From 12be9a24a687fe74ddd9eb4d930fdbe7b09bd22f Mon Sep 17 00:00:00 2001 From: Sanchayan Maity Date: Fri, 12 Jul 2024 12:25:56 +0530 Subject: [PATCH] net/quinn: Fix generation of self signed certificate The certificate chain was incorrectly being passed the private key instead of certificate. With rustls 0.23.11 version, this error was being caught and reported. As stated in the 0.23.11 release, it has a new feature "API for determining whether a CertifiedKey's certificate and private key matches: keys_match(). This is called from existing fallible functions that accept a private key and certificate (for example, with_single_cert()) so these functions now detect this misconfiguration." Part-of: --- net/quinn/src/utils.rs | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/net/quinn/src/utils.rs b/net/quinn/src/utils.rs index 9aa57fc4..f1faa3d0 100644 --- a/net/quinn/src/utils.rs +++ b/net/quinn/src/utils.rs @@ -336,11 +336,10 @@ fn configure_server( ep_config.private_key_file.clone(), )? } else { - let rcgen::CertifiedKey { cert: _, key_pair } = + let rcgen::CertifiedKey { cert, key_pair } = rcgen::generate_simple_self_signed(vec![ep_config.server_name.clone()]).unwrap(); - let cert_der = key_pair.serialize_der(); - let priv_key = rustls_pki_types::PrivateKeyDer::try_from(cert_der.clone()).unwrap(); - let cert_chain = vec![rustls_pki_types::CertificateDer::from(cert_der)]; + let priv_key = rustls_pki_types::PrivateKeyDer::try_from(key_pair.serialize_der()).unwrap(); + let cert_chain = vec![rustls_pki_types::CertificateDer::from(cert)]; (cert_chain, priv_key) };