Also support EC private keys. (#73)

(probably)

@englishm I think you ran into this issue. The `rustls::PrivateKey`
documentation says it supports SEC1-encoded EC private keys so it should
just work?
This commit is contained in:
kixelated 2023-09-17 22:43:48 -07:00 committed by GitHub
parent 9f50cd5d69
commit 89f1bc430d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 5 deletions

View File

@ -1,6 +1,7 @@
use std::{
collections::HashMap,
fs, io,
fs,
io::{self, Read},
sync::{Arc, Mutex},
time,
};
@ -34,11 +35,25 @@ impl Server {
.collect();
// Read the PEM private key
let keys = fs::File::open(config.key).context("failed to open key file")?;
let mut keys = io::BufReader::new(keys);
let mut keys = rustls_pemfile::pkcs8_private_keys(&mut keys)?;
let mut keys = fs::File::open(config.key).context("failed to open key file")?;
// Read the keys into a Vec so we can try parsing it twice.
let mut buf = Vec::new();
keys.read_to_end(&mut buf)?;
// Try to parse a PKCS#8 key
// -----BEGIN PRIVATE KEY-----
let mut keys = rustls_pemfile::pkcs8_private_keys(&mut io::Cursor::new(&buf))?;
// Try again but with EC keys this time
// -----BEGIN EC PRIVATE KEY-----
if keys.is_empty() {
keys = rustls_pemfile::ec_private_keys(&mut io::Cursor::new(&buf))?
};
anyhow::ensure!(!keys.is_empty(), "could not find private key");
anyhow::ensure!(keys.len() < 2, "expected a single key");
anyhow::ensure!(keys.len() == 1, "expected a single key");
let key = rustls::PrivateKey(keys.remove(0));
let mut tls_config = rustls::ServerConfig::builder()