mirrors/gst-plugins-rs
mirrors/gst-plugins-rs
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs.git synced 2024-11-10 20:31:10 +00:00
Code Issues Projects Releases Wiki Activity

net/quinn: Fix generation of self signed certificate

Browse source 
The certificate chain was incorrectly being passed the private key instead
of certificate. With rustls 0.23.11 version, this error was being caught
and reported. As stated in the 0.23.11 release, it has a new feature

"API for determining whether a CertifiedKey's certificate and private key
matches: keys_match(). This is called from existing fallible functions
that accept a private key and certificate (for example, with_single_cert())
so these functions now detect this misconfiguration."

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/1666>
This commit is contained in:
Sanchayan Maity 2024-07-12 12:25:56 +05:30
parent 797dd3f3ca
commit 12be9a24a6
1 changed files with 3 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
net/quinn/src/utils.rs
View file

@ -336,11 +336,10 @@ fn configure_server(
ep_config.private_key_file.clone(), ep_config.private_key_file.clone(),
)? )?
} else { } else {
let rcgen::CertifiedKey { cert: _, key_pair } = let rcgen::CertifiedKey { cert, key_pair } =
rcgen::generate_simple_self_signed(vec![ep_config.server_name.clone()]).unwrap(); rcgen::generate_simple_self_signed(vec![ep_config.server_name.clone()]).unwrap();
let cert_der = key_pair.serialize_der(); let priv_key = rustls_pki_types::PrivateKeyDer::try_from(key_pair.serialize_der()).unwrap();
let priv_key = rustls_pki_types::PrivateKeyDer::try_from(cert_der.clone()).unwrap(); let cert_chain = vec![rustls_pki_types::CertificateDer::from(cert)];
let cert_chain = vec![rustls_pki_types::CertificateDer::from(cert_der)];
(cert_chain, priv_key) (cert_chain, priv_key)
}; };