From 5a4907292fee6591a7c2b14912fc4fee435df6cc Mon Sep 17 00:00:00 2001
From: Johann150 <johann.galle@protonmail.com>
Date: Sat, 27 Feb 2021 20:02:19 +0100
Subject: [PATCH] use certificate store

---
 src/main.rs | 43 ++++++++++---------------------------------
 1 file changed, 10 insertions(+), 33 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index b22f003..8beb1bc 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -7,17 +7,12 @@ use metadata::{FileOptions, PresetMeta};
 use {
     once_cell::sync::Lazy,
     percent_encoding::{percent_decode_str, percent_encode, AsciiSet, CONTROLS},
-    rustls::{
-        internal::pemfile::{certs, pkcs8_private_keys},
-        Certificate, NoClientAuth, PrivateKey, ServerConfig,
-    },
+    rustls::{NoClientAuth, ServerConfig},
     std::{
         borrow::Cow,
         error::Error,
         ffi::OsStr,
         fmt::Write,
-        fs::File,
-        io::BufReader,
         net::SocketAddr,
         path::{Path, PathBuf},
         sync::Arc,
@@ -78,8 +73,7 @@ static ARGS: Lazy<Args> = Lazy::new(|| {
 struct Args {
     addrs: Vec<SocketAddr>,
     content_dir: PathBuf,
-    cert_chain: Vec<Certificate>,
-    key: PrivateKey,
+    certs: Arc<certificates::CertStore>,
     hostnames: Vec<Host>,
     language: Option<String>,
     silent: bool,
@@ -100,15 +94,9 @@ fn args() -> Result<Args> {
     );
     opts.optopt(
         "",
-        "cert",
-        "TLS certificate PEM file (default ./cert.pem)",
-        "FILE",
-    );
-    opts.optopt(
-        "",
-        "key",
-        "PKCS8 private key file (default ./key.rsa)",
-        "FILE",
+        "certs",
+        "folder for certificate files (default ./.certificates/)",
+        "FOLDER",
     );
     opts.optmulti(
         "",
@@ -172,25 +160,14 @@ fn args() -> Result<Args> {
         ];
     }
 
-    let cert_file = File::open(check_path(
-        matches.opt_get_default("cert", "cert.pem".into())?,
-    )?)?;
-    let cert_chain = certs(&mut BufReader::new(cert_file)).or(Err("bad cert"))?;
-
-    let key_file = File::open(check_path(
-        matches.opt_get_default("key", "key.rsa".into())?,
-    )?)?;
-    let key = pkcs8_private_keys(&mut BufReader::new(key_file))
-        .or(Err("bad key file"))?
-        .drain(..)
-        .next()
-        .ok_or("no keys found")?;
+    let certs = Arc::new(certificates::CertStore::load_from(check_path(
+        matches.opt_get_default("certs", ".certificates".into())?,
+    )?)?);
 
     Ok(Args {
         addrs,
         content_dir: check_path(matches.opt_get_default("content", "content".into())?)?,
-        cert_chain,
-        key,
+        certs,
         hostnames,
         language: matches.opt_str("lang"),
         silent: matches.opt_present("s"),
@@ -218,7 +195,7 @@ fn acceptor() -> Result<TlsAcceptor> {
     if ARGS.only_tls13 {
         config.versions = vec![rustls::ProtocolVersion::TLSv1_3];
     }
-    config.set_single_cert(ARGS.cert_chain.clone(), ARGS.key.clone())?;
+    config.cert_resolver = ARGS.certs.clone();
     Ok(TlsAcceptor::from(Arc::new(config)))
 }