Skip to content

Commit 1d72a06

Browse files
endocrimesendocrimes
committed
tls: Update dependencies and fixes for removed types
This unbreaks building spin on RiscV, and is otherwise good dependency hygiene. Signed-off-by: Danielle Lancashire <[email protected]>
1 parent c5066c4 commit 1d72a06

File tree

3 files changed

+25
-94
lines changed

3 files changed

+25
-94
lines changed

Cargo.lock

+13-82
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

crates/trigger-http/Cargo.toml

+2-2
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ http-body-util = { workspace = true }
2020
indexmap = "1"
2121
outbound-http = { path = "../outbound-http" }
2222
percent-encoding = "2"
23-
rustls-pemfile = "0.3.0"
23+
rustls-pemfile = "2.1.1"
2424
serde = { version = "1.0", features = ["derive"] }
2525
serde_json = "1"
2626
spin-app = { path = "../app" }
@@ -33,7 +33,7 @@ spin-world = { path = "../world" }
3333
terminal = { path = "../terminal" }
3434
tls-listener = { version = "0.10.0", features = ["rustls"] }
3535
tokio = { version = "1.23", features = ["full"] }
36-
tokio-rustls = { version = "0.23.2" }
36+
tokio-rustls = { version = "0.25.0" }
3737
url = "2.4.1"
3838
tracing = { workspace = true }
3939
wasmtime = { workspace = true }

crates/trigger-http/src/tls.rs

+10-10
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
use crate::tls::rustls::pki_types::{CertificateDer, PrivatePkcs8KeyDer};
12
use rustls_pemfile::{certs, pkcs8_private_keys};
23
use std::{
34
fs, io,
@@ -22,25 +23,24 @@ impl TlsConfig {
2223
let mut keys = load_keys(&self.key_path)?;
2324

2425
let cfg = rustls::ServerConfig::builder()
25-
.with_safe_defaults()
26+
.with_safe_default_protocol_versions()
2627
.with_no_client_auth()
27-
.with_single_cert(certs, keys.remove(0))
28+
.with_single_cert(
29+
certs,
30+
tokio_rustls::rustls::pki_types::PrivateKeyDer::Pkcs8(keys.remove(0)),
31+
)
2832
.map_err(|e| anyhow::anyhow!("{}", e))?;
2933

3034
Ok(Arc::new(cfg).into())
3135
}
3236
}
3337

3438
// Loads public certificate from file.
35-
fn load_certs(path: impl AsRef<Path>) -> io::Result<Vec<rustls::Certificate>> {
36-
certs(&mut io::BufReader::new(fs::File::open(path)?))
37-
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert"))
38-
.map(|mut certs| certs.drain(..).map(rustls::Certificate).collect())
39+
fn load_certs(path: impl AsRef<Path>) -> io::Result<Vec<CertificateDer<'static>>> {
40+
certs(&mut io::BufReader::new(fs::File::open(path)?)).collect()
3941
}
4042

4143
// Loads private key from file.
42-
fn load_keys(path: impl AsRef<Path>) -> io::Result<Vec<rustls::PrivateKey>> {
43-
pkcs8_private_keys(&mut io::BufReader::new(fs::File::open(path)?))
44-
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"))
45-
.map(|mut keys| keys.drain(..).map(rustls::PrivateKey).collect())
44+
fn load_keys(path: impl AsRef<Path>) -> io::Result<Vec<PrivatePkcs8KeyDer<'static>>> {
45+
pkcs8_private_keys(&mut io::BufReader::new(fs::File::open(path)?)).collect()
4646
}

0 commit comments

Comments
 (0)