From 8a98872e4a281f7a079e46fc9483b29d6e1a0723 Mon Sep 17 00:00:00 2001 From: Danielle Lancashire Date: Sat, 23 Mar 2024 09:34:58 +0100 Subject: [PATCH] tls: Update dependencies and fixes for removed types This unbreaks building spin on RiscV, and is otherwise good dependency hygiene. Signed-off-by: Danielle Lancashire --- Cargo.lock | 102 ++++++--------------------------- crates/trigger-http/Cargo.toml | 8 +-- crates/trigger-http/src/tls.rs | 14 ++--- 3 files changed, 25 insertions(+), 99 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b28d041e14..8d61cfdef3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2035,7 +2035,7 @@ checksum = "55ac459de2512911e4b674ce33cf20befaba382d05b62b008afc1c8b57cbf181" dependencies = [ "futures-core", "futures-sink", - "spin 0.9.8", + "spin", ] [[package]] @@ -5222,21 +5222,6 @@ dependencies = [ "winreg", ] -[[package]] -name = "ring" -version = "0.16.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" -dependencies = [ - "cc", - "libc", - "once_cell", - "spin 0.5.2", - "untrusted 0.7.1", - "web-sys", - "winapi", -] - [[package]] name = "ring" version = "0.17.8" @@ -5247,8 +5232,8 @@ dependencies = [ "cfg-if", "getrandom 0.2.12", "libc", - "spin 0.9.8", - "untrusted 0.9.0", + "spin", + "untrusted", "windows-sys 0.52.0", ] @@ -5406,18 +5391,6 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "rustls" -version = "0.20.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b80e3dec595989ea8510028f30c408a4630db12c9cbb8de34203b89d6577e99" -dependencies = [ - "log", - "ring 0.16.20", - "sct", - "webpki", -] - [[package]] name = "rustls" version = "0.21.10" @@ -5425,7 +5398,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" dependencies = [ "log", - "ring 0.17.8", + "ring", "rustls-webpki 0.101.7", "sct", ] @@ -5437,7 +5410,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e87c9956bd9807afa1f77e0f7594af32566e830e088a5576d27c5b6f30f49d41" dependencies = [ "log", - "ring 0.17.8", + "ring", "rustls-pki-types", "rustls-webpki 0.102.2", "subtle", @@ -5469,15 +5442,6 @@ dependencies = [ "security-framework", ] -[[package]] -name = "rustls-pemfile" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ee86d63972a7c661d1536fefe8c3c8407321c3df668891286de28abcd087360" -dependencies = [ - "base64 0.13.1", -] - [[package]] name = "rustls-pemfile" version = "1.0.4" @@ -5509,8 +5473,8 @@ version = "0.101.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" dependencies = [ - "ring 0.17.8", - "untrusted 0.9.0", + "ring", + "untrusted", ] [[package]] @@ -5519,9 +5483,9 @@ version = "0.102.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" dependencies = [ - "ring 0.17.8", + "ring", "rustls-pki-types", - "untrusted 0.9.0", + "untrusted", ] [[package]] @@ -5592,8 +5556,8 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" dependencies = [ - "ring 0.17.8", - "untrusted 0.9.0", + "ring", + "untrusted", ] [[package]] @@ -5915,12 +5879,6 @@ dependencies = [ "smallvec", ] -[[package]] -name = "spin" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" - [[package]] name = "spin" version = "0.9.8" @@ -6590,7 +6548,7 @@ dependencies = [ "num_cpus", "outbound-http", "percent-encoding", - "rustls-pemfile 0.3.0", + "rustls-pemfile 2.1.1", "serde", "serde_json", "spin-app", @@ -6604,7 +6562,7 @@ dependencies = [ "terminal", "tls-listener", "tokio", - "tokio-rustls 0.23.4", + "tokio-rustls 0.25.0", "tracing", "url", "wasi-common", @@ -7057,16 +7015,15 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tls-listener" -version = "0.4.3" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e8a215badde081a06ee0a7fbc9c9f0d580c022fbdc547065f62103aef71e178" +checksum = "ce110c38c3c9b6e5cc4fe72e60feb5b327750388a10a276e3d5d7d431e3dc76c" dependencies = [ "futures-util", - "hyper 0.14.28", "pin-project-lite", "thiserror", "tokio", - "tokio-rustls 0.23.4", + "tokio-rustls 0.25.0", ] [[package]] @@ -7171,17 +7128,6 @@ dependencies = [ "whoami", ] -[[package]] -name = "tokio-rustls" -version = "0.23.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c43ee83903113e03984cb9e5cebe6c04a5116269e900e3ddba8f068a62adda59" -dependencies = [ - "rustls 0.20.9", - "tokio", - "webpki", -] - [[package]] name = "tokio-rustls" version = "0.24.1" @@ -7605,12 +7551,6 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39ec24b3121d976906ece63c9daad25b85969647682eee313cb5779fdd69e14e" -[[package]] -name = "untrusted" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" - [[package]] name = "untrusted" version = "0.9.0" @@ -8432,16 +8372,6 @@ dependencies = [ "wasm-bindgen", ] -[[package]] -name = "webpki" -version = "0.22.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed63aea5ce73d0ff405984102c42de94fc55a6b75765d621c65262469b3c9b53" -dependencies = [ - "ring 0.17.8", - "untrusted 0.9.0", -] - [[package]] name = "webpki-roots" version = "0.25.4" diff --git a/crates/trigger-http/Cargo.toml b/crates/trigger-http/Cargo.toml index 98c4ba3894..b49aa158bf 100644 --- a/crates/trigger-http/Cargo.toml +++ b/crates/trigger-http/Cargo.toml @@ -20,7 +20,7 @@ http-body-util = { workspace = true } indexmap = "1" outbound-http = { path = "../outbound-http" } percent-encoding = "2" -rustls-pemfile = "0.3.0" +rustls-pemfile = "2.1.1" serde = { version = "1.0", features = ["derive"] } serde_json = "1" spin-app = { path = "../app" } @@ -31,13 +31,11 @@ spin-telemetry = { path = "../telemetry" } spin-trigger = { path = "../trigger" } spin-world = { path = "../world" } terminal = { path = "../terminal" } -tls-listener = { version = "0.4.0", features = [ +tls-listener = { version = "0.10.0", features = [ "rustls", - "hyper-h1", - "hyper-h2", ] } tokio = { version = "1.23", features = ["full"] } -tokio-rustls = { version = "0.23.2" } +tokio-rustls = { version = "0.25.0" } url = "2.4.1" tracing = { workspace = true } wasmtime = { workspace = true } diff --git a/crates/trigger-http/src/tls.rs b/crates/trigger-http/src/tls.rs index cb2ea0af67..cbaa0bb5b4 100644 --- a/crates/trigger-http/src/tls.rs +++ b/crates/trigger-http/src/tls.rs @@ -5,6 +5,7 @@ use std::{ sync::Arc, }; use tokio_rustls::{rustls, TlsAcceptor}; +use crate::tls::rustls::pki_types::{CertificateDer, PrivatePkcs8KeyDer}; /// TLS configuration for the server. #[derive(Clone)] @@ -22,9 +23,8 @@ impl TlsConfig { let mut keys = load_keys(&self.key_path)?; let cfg = rustls::ServerConfig::builder() - .with_safe_defaults() .with_no_client_auth() - .with_single_cert(certs, keys.remove(0)) + .with_single_cert(certs, tokio_rustls::rustls::pki_types::PrivateKeyDer::Pkcs8(keys.remove(0))) .map_err(|e| anyhow::anyhow!("{}", e))?; Ok(Arc::new(cfg).into()) @@ -32,15 +32,13 @@ impl TlsConfig { } // Loads public certificate from file. -fn load_certs(path: impl AsRef) -> io::Result> { +fn load_certs(path: impl AsRef) -> io::Result>> { certs(&mut io::BufReader::new(fs::File::open(path)?)) - .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert")) - .map(|mut certs| certs.drain(..).map(rustls::Certificate).collect()) + .collect() } // Loads private key from file. -fn load_keys(path: impl AsRef) -> io::Result> { +fn load_keys(path: impl AsRef) -> io::Result>> { pkcs8_private_keys(&mut io::BufReader::new(fs::File::open(path)?)) - .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key")) - .map(|mut keys| keys.drain(..).map(rustls::PrivateKey).collect()) + .collect() }