bug fixed

freedit-org · Dec 7, 2023 · c25e6d3 · c25e6d3
1 parent 1d8facd
commit c25e6d3
Show file tree

Hide file tree

Showing 3 changed files with 96 additions and 44 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -8,7 +8,7 @@ license = "MIT"
 ammonia = "3"
 askama = { version = "0.12", default-features = false }
 atom_syndication = "0.12"
-axum = { version = "0.7.0", features = ["http2", "form", "query", "multipart", "tokio"], default-features = false }
+axum = { version = "0.7", features = ["http2", "form", "query", "multipart", "tokio"], default-features = false }
 axum-extra = { version = "0.9.0", features = ["typed-header"] }
 basic-toml = "*"
 bincode = "2.0.0-rc.3"
@@ -37,6 +37,7 @@ ring = { version = "0.17.5", default-features = false }
 rss = { version = "2.0", default-features = false }
 rust-stemmers = "1.2.0"
 rustls-pemfile = "2.0.0"
+rustls-pki-types = "1.0.1"
 serde = { version = "1.0", features = ["derive"] }
 sled = "0.34.7"
 snailquote = "0.3.1"
@@ -45,13 +46,14 @@ syntect = { version = "5", features = ["regex-fancy", "default-syntaxes", "defau
 tantivy = "0.21.0"
 thiserror = "1"
 tokio = { version = "1", features = ["macros", "rt-multi-thread"] }
-tokio-rustls = "0.24.1"
+tokio-rustls = "0.25.0"
 tower = { version = "0.4", features = ["timeout"] }
 tower-http = { version = "0.5.0", features = ["fs", "compression-br", "trace"] }
 tracing = { version = "0.1", features = ["release_max_level_info", "max_level_info"] }
 tracing-subscriber = { version = "0.3", features = ["env-filter"] }
 unicode-segmentation = "1"
 validator = { version = "0.16", features = ["derive"] }
+webpki-roots = "0.26.0"
 whichlang = "0.1.0"
 
 [target.'cfg(not(target_env = "msvc"))'.dependencies]
@@ -63,3 +65,6 @@ strip = true
 codegen-units = 1
 panic = "abort"
 rpath = false
+
+[profile.dev.package."*"]
+debug = false
diff --git a/src/config.rs b/src/config.rs
@@ -1,10 +1,10 @@
 use once_cell::sync::Lazy;
-use rustls_pemfile::{read_one, Item};
+use rustls_pemfile::{certs, private_key};
 use serde::{Deserialize, Serialize};
 use std::fs::{self, read_to_string, File};
 use std::io::{BufReader, Write};
 use std::path::Path;
-use tokio_rustls::rustls::{Certificate, PrivateKey, ServerConfig};
+use tokio_rustls::rustls::ServerConfig;
 use tracing::{info, warn};
 
 pub static CONFIG: Lazy<Config> = Lazy::new(Config::load_config);
@@ -50,26 +50,14 @@ impl Config {
 
     pub async fn tls_config(&self) -> Option<ServerConfig> {
         let mut key_reader = BufReader::new(File::open(&CONFIG.key).ok()?);
-        let key = match read_one(&mut key_reader).ok()?? {
-            Item::Crl(key) => key.as_ref().to_vec(),
-            Item::Pkcs1Key(key) => key.secret_pkcs1_der().to_vec(),
-            Item::Pkcs8Key(key) => key.secret_pkcs8_der().to_vec(),
-            Item::Sec1Key(key) => key.secret_sec1_der().to_vec(),
-            _ => return None,
-        };
-
-        let key = PrivateKey(key);
-
         let mut cert_reader = BufReader::new(File::open(&CONFIG.cert).ok()?);
-        let cert = match read_one(&mut cert_reader).ok()?? {
-            Item::X509Certificate(cert) => cert,
-            _ => return None,
-        };
 
-        let certs = vec![Certificate(cert.as_ref().to_vec())];
+        let key = private_key(&mut key_reader).ok()??;
+        let certs = certs(&mut cert_reader)
+            .filter_map(|x| x.ok())
+            .collect::<Vec<_>>();
 
         ServerConfig::builder()
-            .with_safe_defaults()
             .with_no_client_auth()
             .with_single_cert(certs, key)
             .ok()