diff --git a/core/lib/Cargo.toml b/core/lib/Cargo.toml index 6a423294..c09efb11 100644 --- a/core/lib/Cargo.toml +++ b/core/lib/Cargo.toml @@ -55,7 +55,7 @@ tokio-rustls = { version = "0.25", optional = true } rustls-pemfile = { version = "2.0.0", optional = true } # Optional MTLS dependencies -x509-parser = { version = "0.13", optional = true } +x509-parser = { version = "0.16", optional = true } # Hyper dependencies http = "1" diff --git a/core/lib/src/mtls/certificate.rs b/core/lib/src/mtls/certificate.rs index f50f4994..906d821f 100644 --- a/core/lib/src/mtls/certificate.rs +++ b/core/lib/src/mtls/certificate.rs @@ -133,7 +133,7 @@ impl<'a> Certificate<'a> { fn parse_one(raw: &[u8]) -> Result> { use oid::OID_X509_EXT_SUBJECT_ALT_NAME as SUBJECT_ALT_NAME; - use x509_parser::traits::FromDer; + use x509::FromDer; let (left, x509) = x509::X509Certificate::from_der(raw)?; if !left.is_empty() { diff --git a/core/lib/src/mtls/error.rs b/core/lib/src/mtls/error.rs index 56b8d01e..703835f2 100644 --- a/core/lib/src/mtls/error.rs +++ b/core/lib/src/mtls/error.rs @@ -3,7 +3,7 @@ use std::num::NonZeroUsize; use crate::mtls::x509::{self, nom}; -/// An error returned by the [`Certificate`] request guard. +/// An error returned by the [`Certificate`](crate::mtls::Certificate) guard. /// /// To retrieve this error in a handler, use an `mtls::Result` /// guard type: @@ -65,10 +65,10 @@ impl From> for Error { } impl std::error::Error for Error { - // fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { - // match self { - // Error::Parse(e) => Some(e), - // _ => None - // } - // } + fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { + match self { + Error::Parse(e) => Some(e), + _ => None + } + } } diff --git a/core/lib/src/mtls/mod.rs b/core/lib/src/mtls/mod.rs index 10ce6dc0..a5a34b7e 100644 --- a/core/lib/src/mtls/mod.rs +++ b/core/lib/src/mtls/mod.rs @@ -1,9 +1,8 @@ //! Support for mutual TLS client certificates. //! -//! For details on how to configure mutual TLS, see -//! [`MutualTls`](crate::config::MutualTls) and the [TLS +//! For details on how to configure mutual TLS, see [`MtlsConfig`] and the [TLS //! guide](https://rocket.rs/master/guide/configuration/#tls). See -//! [`Certificate`] for a request guard that validated, verifies, and retrieves +//! [`Certificate`] for a request guard that validates, verifies, and retrieves //! client certificates. pub mod oid { @@ -28,17 +27,7 @@ pub mod x509 { //! Lack of documentation is directly inherited from the source crate. //! Prefer to use Rocket's wrappers when possible. - pub(crate) use x509_parser::nom; - pub use x509_parser::certificate::*; - pub use x509_parser::cri_attributes::*; - pub use x509_parser::error::*; - pub use x509_parser::extensions::*; - pub use x509_parser::revocation_list::*; - pub use x509_parser::time::*; - pub use x509_parser::x509::*; - pub use x509_parser::der_parser::der; - pub use x509_parser::der_parser::ber; - pub use x509_parser::traits::*; + pub use x509_parser::prelude::*; } mod certificate; @@ -51,6 +40,5 @@ pub use name::Name; pub use config::MtlsConfig; pub use certificate::{Certificate, CertificateDer}; -/// A type alias for [`Result`](std::result::Result) with the error type set to -/// [`Error`]. +/// A type alias for `Result` with the error type set to [`Error`]. pub type Result = std::result::Result; diff --git a/core/lib/src/mtls/name.rs b/core/lib/src/mtls/name.rs index c6198ace..ee83af9a 100644 --- a/core/lib/src/mtls/name.rs +++ b/core/lib/src/mtls/name.rs @@ -6,11 +6,12 @@ use ref_cast::RefCast; use crate::mtls::x509::X509Name; use crate::mtls::oid; -/// An X.509 Distinguished Name (DN) found in a [`Certificate`]. +/// An X.509 Distinguished Name (DN) found in a +/// [`Certificate`](crate::mtls::Certificate). /// -/// This type is a wrapper over [`x509::X509Name`] with convenient methods and +/// This type is a wrapper over [`X509Name`] with convenient methods and /// complete documentation. Should the data exposed by the inherent methods not -/// suffice, this type derefs to [`x509::X509Name`]. +/// suffice, this type derefs to [`X509Name`]. #[repr(transparent)] #[derive(Debug, PartialEq, RefCast)] pub struct Name<'a>(X509Name<'a>); @@ -113,7 +114,9 @@ impl<'a> Name<'a> { /// Returns `true` if `self` has no data. /// /// When this is the case for a `subject()`, the subject data can be found - /// in the `subjectAlt` [`extension()`](Certificate::extensions()). + /// in the `subjectAlt` [`extension`]. + /// + /// [`extension`]: crate::mtls::Certificate::extensions() /// /// # Example ///