feat: support ecdsa tls cert (#119)

author sigoden <sigoden@gmail.com>

Tue, 2 Aug 2022 01:32:11 +0000 (09:32 +0800)

committer GitHub <noreply@github.com>

Tue, 2 Aug 2022 01:32:11 +0000 (09:32 +0800)
author sigoden <sigoden@gmail.com>
Tue, 2 Aug 2022 01:32:11 +0000 (09:32 +0800)
committer GitHub <noreply@github.com>
Tue, 2 Aug 2022 01:32:11 +0000 (09:32 +0800)
diff --git a/src/tls.rs b/src/tls.rs

index b29353e08c6f51f53d30c6adc721713601a5ed42..92b0caa52a109ab45d77f99d09af70bede4d23bc 100644 (file)
--- a/src/tls.rs
+++ b/src/tls.rs
@@ -125,9 +125,9 @@ impl Accept for TlsAcceptor {
  // Load public certificate from file.
  pub fn load_certs(filename: &str) -> Result<Vec<Certificate>, Box<dyn std::error::Error>> {
      // Open certificate file.
-    let certfile = fs::File::open(&filename)
+    let cert_file = fs::File::open(&filename)
          .map_err(|e| format!("Failed to access `{}`, {}", &filename, e))?;
-    let mut reader = io::BufReader::new(certfile);
+    let mut reader = io::BufReader::new(cert_file);
  
      // Load and return certificate.
      let certs = rustls_pemfile::certs(&mut reader).map_err(|_| "Failed to load certificate")?;
@@ -139,17 +139,18 @@ pub fn load_certs(filename: &str) -> Result<Vec<Certificate>, Box<dyn std::error
  
  // Load private key from file.
  pub fn load_private_key(filename: &str) -> Result<PrivateKey, Box<dyn std::error::Error>> {
-    // Open keyfile.
-    let keyfile = fs::File::open(&filename)
+    let key_file = fs::File::open(&filename)
          .map_err(|e| format!("Failed to access `{}`, {}", &filename, e))?;
-    let mut reader = io::BufReader::new(keyfile);
+    let mut reader = io::BufReader::new(key_file);
  
      // Load and return a single private key.
      let keys = rustls_pemfile::read_all(&mut reader)
          .map_err(|e| format!("There was a problem with reading private key: {:?}", e))?
          .into_iter()
          .find_map(|item| match item {
-            rustls_pemfile::Item::RSAKey(key) | rustls_pemfile::Item::PKCS8Key(key) => Some(key),
+            rustls_pemfile::Item::RSAKey(key)
+            | rustls_pemfile::Item::PKCS8Key(key)
+            | rustls_pemfile::Item::ECKey(key) => Some(key),
              _ => None,
          })
          .ok_or("No supported private key in file")?;
diff --git a/tests/data/cert_ecdsa.pem b/tests/data/cert_ecdsa.pem

new file mode 100644 (file)

index 0000000..1f381c7
--- /dev/null
+++ b/tests/data/cert_ecdsa.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBfTCCASOgAwIBAgIUfrAUHXIfeM54OLnTIUD9xT6FIwkwCgYIKoZIzj0EAwIw
+FDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMDgwMjAxMjQ1NFoXDTMyMDczMDAx
+MjQ1NFowFDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0D
+AQcDQgAEW4tBe0jF2wYSLCvdreb0izR/8sgKNKkbe4xPyA9uNEbtTk58eoO3944R
+JPT6S5wRTHFpF0BJhQRfiuW4K2EUcaNTMFEwHQYDVR0OBBYEFEebUDkiMJoV2d5W
+8o+6p4DauHFFMB8GA1UdIwQYMBaAFEebUDkiMJoV2d5W8o+6p4DauHFFMA8GA1Ud
+EwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAPJvmzqaq/S5yYxeB4se8k2z
+6pnVNxrTT2CqdPD8Z+7rAiBZAyU+5+KbQq3aZsmuNUx+YOqTDMkaUR/nd/tjnnOX
+gA==
+-----END CERTIFICATE-----
diff --git a/tests/data/generate_tls_certs.sh b/tests/data/generate_tls_certs.sh

index ed23639749d7fc46776de721741bd9f482db8021..e8590de35755891d677af1d6bae434871c854753 100755 (executable)
--- a/tests/data/generate_tls_certs.sh
+++ b/tests/data/generate_tls_certs.sh
@@ -1,3 +1,5 @@
  #!/usr/bin/env bash
  openssl req -subj '/CN=localhost' -x509 -newkey rsa:4096 -keyout key_pkcs8.pem -out cert.pem -nodes -days 3650
  openssl rsa -in key_pkcs8.pem -out key_pkcs1.pem
+openssl ecparam -name prime256v1 -genkey -noout -out key_ecdsa.pem
+openssl req -subj '/CN=localhost' -x509 -key key_ecdsa.pem -out cert_ecdsa.pem -nodes -days 3650
+\ No newline at end of file
diff --git a/tests/data/key_ecdsa.pem b/tests/data/key_ecdsa.pem

new file mode 100644 (file)

index 0000000..8eec7ad
--- /dev/null
+++ b/tests/data/key_ecdsa.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEILOQ44lHqD4w12HJKlZJ+Y3u91eUKjabu3UKPSahhC89oAoGCCqGSM49
+AwEHoUQDQgAEW4tBe0jF2wYSLCvdreb0izR/8sgKNKkbe4xPyA9uNEbtTk58eoO3
+944RJPT6S5wRTHFpF0BJhQRfiuW4K2EUcQ==
+-----END EC PRIVATE KEY-----
diff --git a/tests/tls.rs b/tests/tls.rs

index ca4c65cc4aea74f8a5b3906908fecaa1c7b505e1..4f83c909456afae405dfe4c67baf52f01d84331c 100644 (file)
--- a/tests/tls.rs
+++ b/tests/tls.rs
@@ -17,6 +17,10 @@ use rstest::rstest;
          "--tls-cert", "tests/data/cert.pem",
          "--tls-key", "tests/data/key_pkcs1.pem",
  ]))]
+#[case(server(&[
+        "--tls-cert", "tests/data/cert_ecdsa.pem",
+        "--tls-key", "tests/data/key_ecdsa.pem",
+]))]
  fn tls_works(#[case] server: TestServer) -> Result<(), Error> {
      let client = ClientBuilder::new()
          .danger_accept_invalid_certs(true)
author	sigoden <sigoden@gmail.com>
	Tue, 2 Aug 2022 01:32:11 +0000 (09:32 +0800)
committer	GitHub <noreply@github.com>
	Tue, 2 Aug 2022 01:32:11 +0000 (09:32 +0800)
src/tls.rs		patch \| blob \| history
tests/data/cert_ecdsa.pem	[new file with mode: 0644]	patch \| blob
tests/data/generate_tls_certs.sh		patch \| blob \| history
tests/data/key_ecdsa.pem	[new file with mode: 0644]	patch \| blob
tests/tls.rs		patch \| blob \| history