tls: Update dependencies and fixes for removed types

This unbreaks building spin on RiscV, and is otherwise good dependency hygiene. Signed-off-by: Danielle Lancashire <[email protected]>
fermyon · Mar 23, 2024 · 8a98872 · 8a98872
1 parent fc0baf4
commit 8a98872
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 99 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/trigger-http/Cargo.toml b/crates/trigger-http/Cargo.toml
@@ -20,7 +20,7 @@ http-body-util = { workspace = true }
 indexmap = "1"
 outbound-http = { path = "../outbound-http" }
 percent-encoding = "2"
-rustls-pemfile = "0.3.0"
+rustls-pemfile = "2.1.1"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1"
 spin-app = { path = "../app" }
@@ -31,13 +31,11 @@ spin-telemetry = { path = "../telemetry" }
 spin-trigger = { path = "../trigger" }
 spin-world = { path = "../world" }
 terminal = { path = "../terminal" }
-tls-listener = { version = "0.4.0", features = [
+tls-listener = { version = "0.10.0", features = [
     "rustls",
-    "hyper-h1",
-    "hyper-h2",
 ] }
 tokio = { version = "1.23", features = ["full"] }
-tokio-rustls = { version = "0.23.2" }
+tokio-rustls = { version = "0.25.0" }
 url = "2.4.1"
 tracing = { workspace = true }
 wasmtime = { workspace = true }

diff --git a/crates/trigger-http/src/tls.rs b/crates/trigger-http/src/tls.rs
@@ -5,6 +5,7 @@ use std::{
     sync::Arc,
 };
 use tokio_rustls::{rustls, TlsAcceptor};
+use crate::tls::rustls::pki_types::{CertificateDer, PrivatePkcs8KeyDer};
 
 /// TLS configuration for the server.
 #[derive(Clone)]
@@ -22,25 +23,22 @@ impl TlsConfig {
         let mut keys = load_keys(&self.key_path)?;
 
         let cfg = rustls::ServerConfig::builder()
-            .with_safe_defaults()
             .with_no_client_auth()
-            .with_single_cert(certs, keys.remove(0))
+            .with_single_cert(certs, tokio_rustls::rustls::pki_types::PrivateKeyDer::Pkcs8(keys.remove(0)))
             .map_err(|e| anyhow::anyhow!("{}", e))?;
 
         Ok(Arc::new(cfg).into())
     }
 }
 
 // Loads public certificate from file.
-fn load_certs(path: impl AsRef<Path>) -> io::Result<Vec<rustls::Certificate>> {
+fn load_certs(path: impl AsRef<Path>) -> io::Result<Vec<CertificateDer<'static>>> {
     certs(&mut io::BufReader::new(fs::File::open(path)?))
-        .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert"))
-        .map(|mut certs| certs.drain(..).map(rustls::Certificate).collect())
+        .collect()
 }
 
 // Loads private key from file.
-fn load_keys(path: impl AsRef<Path>) -> io::Result<Vec<rustls::PrivateKey>> {
+fn load_keys(path: impl AsRef<Path>) -> io::Result<Vec<PrivatePkcs8KeyDer<'static>>> {
     pkcs8_private_keys(&mut io::BufReader::new(fs::File::open(path)?))
-        .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"))
-        .map(|mut keys| keys.drain(..).map(rustls::PrivateKey).collect())
+        .collect()
 }