feat: support ecdsa tls cert (#119)

src/tls.rs

@@ -125,9 +125,9 @@ impl Accept for TlsAcceptor {
 // Load public certificate from file.
 pub fn load_certs(filename: &str) -> Result<Vec<Certificate>, Box<dyn std::error::Error>> {
     // Open certificate file.
-    let certfile = fs::File::open(&filename)
+    let cert_file = fs::File::open(&filename)
         .map_err(|e| format!("Failed to access `{}`, {}", &filename, e))?;
-    let mut reader = io::BufReader::new(certfile);
+    let mut reader = io::BufReader::new(cert_file);
 
     // Load and return certificate.
     let certs = rustls_pemfile::certs(&mut reader).map_err(|_| "Failed to load certificate")?;
@@ -139,17 +139,18 @@ pub fn load_certs(filename: &str) -> Result<Vec<Certificate>, Box<dyn std::error
 
 // Load private key from file.
 pub fn load_private_key(filename: &str) -> Result<PrivateKey, Box<dyn std::error::Error>> {
-    // Open keyfile.
-    let keyfile = fs::File::open(&filename)
+    let key_file = fs::File::open(&filename)
         .map_err(|e| format!("Failed to access `{}`, {}", &filename, e))?;
-    let mut reader = io::BufReader::new(keyfile);
+    let mut reader = io::BufReader::new(key_file);
 
     // Load and return a single private key.
     let keys = rustls_pemfile::read_all(&mut reader)
         .map_err(|e| format!("There was a problem with reading private key: {:?}", e))?
         .into_iter()
         .find_map(|item| match item {
-            rustls_pemfile::Item::RSAKey(key) | rustls_pemfile::Item::PKCS8Key(key) => Some(key),
+            rustls_pemfile::Item::RSAKey(key)
+            | rustls_pemfile::Item::PKCS8Key(key)
+            | rustls_pemfile::Item::ECKey(key) => Some(key),
             _ => None,
         })
         .ok_or("No supported private key in file")?;

tests/data/cert_ecdsa.pem

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBfTCCASOgAwIBAgIUfrAUHXIfeM54OLnTIUD9xT6FIwkwCgYIKoZIzj0EAwIw
+FDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMDgwMjAxMjQ1NFoXDTMyMDczMDAx
+MjQ1NFowFDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0D
+AQcDQgAEW4tBe0jF2wYSLCvdreb0izR/8sgKNKkbe4xPyA9uNEbtTk58eoO3944R
+JPT6S5wRTHFpF0BJhQRfiuW4K2EUcaNTMFEwHQYDVR0OBBYEFEebUDkiMJoV2d5W
+8o+6p4DauHFFMB8GA1UdIwQYMBaAFEebUDkiMJoV2d5W8o+6p4DauHFFMA8GA1Ud
+EwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAPJvmzqaq/S5yYxeB4se8k2z
+6pnVNxrTT2CqdPD8Z+7rAiBZAyU+5+KbQq3aZsmuNUx+YOqTDMkaUR/nd/tjnnOX
+gA==
+-----END CERTIFICATE-----

tests/data/generate_tls_certs.sh

@@ -1,3 +1,5 @@
 #!/usr/bin/env bash
 openssl req -subj '/CN=localhost' -x509 -newkey rsa:4096 -keyout key_pkcs8.pem -out cert.pem -nodes -days 3650
 openssl rsa -in key_pkcs8.pem -out key_pkcs1.pem
+openssl ecparam -name prime256v1 -genkey -noout -out key_ecdsa.pem
+openssl req -subj '/CN=localhost' -x509 -key key_ecdsa.pem -out cert_ecdsa.pem -nodes -days 3650

tests/data/key_ecdsa.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEILOQ44lHqD4w12HJKlZJ+Y3u91eUKjabu3UKPSahhC89oAoGCCqGSM49
+AwEHoUQDQgAEW4tBe0jF2wYSLCvdreb0izR/8sgKNKkbe4xPyA9uNEbtTk58eoO3
+944RJPT6S5wRTHFpF0BJhQRfiuW4K2EUcQ==
+-----END EC PRIVATE KEY-----

tests/tls.rs

@@ -17,6 +17,10 @@ use rstest::rstest;
         "--tls-cert", "tests/data/cert.pem",
         "--tls-key", "tests/data/key_pkcs1.pem",
 ]))]
+#[case(server(&[
+        "--tls-cert", "tests/data/cert_ecdsa.pem",
+        "--tls-key", "tests/data/key_ecdsa.pem",
+]))]
 fn tls_works(#[case] server: TestServer) -> Result<(), Error> {
     let client = ClientBuilder::new()
         .danger_accept_invalid_certs(true)