server_config = rustls::ServerConfig::builder()
+                .with_safe_default_cipher_suites()
+                .with_safe_default_kx_groups()
+                .with_safe_default_protocol_versions()
+                .unwrap()
+                .with_no_client_auth()
+                .with_single_cert(
+                    vec![rustls::Certificate(cert_chain)],
+                    rustls::PrivateKey(keys.remove(0)),
+                )?;
             Some(server_config)
         } else {
             None
-- 
cgit v1.2.3


From dd665a4c7e97a8a7513f38ad9293cd8edbe136df Mon Sep 17 00:00:00 2001
From: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
Date: Sat, 5 Feb 2022 23:30:47 +0300
Subject: update to actix-web v4.0-rc.2

---
 src/config.rs | 37 ++++++++++++++-----------------------
 1 file changed, 14 insertions(+), 23 deletions(-)

(limited to 'src/config.rs')

diff --git a/src/config.rs b/src/config.rs
index 9bb6928..ccff7e3 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -11,7 +11,7 @@ use anyhow::{Context, Result};
 use http::HeaderMap;
 
 #[cfg(feature = "tls")]
-use rustls_pemfile::{certs, pkcs8_private_keys};
+use rustls_pemfile as pemfile;
 
 use crate::{args::CliArgs, auth::RequiredAuth};
 
@@ -163,31 +163,22 @@ impl MiniserveConfig {
             let key_file = &mut BufReader::new(
                 File::open(&tls_key).context(format!("Couldn't access TLS key {:?}", tls_key))?,
             );
-            let cert_chain = match rustls_pemfile::read_one(cert_file) {
-                Ok(item) => match item {
-                    Some(item) => match item {
-                        rustls_pemfile::Item::X509Certificate(item) => item,
-                        _ => return Err(anyhow!("Certfile is not a X509Certificate")),
-                    },
-                    None => {
-                        return Err(anyhow!(
-                            "Certfile does not contain any recognized certificates"
-                        ))
-                    }
-                },
-                _ => return Err(anyhow!("Could not read certfile")),
-            };
-            let mut keys =
-                pkcs8_private_keys(key_file).map_err(|_| anyhow!("Couldn't load private key"))?;
+            let cert_chain = pemfile::certs(cert_file).context("Reading cert file")?;
+            let key = pemfile::read_all(key_file)
+                .context("Reading private key file")?
+                .into_iter()
+                .filter_map(|item| match item {
+                    pemfile::Item::RSAKey(key) | pemfile::Item::PKCS8Key(key) => Some(key),
+                    _ => None,
+                })
+                .next()
+                .ok_or(anyhow!("No supported private key in file"))?;
             let server_config = rustls::ServerConfig::builder()
-                .with_safe_default_cipher_suites()
-                .with_safe_default_kx_groups()
-                .with_safe_default_protocol_versions()
-                .unwrap()
+                .with_safe_defaults()
                 .with_no_client_auth()
                 .with_single_cert(
-                    vec![rustls::Certificate(cert_chain)],
-                    rustls::PrivateKey(keys.remove(0)),
+                    cert_chain.into_iter().map(rustls::Certificate).collect(),
+                    rustls::PrivateKey(key),
                 )?;
             Some(server_config)
         } else {
-- 
cgit v1.2.3