commit 5a4907292fee6591a7c2b14912fc4fee435df6cc
parent f374598fd3df2a9eec4f947ea8d105bf0780f325
Author: Johann150 <johann.galle@protonmail.com>
Date: Sat, 27 Feb 2021 20:02:19 +0100
use certificate store
Diffstat:
M | src/main.rs | | | 43 | ++++++++++--------------------------------- |
1 file changed, 10 insertions(+), 33 deletions(-)
diff --git a/src/main.rs b/src/main.rs
@@ -7,17 +7,12 @@ use metadata::{FileOptions, PresetMeta};
use {
once_cell::sync::Lazy,
percent_encoding::{percent_decode_str, percent_encode, AsciiSet, CONTROLS},
- rustls::{
- internal::pemfile::{certs, pkcs8_private_keys},
- Certificate, NoClientAuth, PrivateKey, ServerConfig,
- },
+ rustls::{NoClientAuth, ServerConfig},
std::{
borrow::Cow,
error::Error,
ffi::OsStr,
fmt::Write,
- fs::File,
- io::BufReader,
net::SocketAddr,
path::{Path, PathBuf},
sync::Arc,
@@ -78,8 +73,7 @@ static ARGS: Lazy<Args> = Lazy::new(|| {
struct Args {
addrs: Vec<SocketAddr>,
content_dir: PathBuf,
- cert_chain: Vec<Certificate>,
- key: PrivateKey,
+ certs: Arc<certificates::CertStore>,
hostnames: Vec<Host>,
language: Option<String>,
silent: bool,
@@ -100,15 +94,9 @@ fn args() -> Result<Args> {
);
opts.optopt(
"",
- "cert",
- "TLS certificate PEM file (default ./cert.pem)",
- "FILE",
- );
- opts.optopt(
- "",
- "key",
- "PKCS8 private key file (default ./key.rsa)",
- "FILE",
+ "certs",
+ "folder for certificate files (default ./.certificates/)",
+ "FOLDER",
);
opts.optmulti(
"",
@@ -172,25 +160,14 @@ fn args() -> Result<Args> {
];
}
- let cert_file = File::open(check_path(
- matches.opt_get_default("cert", "cert.pem".into())?,
- )?)?;
- let cert_chain = certs(&mut BufReader::new(cert_file)).or(Err("bad cert"))?;
-
- let key_file = File::open(check_path(
- matches.opt_get_default("key", "key.rsa".into())?,
- )?)?;
- let key = pkcs8_private_keys(&mut BufReader::new(key_file))
- .or(Err("bad key file"))?
- .drain(..)
- .next()
- .ok_or("no keys found")?;
+ let certs = Arc::new(certificates::CertStore::load_from(check_path(
+ matches.opt_get_default("certs", ".certificates".into())?,
+ )?)?);
Ok(Args {
addrs,
content_dir: check_path(matches.opt_get_default("content", "content".into())?)?,
- cert_chain,
- key,
+ certs,
hostnames,
language: matches.opt_str("lang"),
silent: matches.opt_present("s"),
@@ -218,7 +195,7 @@ fn acceptor() -> Result<TlsAcceptor> {
if ARGS.only_tls13 {
config.versions = vec![rustls::ProtocolVersion::TLSv1_3];
}
- config.set_single_cert(ARGS.cert_chain.clone(), ARGS.key.clone())?;
+ config.cert_resolver = ARGS.certs.clone();
Ok(TlsAcceptor::from(Arc::new(config)))
}