Update Rust crate env_logger to 0.10.2

Reviewed-on: #107

Cargo.toml

@@ -5,26 +5,27 @@ edition = "2021"
 description = "TCP-over-HTTP solution"
 
 [dependencies]
-clap = { version = "4.4.0", features = ["derive", "env"] }
+clap = { version = "4.4.18", features = ["derive", "env"] }
 log = "0.4.20"
-env_logger = "0.10.1"
+env_logger = "0.10.2"
 actix = "0.13.1"
-actix-web = { version = "4", features = ["rustls"] }
+actix-web = { version = "4", features = ["rustls-0_21"] }
 actix-web-actors = "4.2.0"
 actix-tls = "3.1.1"
-serde = { version = "1.0.185", features = ["derive"] }
-tokio = { version = "1", features = ["full"] }
-futures = "0.3.29"
+serde = { version = "1.0.195", features = ["derive"] }
+tokio = { version = "1.35.1", features = ["full"] }
+futures = "0.3.30"
 webpki = "0.22.4"
 x509-parser = "0.15.1"
-pem = "3.0.2"
-reqwest = { version = "0.11", features = ["json", "rustls-tls"], default-features = false }
-tokio-tungstenite = { version = "0.18.0", features = ["__rustls-tls", "rustls-tls-native-roots"] }
+pem = "3.0.3"
+reqwest = { version = "0.11.23", features = ["json", "rustls-tls"], default-features = false }
+tokio-tungstenite = { version = "0.20.0", features = ["__rustls-tls", "rustls-tls-native-roots"] }
 urlencoding = "2.1.3"
 hyper-rustls = { version = "0.23.2", features = ["rustls-native-certs"] }
-bytes = "1.4.0"
-rustls-pemfile = "1.0.4"
-rustls = { version = "0.20.7", features = ["dangerous_configuration"] }
+bytes = "1.5.0"
+rustls-pemfile = "2.0.0"
+rustls = { version = "0.21.0", features = ["dangerous_configuration"] }
+rustls-native-certs = "0.6.3"
 
 [dev-dependencies]
 rand = "0.8.5"

renovate.json

@@ -2,7 +2,7 @@
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "packageRules": [
     {
-      "matchUpdateTypes": ["minor", "patch"],
+      "matchUpdateTypes": ["major", "minor", "patch"],
       "automerge": true
     }
   ]

src/base/cert_utils.rs

@@ -2,16 +2,15 @@ use std::error::Error;
 use std::io::{Cursor, ErrorKind};
 
 use rustls::{Certificate, PrivateKey};
-use rustls_pemfile::{read_one, Item};
+use rustls_pemfile::Item;
 
 /// Parse PEM certificates bytes into a [`rustls::Certificate`] structure
 ///
 /// An error is returned if not any certificate could be found
 pub fn parse_pem_certificates(certs: &[u8]) -> Result<Vec<Certificate>, Box<dyn Error>> {
-    let certs = rustls_pemfile::certs(&mut Cursor::new(certs))?
-        .into_iter()
-        .map(Certificate)
-        .collect::<Vec<_>>();
+    let certs = rustls_pemfile::certs(&mut Cursor::new(certs))
+        .map(|c| c.map(|c| Certificate(c.to_vec())))
+        .collect::<Result<Vec<_>, _>>()?;
 
     if certs.is_empty() {
         Err(std::io::Error::new(
@@ -26,7 +25,7 @@ pub fn parse_pem_certificates(certs: &[u8]) -> Result<Vec<Certificate>, Box<dyn
 
 /// Parse PEM private key bytes into a [`rustls::PrivateKey`] structure
 pub fn parse_pem_private_key(privkey: &[u8]) -> Result<PrivateKey, Box<dyn Error>> {
-    let key = match read_one(&mut Cursor::new(privkey))? {
+    let key = match rustls_pemfile::read_one(&mut Cursor::new(privkey))? {
         None => {
             Err(std::io::Error::new(
                 ErrorKind::Other,
@@ -34,8 +33,8 @@ pub fn parse_pem_private_key(privkey: &[u8]) -> Result<PrivateKey, Box<dyn Error
             ))?;
             unreachable!()
         }
-        Some(Item::PKCS8Key(key)) => key,
-        Some(Item::RSAKey(key)) => key,
+        Some(Item::Pkcs8Key(key)) => key.secret_pkcs8_der().to_vec(),
+        Some(Item::Pkcs1Key(key)) => key.secret_pkcs1_der().to_vec(),
         _ => {
             Err(std::io::Error::new(
                 ErrorKind::Other,

src/tcp_relay_client/relay_client.rs

@@ -1,7 +1,6 @@
 use std::sync::Arc;
 
 use futures::{SinkExt, StreamExt};
-use hyper_rustls::ConfigBuilderExt;
 use rustls::RootCertStore;
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
 use tokio::net::{TcpListener, TcpStream};
@@ -42,7 +41,17 @@ async fn relay_connection(ws_url: String, socket: TcpStream, conf: Arc<ClientCon
         let config = rustls::ClientConfig::builder().with_safe_defaults();
 
         let config = match conf.get_root_certificate() {
-            None => config.with_native_roots(),
+            None => {
+                // Perform a connection over TLS
+                let mut roots = RootCertStore::empty();
+                for cert in rustls_native_certs::load_native_certs()
+                    .expect("Failed to load native certificates")
+                {
+                    roots.add(&rustls::Certificate(cert.0)).unwrap();
+                }
+
+                config.with_root_certificates(roots)
+            }
             Some(cert) => {
                 log::debug!("Using custom root certificates");
                 let mut store = RootCertStore::empty();
@@ -65,14 +74,14 @@ async fn relay_connection(ws_url: String, socket: TcpStream, conf: Arc<ClientCon
                     .expect("Failed to parse client auth private key!");
 
                 config
-                    .with_single_cert(certs, key)
+                    .with_client_auth_cert(certs, key)
                     .expect("Failed to set client certificate!")
             }
         };
         let connector = tokio_tungstenite::Connector::Rustls(Arc::new(config));
 
         let (ws_stream, _) =
-            tokio_tungstenite::connect_async_tls_with_config(ws_url, None, Some(connector))
+            tokio_tungstenite::connect_async_tls_with_config(ws_url, None, false, Some(connector))
                 .await
                 .expect("Failed to connect to server relay!");
 

src/tcp_relay_server/mod.rs

@@ -121,7 +121,7 @@ pub async fn run_app(mut config: ServerConfig) -> std::io::Result<()> {
     });
 
     if let Some(tls_conf) = tls_config {
-        server.bind_rustls(&args.listen_address, tls_conf)?
+        server.bind_rustls_021(&args.listen_address, tls_conf)?
     } else {
         server.bind(&args.listen_address)?
     }

src/tcp_relay_server/tls_cert_client_verifier.rs

@@ -1,9 +1,8 @@
 use std::sync::Arc;
 use std::time::SystemTime;
 
-use rustls::internal::msgs::enums::AlertDescription;
 use rustls::server::{AllowAnyAuthenticatedClient, ClientCertVerified, ClientCertVerifier};
-use rustls::{Certificate, DistinguishedNames, Error, RootCertStore};
+use rustls::{AlertDescription, Certificate, DistinguishedName, Error, RootCertStore};
 use x509_parser::prelude::{CertificateRevocationList, FromDer, X509Certificate};
 
 use crate::base::cert_utils::parse_pem_certificates;
@@ -61,7 +60,7 @@ impl CustomCertClientVerifier {
         };
 
         Ok(Self {
-            upstream_cert_verifier: Box::new(AllowAnyAuthenticatedClient::new(store)),
+            upstream_cert_verifier: Box::new(Arc::new(AllowAnyAuthenticatedClient::new(store))),
             crl,
         })
     }
@@ -72,12 +71,12 @@ impl ClientCertVerifier for CustomCertClientVerifier {
         true
     }
 
-    fn client_auth_mandatory(&self) -> Option<bool> {
-        Some(true)
+    fn client_auth_mandatory(&self) -> bool {
+        true
     }
 
-    fn client_auth_root_subjects(&self) -> Option<DistinguishedNames> {
-        Some(vec![])
+    fn client_auth_root_subjects(&self) -> &[DistinguishedName] {
+        &[]
     }
 
     fn verify_client_cert(