feat: support ecdsa tls cert (#119)

2022-08-02 09:32:11 +08:00 · 2022-08-02 09:32:11 +08:00 · 0918fb3fe4
commit 0918fb3fe4
parent 14efeb6360
5 changed files with 29 additions and 6 deletions
--- a/src/tls.rs
+++ b/src/tls.rs
@ -125,9 +125,9 @@ impl Accept for TlsAcceptor {
 // Load public certificate from file.
 pub fn load_certs(filename: &str) -> Result<Vec<Certificate>, Box<dyn std::error::Error>> {
    // Open certificate file.
-    let certfile = fs::File::open(&filename)
+    let cert_file = fs::File::open(&filename)
        .map_err(|e| format!("Failed to access `{}`, {}", &filename, e))?;
-    let mut reader = io::BufReader::new(certfile);
+    let mut reader = io::BufReader::new(cert_file);
    // Load and return certificate.
    let certs = rustls_pemfile::certs(&mut reader).map_err(|_| "Failed to load certificate")?;
@ -139,17 +139,18 @@ pub fn load_certs(filename: &str) -> Result<Vec<Certificate>, Box<dyn std::error
 // Load private key from file.
 pub fn load_private_key(filename: &str) -> Result<PrivateKey, Box<dyn std::error::Error>> {
-    // Open keyfile.
+    let key_file = fs::File::open(&filename)
    let keyfile = fs::File::open(&filename)
        .map_err(|e| format!("Failed to access `{}`, {}", &filename, e))?;
-    let mut reader = io::BufReader::new(keyfile);
+    let mut reader = io::BufReader::new(key_file);
    // Load and return a single private key.
    let keys = rustls_pemfile::read_all(&mut reader)
        .map_err(|e| format!("There was a problem with reading private key: {:?}", e))?
        .into_iter()
        .find_map(|item| match item {
-            rustls_pemfile::Item::RSAKey(key) | rustls_pemfile::Item::PKCS8Key(key) => Some(key),
+            rustls_pemfile::Item::RSAKey(key)
            | rustls_pemfile::Item::PKCS8Key(key)
            | rustls_pemfile::Item::ECKey(key) => Some(key),
            _ => None,
        })
        .ok_or("No supported private key in file")?;
--- a/tests/data/cert_ecdsa.pem
+++ b/tests/data/cert_ecdsa.pem
@ -0,0 +1,11 @@
 -----BEGIN CERTIFICATE-----
 MIIBfTCCASOgAwIBAgIUfrAUHXIfeM54OLnTIUD9xT6FIwkwCgYIKoZIzj0EAwIw
 FDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIyMDgwMjAxMjQ1NFoXDTMyMDczMDAx
 MjQ1NFowFDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0D
 AQcDQgAEW4tBe0jF2wYSLCvdreb0izR/8sgKNKkbe4xPyA9uNEbtTk58eoO3944R
 JPT6S5wRTHFpF0BJhQRfiuW4K2EUcaNTMFEwHQYDVR0OBBYEFEebUDkiMJoV2d5W
 8o+6p4DauHFFMB8GA1UdIwQYMBaAFEebUDkiMJoV2d5W8o+6p4DauHFFMA8GA1Ud
 EwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAPJvmzqaq/S5yYxeB4se8k2z
 6pnVNxrTT2CqdPD8Z+7rAiBZAyU+5+KbQq3aZsmuNUx+YOqTDMkaUR/nd/tjnnOX
 gA==
 -----END CERTIFICATE-----
--- a/tests/data/generate_tls_certs.sh
+++ b/tests/data/generate_tls_certs.sh
@ -1,3 +1,5 @@
 #!/usr/bin/env bash
 openssl req -subj '/CN=localhost' -x509 -newkey rsa:4096 -keyout key_pkcs8.pem -out cert.pem -nodes -days 3650
 openssl rsa -in key_pkcs8.pem -out key_pkcs1.pem
 openssl ecparam -name prime256v1 -genkey -noout -out key_ecdsa.pem
 openssl req -subj '/CN=localhost' -x509 -key key_ecdsa.pem -out cert_ecdsa.pem -nodes -days 3650
--- a/tests/data/key_ecdsa.pem
+++ b/tests/data/key_ecdsa.pem
@ -0,0 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
 MHcCAQEEILOQ44lHqD4w12HJKlZJ+Y3u91eUKjabu3UKPSahhC89oAoGCCqGSM49
 AwEHoUQDQgAEW4tBe0jF2wYSLCvdreb0izR/8sgKNKkbe4xPyA9uNEbtTk58eoO3
 944RJPT6S5wRTHFpF0BJhQRfiuW4K2EUcQ==
 -----END EC PRIVATE KEY-----
--- a/tests/tls.rs
+++ b/tests/tls.rs
@ -17,6 +17,10 @@ use rstest::rstest;
        "--tls-cert", "tests/data/cert.pem",
        "--tls-key", "tests/data/key_pkcs1.pem",
 ]))]
 #[case(server(&[
        "--tls-cert", "tests/data/cert_ecdsa.pem",
        "--tls-key", "tests/data/key_ecdsa.pem",
 ]))]
 fn tls_works(#[case] server: TestServer) -> Result<(), Error> {
    let client = ClientBuilder::new()
        .danger_accept_invalid_certs(true)