Also support EC private keys. (#73)

(probably)

@englishm I think you ran into this issue. The `rustls::PrivateKey`
documentation says it supports SEC1-encoded EC private keys so it should
just work?
This commit is contained in:
kixelated 2023-09-17 22:43:48 -07:00 committed by GitHub
parent 9f50cd5d69
commit 89f1bc430d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 5 deletions

View File

@ -1,6 +1,7 @@
use std::{ use std::{
collections::HashMap, collections::HashMap,
fs, io, fs,
io::{self, Read},
sync::{Arc, Mutex}, sync::{Arc, Mutex},
time, time,
}; };
@ -34,11 +35,25 @@ impl Server {
.collect(); .collect();
// Read the PEM private key // Read the PEM private key
let keys = fs::File::open(config.key).context("failed to open key file")?; let mut keys = fs::File::open(config.key).context("failed to open key file")?;
let mut keys = io::BufReader::new(keys);
let mut keys = rustls_pemfile::pkcs8_private_keys(&mut keys)?; // Read the keys into a Vec so we can try parsing it twice.
let mut buf = Vec::new();
keys.read_to_end(&mut buf)?;
// Try to parse a PKCS#8 key
// -----BEGIN PRIVATE KEY-----
let mut keys = rustls_pemfile::pkcs8_private_keys(&mut io::Cursor::new(&buf))?;
// Try again but with EC keys this time
// -----BEGIN EC PRIVATE KEY-----
if keys.is_empty() {
keys = rustls_pemfile::ec_private_keys(&mut io::Cursor::new(&buf))?
};
anyhow::ensure!(!keys.is_empty(), "could not find private key");
anyhow::ensure!(keys.len() < 2, "expected a single key");
anyhow::ensure!(keys.len() == 1, "expected a single key");
let key = rustls::PrivateKey(keys.remove(0)); let key = rustls::PrivateKey(keys.remove(0));
let mut tls_config = rustls::ServerConfig::builder() let mut tls_config = rustls::ServerConfig::builder()