Skip to content

Commit

Permalink
Merge pull request #273 from sfackler/macos-chain
Browse files Browse the repository at this point in the history 
Exclude the leaf certificate from the chain when parsing PKCS#8 identities
  • Loading branch information
@sfackler
sfackler authored Jun 23, 2023
2 parents 8fa929d + 4b17833 commit adca3b7
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 12 deletions.
1 change: 1 addition & 0 deletions build.rs
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
#![allow(clippy::unusual_byte_groupings)]
use std::env;

fn main() {
Expand Down
8 changes: 4 additions & 4 deletions src/imp/openssl.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,14 +159,14 @@ pub struct Identity {
impl Identity {
pub fn from_pkcs12(buf: &[u8], pass: &str) -> Result<Identity, Error> {
let pkcs12 = Pkcs12::from_der(buf)?;
let parsed = pkcs12.parse(pass)?;
let parsed = pkcs12.parse2(pass)?;
Ok(Identity {
pkey: parsed.pkey,
cert: parsed.cert,
pkey: parsed.pkey.ok_or_else(|| Error::EmptyChain)?,
cert: parsed.cert.ok_or_else(|| Error::EmptyChain)?,
// > The stack is the reverse of what you might expect due to the way
// > PKCS12_parse is implemented, so we need to load it backwards.
// > https://github.com/sfackler/rust-native-tls/commit/05fb5e583be589ab63d9f83d986d095639f8ec44
chain: parsed.chain.into_iter().flatten().rev().collect(),
chain: parsed.ca.into_iter().flatten().rev().collect(),
})
}

Expand Down
12 changes: 4 additions & 8 deletions src/imp/security_framework.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,13 +106,13 @@ impl Identity {
.filename("key.pem")
.items(&mut items)
.keychain(&keychain)
.import(&key)?;
.import(key)?;

ImportOptions::new()
.filename("chain.pem")
.items(&mut items)
.keychain(&keychain)
.import(&pem)?;
.import(pem)?;

let cert = items
.certificates
Expand All @@ -121,7 +121,7 @@ impl Identity {
let ident = SecIdentity::with_certificate(&[keychain], cert)?;
Ok(Identity {
identity: ident,
chain: items.certificates,
chain: items.certificates.into_iter().skip(1).collect(),
})
}

Expand Down Expand Up @@ -507,11 +507,7 @@ impl<S: io::Read + io::Write> TlsStream<S> {
_ => return Ok(None),
};

let algorithm = match section
.iter()
.filter(|p| p.label().to_string() == "Algorithm")
.next()
{
let algorithm = match section.iter().find(|p| p.label() == "Algorithm") {
Some(property) => property,
None => return Ok(None),
};
Expand Down

0 comments on commit adca3b7

Please sign in to comment.