Also support EC private keys. (#73)
(probably) @englishm I think you ran into this issue. The `rustls::PrivateKey` documentation says it supports SEC1-encoded EC private keys so it should just work?
This commit is contained in:
parent
9f50cd5d69
commit
89f1bc430d
|
@ -1,6 +1,7 @@
|
||||||
use std::{
|
use std::{
|
||||||
collections::HashMap,
|
collections::HashMap,
|
||||||
fs, io,
|
fs,
|
||||||
|
io::{self, Read},
|
||||||
sync::{Arc, Mutex},
|
sync::{Arc, Mutex},
|
||||||
time,
|
time,
|
||||||
};
|
};
|
||||||
|
@ -34,11 +35,25 @@ impl Server {
|
||||||
.collect();
|
.collect();
|
||||||
|
|
||||||
// Read the PEM private key
|
// Read the PEM private key
|
||||||
let keys = fs::File::open(config.key).context("failed to open key file")?;
|
let mut keys = fs::File::open(config.key).context("failed to open key file")?;
|
||||||
let mut keys = io::BufReader::new(keys);
|
|
||||||
let mut keys = rustls_pemfile::pkcs8_private_keys(&mut keys)?;
|
// Read the keys into a Vec so we can try parsing it twice.
|
||||||
|
let mut buf = Vec::new();
|
||||||
|
keys.read_to_end(&mut buf)?;
|
||||||
|
|
||||||
|
// Try to parse a PKCS#8 key
|
||||||
|
// -----BEGIN PRIVATE KEY-----
|
||||||
|
let mut keys = rustls_pemfile::pkcs8_private_keys(&mut io::Cursor::new(&buf))?;
|
||||||
|
|
||||||
|
// Try again but with EC keys this time
|
||||||
|
// -----BEGIN EC PRIVATE KEY-----
|
||||||
|
if keys.is_empty() {
|
||||||
|
keys = rustls_pemfile::ec_private_keys(&mut io::Cursor::new(&buf))?
|
||||||
|
};
|
||||||
|
|
||||||
|
anyhow::ensure!(!keys.is_empty(), "could not find private key");
|
||||||
|
anyhow::ensure!(keys.len() < 2, "expected a single key");
|
||||||
|
|
||||||
anyhow::ensure!(keys.len() == 1, "expected a single key");
|
|
||||||
let key = rustls::PrivateKey(keys.remove(0));
|
let key = rustls::PrivateKey(keys.remove(0));
|
||||||
|
|
||||||
let mut tls_config = rustls::ServerConfig::builder()
|
let mut tls_config = rustls::ServerConfig::builder()
|
||||||
|
|
Loading…
Reference in New Issue