mirror of
https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs.git
synced 2025-01-18 15:15:37 +00:00
net/quinn: Fix generation of self signed certificate
The certificate chain was incorrectly being passed the private key instead of certificate. With rustls 0.23.11 version, this error was being caught and reported. As stated in the 0.23.11 release, it has a new feature "API for determining whether a CertifiedKey's certificate and private key matches: keys_match(). This is called from existing fallible functions that accept a private key and certificate (for example, with_single_cert()) so these functions now detect this misconfiguration." Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/1666>
This commit is contained in:
parent
797dd3f3ca
commit
12be9a24a6
1 changed files with 3 additions and 4 deletions
|
@ -336,11 +336,10 @@ fn configure_server(
|
||||||
ep_config.private_key_file.clone(),
|
ep_config.private_key_file.clone(),
|
||||||
)?
|
)?
|
||||||
} else {
|
} else {
|
||||||
let rcgen::CertifiedKey { cert: _, key_pair } =
|
let rcgen::CertifiedKey { cert, key_pair } =
|
||||||
rcgen::generate_simple_self_signed(vec![ep_config.server_name.clone()]).unwrap();
|
rcgen::generate_simple_self_signed(vec![ep_config.server_name.clone()]).unwrap();
|
||||||
let cert_der = key_pair.serialize_der();
|
let priv_key = rustls_pki_types::PrivateKeyDer::try_from(key_pair.serialize_der()).unwrap();
|
||||||
let priv_key = rustls_pki_types::PrivateKeyDer::try_from(cert_der.clone()).unwrap();
|
let cert_chain = vec![rustls_pki_types::CertificateDer::from(cert)];
|
||||||
let cert_chain = vec![rustls_pki_types::CertificateDer::from(cert_der)];
|
|
||||||
|
|
||||||
(cert_chain, priv_key)
|
(cert_chain, priv_key)
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue