diff --git a/docker/certs/README.md b/docker/certs/README.md new file mode 100644 index 00000000..074e19e3 --- /dev/null +++ b/docker/certs/README.md @@ -0,0 +1,11 @@ +## Important + +The certificate has been produced with [`minica`](https://github.com/jsha/minica): + +```sh +./minica -domains 'localhost' +``` + +The lib's version used was `1.1.0` and the default algorithm at the time of issuance was `ecdsa`. + +The certificate was issued on `August 13, 2024` and will be valid for `2 years and 30 days` (which is a limitation [imposed](https://github.com/jsha/minica/blob/c5ce70c9b524953b13628607abafd7a557c6f074/main.go#L277-L281) by certain platforms). diff --git a/docker/certs/faktory.local.crt b/docker/certs/faktory.local.crt index 1214e42b..677d2d0f 100644 --- a/docker/certs/faktory.local.crt +++ b/docker/certs/faktory.local.crt @@ -1,21 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIDazCCAlMCFAxQwXkfT4M84/fevISct//qQskRMA0GCSqGSIb3DQEBCwUAMHEx -CzAJBgNVBAYTAlVaMREwDwYDVQQIDAhUYXNoa2VudDERMA8GA1UEBwwIVGFzaGtl -bnQxEzARBgNVBAoMCmZha3RvcnktcnMxEzARBgNVBAsMCmZha3RvcnktcnMxEjAQ -BgNVBAMMCWxvY2FsaG9zdDAgFw0yNDAyMDMyMDI1MDlaGA8zMDA0MDQwNjIwMjUw -OVowcTELMAkGA1UEBhMCVVoxETAPBgNVBAgMCFRhc2hrZW50MREwDwYDVQQHDAhU -YXNoa2VudDETMBEGA1UECgwKZmFrdG9yeS1yczETMBEGA1UECwwKZmFrdG9yeS1y -czESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEA4ektheqTRy+eHn9j22AxGHqtg/elEiZC0UCLX51ysEkhnLLvFlVFtzd7 -q+nx1PNiHdH5i/TjdAYrXAZhKU/k2YfrgCyOjm/XxSw7ujXPP+cWOmdRYTexT9o7 -Yrg3ZYMniJbbTl8j37dieXHaO7FHAvpww1q/nbQkwD/1WqK1ggQY/OZ38wpUvsws -9LA7shuXdGnjAXunnRGEzZ2EG6T5hYw0PFL+2CHwr0lqNbCur8wu99t4ED9/vfLG -0TWRQwSnApyjHy89rn5Ze3vOiNzcBW778oZxwvzriEmbQQg6RxKE19AlaiV4+n5S -woAi8Ji69BKRUSlxRhW6eX4ABV2eOwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDS -EXuIvVx27LyWlIhfY6vwSWqeUoRXmMFpiBNTTvvHQKlJzLlDyn1b+CqHvMdE9RZh -FI5shZkiqtRRTUGVHB4o0ntwCQmWyV/5FQQ6EYs/bHXUcN2vt1XuU7WK4fRafPPu -snYDgg0TmpGvm+J8W64TfJogWqpPsnT4pOF+aNqW88TTs1JUnNFDBQmw2QKBK+AH -+V4zhpCjVXpKtVMTnDWHQfJh4whelD18lU1jPCbzQrRs2hQWQvtzKWi0YCYc1IXl -4E6eIOHRuiUl/mE3p3f2CGJIwxgrMuxN07ncnwVXBPCaVzSLWJHy0G61mFKH5R/7 -42EC7S/POk5GtzkMJ5Du +MIIB3DCCAWOgAwIBAgIIH7dYNg66/2UwCgYIKoZIzj0EAwMwIDEeMBwGA1UEAxMV +bWluaWNhIHJvb3QgY2EgMDI1MWZmMB4XDTI0MDgxMzA1NTQyOFoXDTI2MDkxMjA1 +NTQyOFowFDESMBAGA1UEAxMJbG9jYWxob3N0MHYwEAYHKoZIzj0CAQYFK4EEACID +YgAENZuBDDayhB5EzmRfErEoIbfE5IjWChNzjO4CLTrECemPqcJbjzsk8MBwB5cb +bHGMeg1nqkqof0ZkgrM4sWZsWNI1H/LODKdXBIqMpbU12iEs7S3eo5RaGlq9CtE6 +dYyAo3YwdDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG +AQUFBwMCMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUdieiiQwm+V0FBPIukYU/ +udp7ScwwFAYDVR0RBA0wC4IJbG9jYWxob3N0MAoGCCqGSM49BAMDA2cAMGQCMGL7 +ge3qiN2B0P0bQvf9DNCblvuC7rx6NcZraYpAj9HgO9iUTqyMVxB04uWiOOjE9wIw +D0ciU7opj7CqwaoC3EQbLleMoEuK8LLdHj/JfMxO2I9AlAxzT4ksIg/VSErlUEcv -----END CERTIFICATE----- diff --git a/docker/certs/faktory.local.key b/docker/certs/faktory.local.key index 08e1f32c..d8d59515 100644 --- a/docker/certs/faktory.local.key +++ b/docker/certs/faktory.local.key @@ -1,28 +1,6 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDh6S2F6pNHL54e -f2PbYDEYeq2D96USJkLRQItfnXKwSSGcsu8WVUW3N3ur6fHU82Id0fmL9ON0Bitc -BmEpT+TZh+uALI6Ob9fFLDu6Nc8/5xY6Z1FhN7FP2jtiuDdlgyeIlttOXyPft2J5 -cdo7sUcC+nDDWr+dtCTAP/VaorWCBBj85nfzClS+zCz0sDuyG5d0aeMBe6edEYTN -nYQbpPmFjDQ8Uv7YIfCvSWo1sK6vzC7323gQP3+98sbRNZFDBKcCnKMfLz2ufll7 -e86I3NwFbvvyhnHC/OuISZtBCDpHEoTX0CVqJXj6flLCgCLwmLr0EpFRKXFGFbp5 -fgAFXZ47AgMBAAECggEAJjyV4G86O1fDbw0HxUdMOAT3nnkJfv9r2sgObwISueS+ -5CtjDUgkkyS4cXoY3P7O0hZKoxYxc19h8mMACgKETQ9U3G5uOIyUnEJm35cg+4Ns -/ziijQ5knAvndkeQ1MU0qUlDWEoBI+oBqGWNVwIj70ydTmtrOFGX0NRiflNA3n7q -pJbdRZzKnTxXxRwIRuGA1y6SlBLQ740hVOm56iLtRJ+P0kNErSL8Uhws/X9/0MXH -W8r2JVikNumBZH18MK+wBGulwZBcLurFfv31hbeQ/FnckOJ1OE53rnV+tBrZN7Ap -6eR4IMcVPfunnGX+meEUnJfmC0HrdQXucDB8Ey/biQKBgQDygP0JeUKpSWX2uSfV -2c8N0opmC2uHswOhf+H9TOyA4DO5NmlbOqVv+uUwRQvIkoen8XNMCPOyoK7WZNAB -hfyU+ck3HDIBqHbGBisUXDNLgIQIhWVznYK0QC+YYr+rEmFun0sMriuhZsU1q2mW -VoAPSTJhaufRb0TKib9Tarzg4wKBgQDue8jk0tbK5xL9dcyn1CxHtDAbfyQfQnSd -G+GcQDDCamgbKI042A5lPSToYEOpSMTOn/n5CmezsSMFnwuwZAgQ1Pbd3YeknBCi -6jWzqYcC11u3EeX9YPJgEDZq0uSWNZg0phDBsu+PYq7vDAriCsMeQrLMvQb0Fs3n -Pp4vVzSEyQKBgQCb+h1G/6jBzAT6WYNmyE6mPFpqYkQKpzjZorCPxO+FwS9jnLzN -Qf5w9TZ/Apoeqyj3+5RGPqfIqBNssLEdmbmpdLRYbxk2+c1Td1o0IU2Y7ZN/C5YC -dDhCidpTMIjJluv2RBz4jfpgOQL1j0g9u2to6ZKvGBz9F41unITkOY49MwKBgEzk -1qqJHL6BcQsOT3WRoNFh1N0YyoHVwJnjooPp4o7dFkIjeh1o9INKCrtuRoKvtt1U -kZnt8+/pXnxygqdWKY+byxlQU2sM8wREdho+wAx3edf2Smy/NIcq0xDwfMm98ByR -qvd5hWp7DCKBhITLqYv5P4NqM3LCY5N7CjADcyiZAoGBALXXR5WSHLjtzaN4Eeti -pWur1VN30HiM2zRTXwTxx6X7y/FI5xzoCVAJb6tSpC/aXzFx05Xa/LyhDXI2sbhm -G3a4tjBRrief5z8XQ7gdBSiyRtLc1XFy3kmeN2HTPMWSIrbk56xyEOqbXov5S+41 -hWwNT3lodEZ2ymFWEZHHAvhb +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCs4MYYR22MIL1rZitb +nZF25hbh9M1aI4uPdn+Vqzphuk+tjEMAmYbAZcSCCGGoUzKhZANiAAQ1m4EMNrKE +HkTOZF8SsSght8TkiNYKE3OM7gItOsQJ6Y+pwluPOyTwwHAHlxtscYx6DWeqSqh/ +RmSCszixZmxY0jUf8s4Mp1cEioyltTXaISztLd6jlFoaWr0K0Tp1jIA= -----END PRIVATE KEY----- diff --git a/src/tls/rustls.rs b/src/tls/rustls.rs index 35d81562..708f1cfd 100644 --- a/src/tls/rustls.rs +++ b/src/tls/rustls.rs @@ -194,14 +194,11 @@ impl ServerCertVerifier for NoCertVerification { fn verify_tls13_signature( &self, - _message: &[u8], - _cert: &CertificateDer<'_>, - _dss: &DigitallySignedStruct, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &DigitallySignedStruct, ) -> Result { - // TODO: figure out what's wring with the test cert - // IO(Custom { kind: ConnectionAborted, error: Custom { kind: InvalidData, error: InvalidCertificate(Other(OtherError(UnsupportedCertVersion))) } }) - // self.0.verify_tls13_signature(message, cert, dss) - Ok(HandshakeSignatureValid::assertion()) + self.0.verify_tls13_signature(message, cert, dss) } fn supported_verify_schemes(&self) -> Vec { diff --git a/tests/tls/rustls.rs b/tests/tls/rustls.rs index 52cf422b..28399bf5 100644 --- a/tests/tls/rustls.rs +++ b/tests/tls/rustls.rs @@ -27,7 +27,7 @@ async fn roundtrip_tls() { let tls = || async { let verifier = fixtures::TestServerCertVerifier::new( - SignatureScheme::RSA_PSS_SHA512, + SignatureScheme::ECDSA_NISTP384_SHA384, env::current_dir() .unwrap() .join("docker")