Initial update of rustls and axum-server.

Cargo.toml

@@ -25,14 +25,14 @@ x509-parser = "0.15"
 chrono = { version = "0.4.24", default-features = false, features = ["clock"] }
 url = "2.2.2"
 async-trait = "0.1.53"
-rustls = "0.21"
+rustls = "0.22"
 
 tokio = { version = "1.20.1", default-features = false }
-tokio-rustls = { version = "0.24" }
+tokio-rustls = { version = "0.25" }
 reqwest = { version = "0.11.19", default-features = false, features = ["rustls-tls"] }
 
 # Axum
-axum-server = { version = "0.5", features = ["tls-rustls"], optional = true }
+axum-server = { version = "0.6", features = ["tls-rustls"], optional = true }
 
 [dev-dependencies]
 simple_logger = "4.1"

src/acme.rs

@@ -8,8 +8,8 @@ use rcgen::{Certificate, CustomExtension, RcgenError, PKCS_ECDSA_P256_SHA256};
 use ring::error::{KeyRejected, Unspecified};
 use ring::rand::SystemRandom;
 use ring::signature::{EcdsaKeyPair, EcdsaSigningAlgorithm, ECDSA_P256_SHA256_FIXED_SIGNING};
-use rustls::sign::{any_ecdsa_type, CertifiedKey};
-use rustls::{ClientConfig, PrivateKey};
+use rustls::{sign::CertifiedKey, crypto::ring::sign::any_ecdsa_type};
+use rustls::{ClientConfig, pki_types::PrivateKeyDer};
 use serde::{Deserialize, Serialize};
 use serde_json::json;
 use thiserror::Error;
@@ -178,8 +178,11 @@ impl Account {
         params.alg = &PKCS_ECDSA_P256_SHA256;
         params.custom_extensions = vec![CustomExtension::new_acme_identifier(key_auth.as_ref())];
         let cert = Certificate::from_params(params)?;
-        let pk = any_ecdsa_type(&PrivateKey(cert.serialize_private_key_der())).unwrap();
-        let certified_key = CertifiedKey::new(vec![rustls::Certificate(cert.serialize_der()?)], pk);
+        let pk_bytes = cert.serialize_private_key_der();
+        let pk_der: PrivateKeyDer = pk_bytes.into();
+        let pk = any_ecdsa_type(&pk_der).unwrap();
+        let cert_bytes = cert.serialize_der()?;
+        let certified_key = CertifiedKey::new(vec![cert_bytes.into()], pk);
         Ok((challenge, certified_key))
     }
 }

src/https_helper.rs

@@ -1,4 +1,4 @@
-use rustls::client::InvalidDnsNameError;
+use rustls::pki_types::InvalidDnsNameError;
 use rustls::ClientConfig;
 use std::sync::Arc;
 use thiserror::Error;

src/state.rs

@@ -7,9 +7,9 @@ use chrono::{DateTime, TimeZone, Utc};
 use futures::future::try_join_all;
 use futures::{ready, FutureExt, Stream};
 use rcgen::{CertificateParams, DistinguishedName, RcgenError, PKCS_ECDSA_P256_SHA256};
-use rustls::sign::{any_ecdsa_type, CertifiedKey};
-use rustls::Certificate as RustlsCertificate;
-use rustls::PrivateKey;
+use rustls::{sign::CertifiedKey, crypto::ring::sign::any_ecdsa_type};
+use rustls::pki_types::CertificateDer as RustlsCertificate;
+use rustls::pki_types::PrivateKeyDer;
 use std::convert::Infallible;
 use std::fmt::Debug;
 use std::future::Future;
@@ -159,13 +159,15 @@ impl<EC: 'static + Debug, EA: 'static + Debug> AcmeState<EC, EA> {
         if pems.len() < 2 {
             return Err(CertParseError::TooFewPem(pems.len()));
         }
-        let pk = match any_ecdsa_type(&PrivateKey(pems.remove(0).into_contents())) {
+        let pk_bytes = pems.remove(0).into_contents();
+        let pk: PrivateKeyDer = pk_bytes.into();
+        let pk = match any_ecdsa_type(&pk) {
             Ok(pk) => pk,
             Err(_) => return Err(CertParseError::InvalidPrivateKey),
         };
         let cert_chain: Vec<RustlsCertificate> = pems
             .into_iter()
-            .map(|p| RustlsCertificate(p.into_contents()))
+            .map(|p| p.into_contents().into())
             .collect();
         let validity = match parse_x509_certificate(cert_chain[0].0.as_slice()) {
             Ok((_, cert)) => {