axum-server
axum-server copied to clipboard
programatik29
rustls 0.22 support
I had a look at the reverted support for rustls 0.22, which should be unblocked now that tokio-rustls 0.25 has been released.
However, I found one change in rustls 0.22 that might force a breaking change to axum-server.
The problem lies here:
fn config_from_der(cert: Vec<Vec<u8>>, key: Vec<u8>) -> io::Result<ServerConfig> {
// ...
}
The problem is that you can no longer build a ServerConfig directly from a private key in DER Vec<u8> form unless you know which flavor the key is. The expected input to a rustls ConfigBuilder is a PrivateKeyDer, which is defined as
pub enum PrivateKeyDer<'a> {
/// An RSA private key
Pkcs1(PrivatePkcs1KeyDer<'a>),
/// A Sec1 private key
Sec1(PrivateSec1KeyDer<'a>),
/// A PKCS#8 private key
Pkcs8(PrivatePkcs8KeyDer<'a>),
}
and there's no way to get a PrivateKeyDer from a Vec<u8>.
Is axum-server committed to this interface? It would be easier to implement this instead:
fn config_from_der(cert: Vec<PrivateKeyDer<'_>>, key: Vec<u8>) -> io::Result<ServerConfig> {
// ...
}
but that would mean that the rustls and openssl interfaces diverge. config_from_pem can stay the way it is, because rustls_pemfile functions return PrivateKeyDer values.
I would like to add that the rustls and openssl interfaces where never quite the same in the first place so for me this wouldn't be that big of an issue, and since axum_server is pre-v1.0.0 we can probably justify a breaking change while moving to v0.7.0.
I opened a draft PR in #106, if anyone else would like to have a look or test the changes.
It's a draft because I'm not sure if it's a good idea to land breaking changes since 0.6 just came out.
there's no way to get a
PrivateKeyDerfrom aVec<u8>.
Note that this got fixed in rustls-pki-types 1.4.0:
https://github.com/rustls/pki-types/releases/tag/v%2F1.4.0
