Updated to latest rustls changes, fixed compilation and added feature flags

Author: ancwrd1

Cargo.toml

@@ -17,6 +17,7 @@ no-default-features = true
 
 [dependencies]
 rustls = { git = "https://github.com/rustls/rustls.git", default-features = false, features = ["std"] }
+rustls-pki-types = "1"
 windows-sys = { version = "0.60", features = ["Win32_Foundation", "Win32_Security_Cryptography"] }
 
 [dev-dependencies]
@@ -25,9 +26,11 @@ clap = { version = "4", features = ["derive"] }
 rustls-pki-types = "1"
 
 [features]
-default = ["logging", "tls12", "aws-lc-rs"]
-aws-lc-rs = ["rustls/aws_lc_rs"]
+default = ["log", "tls12", "aws-lc-rs"]
+aws-lc-rs = ["rustls/aws-lc-rs"]
 fips = ["rustls/fips"]
-logging = ["rustls/logging"]
+log = ["rustls/log"]
 ring = ["rustls/ring"]
 tls12 = ["rustls/tls12"]
+brotli = ["rustls/brotli"]
+zlib = ["rustls/zlib"]

examples/client.rs

@@ -57,11 +57,9 @@ impl ResolvesClientCert for ClientCertResolver {
         }
         for scheme in signing_key.supported_schemes() {
             if sigschemes.contains(scheme) {
-                return Some(Arc::new(CertifiedKey {
-                    cert: chain,
-                    key: Arc::new(signing_key),
-                    ocsp: None,
-                }));
+                return CertifiedKey::new(chain, Arc::new(signing_key))
+                    .ok()
+                    .map(Arc::new);
             }
         }
         None

examples/server.rs

@@ -54,7 +54,7 @@ pub struct ServerCertResolver {
 }
 
 impl ResolvesServerCert for ServerCertResolver {
-    fn resolve(&self, client_hello: ClientHello) -> Option<Arc<CertifiedKey>> {
+    fn resolve(&self, client_hello: &ClientHello) -> Option<Arc<CertifiedKey>> {
         println!("Client hello server name: {:?}", client_hello.server_name());
         let name = client_hello.server_name()?;
 
@@ -78,11 +78,7 @@ impl ResolvesServerCert for ServerCertResolver {
         let certs = chain.into_iter().map(Into::into).collect();
 
         // return CertifiedKey instance
-        Some(Arc::new(CertifiedKey {
-            cert: certs,
-            key: Arc::new(key),
-            ocsp: None,
-        }))
+        CertifiedKey::new(certs, Arc::new(key)).ok().map(Arc::new)
     }
 }
 

src/signer.rs

@@ -6,14 +6,13 @@ use rustls::{
     sign::{Signer, SigningKey},
     Error, OtherError, SignatureAlgorithm, SignatureScheme,
 };
-
-use crate::key::{AlgorithmGroup, NCryptKey, SignaturePadding};
-
-use windows_sys::Win32::Security::Cryptography::BCryptHash;
+use rustls_pki_types::SubjectPublicKeyInfoDer;
 use windows_sys::Win32::Security::Cryptography::{
-    BCRYPT_SHA256_ALG_HANDLE, BCRYPT_SHA384_ALG_HANDLE, BCRYPT_SHA512_ALG_HANDLE,
+    BCryptHash, BCRYPT_SHA256_ALG_HANDLE, BCRYPT_SHA384_ALG_HANDLE, BCRYPT_SHA512_ALG_HANDLE,
 };
 
+use crate::key::{AlgorithmGroup, NCryptKey, SignaturePadding};
+
 // Convert IEEE-P1363 signature format to DER encoding.
 // We assume the length of the r and s parts is less than 256 bytes.
 fn p1363_to_der(data: &[u8]) -> Vec<u8> {
@@ -193,6 +192,10 @@ impl SigningKey for CngSigningKey {
         None
     }
 
+    fn public_key(&self) -> Option<SubjectPublicKeyInfoDer<'_>> {
+        None
+    }
+
     fn algorithm(&self) -> SignatureAlgorithm {
         match self.algorithm_group {
             AlgorithmGroup::Rsa => SignatureAlgorithm::RSA,

tests/test_client_server.rs

@@ -48,11 +48,9 @@ mod client {
             let (chain, signing_key) = get_chain(&self.0, &self.1).ok()?;
             for scheme in signing_key.supported_schemes() {
                 if sigschemes.contains(scheme) {
-                    return Some(Arc::new(CertifiedKey {
-                        cert: chain,
-                        key: Arc::new(signing_key),
-                        ocsp: None,
-                    }));
+                    return CertifiedKey::new(chain, Arc::new(signing_key))
+                        .ok()
+                        .map(Arc::new);
                 }
             }
             None
@@ -117,7 +115,7 @@ mod server {
     pub struct ServerCertResolver(CertStore);
 
     impl ResolvesServerCert for ServerCertResolver {
-        fn resolve(&self, client_hello: ClientHello) -> Option<Arc<CertifiedKey>> {
+        fn resolve(&self, client_hello: &ClientHello) -> Option<Arc<CertifiedKey>> {
             let name = client_hello.server_name()?;
 
             let contexts = self.0.find_by_subject_str(name).ok()?;
@@ -130,11 +128,7 @@ mod server {
             let chain = context.as_chain_der().ok()?;
             let certs = chain.into_iter().map(Into::into).collect();
 
-            Some(Arc::new(CertifiedKey {
-                cert: certs,
-                key: Arc::new(key),
-                ocsp: None,
-            }))
+            CertifiedKey::new(certs, Arc::new(key)).ok().map(Arc::new)
         }
     }