diff --git a/Cargo.toml b/Cargo.toml index 955156290..1a9a85839 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -124,7 +124,7 @@ pin-project-lite = "0.2.0" ipnet = "2.3" # Optional deps... -rustls-pemfile = { version = "1.0", optional = true } +rustls-pemfile = { version = "2", optional = true } ## default-tls hyper-tls = { version = "0.6", optional = true } diff --git a/src/tls.rs b/src/tls.rs index a502ab09d..8f979b15b 100644 --- a/src/tls.rs +++ b/src/tls.rs @@ -220,7 +220,11 @@ impl Certificate { fn read_pem_certs(reader: &mut impl BufRead) -> crate::Result>> { rustls_pemfile::certs(reader) - .map_err(|_| crate::error::builder("invalid certificate encoding")) + .map(|result| match result { + Ok(cert) => Ok(cert.as_ref().to_vec()), + Err(_) => Err(crate::error::builder("invalid certificate encoding")), + }) + .collect() } } @@ -326,6 +330,7 @@ impl Identity { /// This requires the `rustls-tls(-...)` Cargo feature enabled. #[cfg(feature = "__rustls")] pub fn from_pem(buf: &[u8]) -> crate::Result { + use rustls_pemfile::Item; use std::io::Cursor; let (key, certs) = { @@ -333,27 +338,22 @@ impl Identity { let mut sk = Vec::::new(); let mut certs = Vec::::new(); - for item in std::iter::from_fn(|| rustls_pemfile::read_one(&mut pem).transpose()) { - match item.map_err(|_| { - crate::error::builder(TLSError::General(String::from( - "Invalid identity PEM file", - ))) - })? { - rustls_pemfile::Item::X509Certificate(cert) => certs.push(cert.into()), - rustls_pemfile::Item::PKCS8Key(key) => { - sk.push(rustls_pki_types::PrivateKeyDer::Pkcs8(key.into())) - } - rustls_pemfile::Item::RSAKey(key) => { - sk.push(rustls_pki_types::PrivateKeyDer::Pkcs1(key.into())) - } - rustls_pemfile::Item::ECKey(key) => { - sk.push(rustls_pki_types::PrivateKeyDer::Sec1(key.into())) - } - _ => { + for result in rustls_pemfile::read_all(&mut pem) { + match result { + Ok(Item::X509Certificate(cert)) => certs.push(cert), + Ok(Item::Pkcs1Key(key)) => sk.push(key.into()), + Ok(Item::Pkcs8Key(key)) => sk.push(key.into()), + Ok(Item::Sec1Key(key)) => sk.push(key.into()), + Ok(_) => { return Err(crate::error::builder(TLSError::General(String::from( "No valid certificate was found", )))) } + Err(_) => { + return Err(crate::error::builder(TLSError::General(String::from( + "Invalid identity PEM file", + )))) + } } } diff --git a/tests/multipart.rs b/tests/multipart.rs index 425c830a7..8b5149e1d 100644 --- a/tests/multipart.rs +++ b/tests/multipart.rs @@ -89,7 +89,7 @@ async fn stream_part() { let ct = format!("multipart/form-data; boundary={}", form.boundary()); - let server = server::http(move |mut req| { + let server = server::http(move |req| { let ct = ct.clone(); let expected_body = expected_body.clone(); async move { @@ -144,7 +144,7 @@ fn blocking_file_part() { let ct = format!("multipart/form-data; boundary={}", form.boundary()); - let server = server::http(move |mut req| { + let server = server::http(move |req| { let ct = ct.clone(); let expected_body = expected_body.clone(); async move {