Skip to content

Commit 3a20a92

Browse files
tottototottoto
authored
chore: replace rustls-pemfile with rustls-pki-types (#3725)
1 parent f42561b commit 3a20a92

File tree

3 files changed

+13
-25
lines changed

3 files changed

+13
-25
lines changed

Cargo.lock

Lines changed: 1 addition & 10 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

sqlx-core/Cargo.toml

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ _tls-native-tls = ["native-tls"]
2525
_tls-rustls-aws-lc-rs = ["_tls-rustls", "rustls/aws-lc-rs", "webpki-roots"]
2626
_tls-rustls-ring-webpki = ["_tls-rustls", "rustls/ring", "webpki-roots"]
2727
_tls-rustls-ring-native-roots = ["_tls-rustls", "rustls/ring", "rustls-native-certs"]
28-
_tls-rustls = ["rustls", "rustls-pemfile"]
28+
_tls-rustls = ["rustls"]
2929
_tls-none = []
3030

3131
# support offline/decoupled building (enables serialization of `Describe`)
@@ -39,8 +39,7 @@ tokio = { workspace = true, optional = true }
3939
# TLS
4040
native-tls = { version = "0.2.10", optional = true }
4141

42-
rustls = { version = "0.23.11", default-features = false, features = ["std", "tls12"], optional = true }
43-
rustls-pemfile = { version = "2", optional = true }
42+
rustls = { version = "0.23.15", default-features = false, features = ["std", "tls12"], optional = true }
4443
webpki-roots = { version = "0.26", optional = true }
4544
rustls-native-certs = { version = "0.8.0", optional = true }
4645

sqlx-core/src/net/tls/tls_rustls.rs

Lines changed: 10 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
use futures_util::future;
2-
use std::io::{self, BufReader, Cursor, Read, Write};
2+
use std::io::{self, Read, Write};
33
use std::sync::Arc;
44
use std::task::{Context, Poll};
55

@@ -9,7 +9,10 @@ use rustls::{
99
WebPkiServerVerifier,
1010
},
1111
crypto::{verify_tls12_signature, verify_tls13_signature, CryptoProvider},
12-
pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime},
12+
pki_types::{
13+
pem::{self, PemObject},
14+
CertificateDer, PrivateKeyDer, ServerName, UnixTime,
15+
},
1316
CertificateError, ClientConfig, ClientConnection, Error as TlsError, RootCertStore,
1417
};
1518

@@ -141,9 +144,8 @@ where
141144

142145
if let Some(ca) = tls_config.root_cert_path {
143146
let data = ca.data().await?;
144-
let mut cursor = Cursor::new(data);
145147

146-
for result in rustls_pemfile::certs(&mut cursor) {
148+
for result in CertificateDer::pem_slice_iter(&data) {
147149
let Ok(cert) = result else {
148150
return Err(Error::Tls(format!("Invalid certificate {ca}").into()));
149151
};
@@ -196,19 +198,15 @@ where
196198
}
197199

198200
fn certs_from_pem(pem: Vec<u8>) -> Result<Vec<CertificateDer<'static>>, Error> {
199-
let cur = Cursor::new(pem);
200-
let mut reader = BufReader::new(cur);
201-
rustls_pemfile::certs(&mut reader)
201+
CertificateDer::pem_slice_iter(&pem)
202202
.map(|result| result.map_err(|err| Error::Tls(err.into())))
203203
.collect()
204204
}
205205

206206
fn private_key_from_pem(pem: Vec<u8>) -> Result<PrivateKeyDer<'static>, Error> {
207-
let cur = Cursor::new(pem);
208-
let mut reader = BufReader::new(cur);
209-
match rustls_pemfile::private_key(&mut reader) {
210-
Ok(Some(key)) => Ok(key),
211-
Ok(None) => Err(Error::Configuration("no keys found pem file".into())),
207+
match PrivateKeyDer::from_pem_slice(&pem) {
208+
Ok(key) => Ok(key),
209+
Err(pem::Error::NoItemsFound) => Err(Error::Configuration("no keys found pem file".into())),
212210
Err(e) => Err(Error::Configuration(e.to_string().into())),
213211
}
214212
}

0 commit comments

Comments
 (0)