diff --git a/Cargo.lock b/Cargo.lock index c112899415..c24d2ff8fa 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3143,15 +3143,6 @@ dependencies = [ "security-framework 3.2.0", ] -[[package]] -name = "rustls-pemfile" -version = "2.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50" -dependencies = [ - "rustls-pki-types", -] - [[package]] name = "rustls-pki-types" version = "1.10.1" @@ -3591,7 +3582,7 @@ dependencies = [ "rust_decimal", "rustls", "rustls-native-certs", - "rustls-pemfile", + "rustls-pki-types", "serde", "serde_json", "sha2", diff --git a/sqlx-core/Cargo.toml b/sqlx-core/Cargo.toml index f767507bb4..dcd8083023 100644 --- a/sqlx-core/Cargo.toml +++ b/sqlx-core/Cargo.toml @@ -25,7 +25,7 @@ _tls-native-tls = ["native-tls"] _tls-rustls-aws-lc-rs = ["_tls-rustls", "rustls/aws-lc-rs", "webpki-roots"] _tls-rustls-ring-webpki = ["_tls-rustls", "rustls/ring", "webpki-roots"] _tls-rustls-ring-native-roots = ["_tls-rustls", "rustls/ring", "rustls-native-certs"] -_tls-rustls = ["rustls", "rustls-pemfile"] +_tls-rustls = ["rustls"] _tls-none = [] # support offline/decoupled building (enables serialization of `Describe`) @@ -39,8 +39,7 @@ tokio = { workspace = true, optional = true } # TLS native-tls = { version = "0.2.10", optional = true } -rustls = { version = "0.23.11", default-features = false, features = ["std", "tls12"], optional = true } -rustls-pemfile = { version = "2", optional = true } +rustls = { version = "0.23.15", default-features = false, features = ["std", "tls12"], optional = true } webpki-roots = { version = "0.26", optional = true } rustls-native-certs = { version = "0.8.0", optional = true } diff --git a/sqlx-core/src/net/tls/tls_rustls.rs b/sqlx-core/src/net/tls/tls_rustls.rs index d56859808c..1a85cf0ff9 100644 --- a/sqlx-core/src/net/tls/tls_rustls.rs +++ b/sqlx-core/src/net/tls/tls_rustls.rs @@ -1,5 +1,5 @@ use futures_util::future; -use std::io::{self, BufReader, Cursor, Read, Write}; +use std::io::{self, Read, Write}; use std::sync::Arc; use std::task::{Context, Poll}; @@ -9,7 +9,10 @@ use rustls::{ WebPkiServerVerifier, }, crypto::{verify_tls12_signature, verify_tls13_signature, CryptoProvider}, - pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime}, + pki_types::{ + pem::{self, PemObject}, + CertificateDer, PrivateKeyDer, ServerName, UnixTime, + }, CertificateError, ClientConfig, ClientConnection, Error as TlsError, RootCertStore, }; @@ -141,9 +144,8 @@ where if let Some(ca) = tls_config.root_cert_path { let data = ca.data().await?; - let mut cursor = Cursor::new(data); - for result in rustls_pemfile::certs(&mut cursor) { + for result in CertificateDer::pem_slice_iter(&data) { let Ok(cert) = result else { return Err(Error::Tls(format!("Invalid certificate {ca}").into())); }; @@ -196,19 +198,15 @@ where } fn certs_from_pem(pem: Vec) -> Result>, Error> { - let cur = Cursor::new(pem); - let mut reader = BufReader::new(cur); - rustls_pemfile::certs(&mut reader) + CertificateDer::pem_slice_iter(&pem) .map(|result| result.map_err(|err| Error::Tls(err.into()))) .collect() } fn private_key_from_pem(pem: Vec) -> Result, Error> { - let cur = Cursor::new(pem); - let mut reader = BufReader::new(cur); - match rustls_pemfile::private_key(&mut reader) { - Ok(Some(key)) => Ok(key), - Ok(None) => Err(Error::Configuration("no keys found pem file".into())), + match PrivateKeyDer::from_pem_slice(&pem) { + Ok(key) => Ok(key), + Err(pem::Error::NoItemsFound) => Err(Error::Configuration("no keys found pem file".into())), Err(e) => Err(Error::Configuration(e.to_string().into())), } }