chore(deps): upgrade rcgen to 0.13 (#2934)

dignifiedquire · web-flow · commit 38bfe5e952e1 · 2024-11-15T21:07:30.000Z
## Description Some breaking changes in rcgen, but all pretty straightforward. - [x] `iroh-net` - [x] `iroh-relay` - [x] `iroh-net-bench` - [x] `iroh-dns-server` `rcgen` changelog: https://github.com/rustls/rcgen/blob/main/rcgen/CHANGELOG.md#release-0130---march-28th-2024 The last remaining `0.12` usage, will be gone after this is released: n0-computer/tokio-rustls-acme#17 ## Breaking Changes None ## Notes & open questions  ## Change checklist - [ ] Self-review. - [ ] Documentation updates following the [style guide](https://rust-lang.github.io/rfcs/1574-more-api-documentation-conventions.html#appendix-a-full-conventions-text), if relevant. - [ ] Tests if relevant. - [ ] All breaking changes documented.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/iroh-dns-server/Cargo.toml b/iroh-dns-server/Cargo.toml
@@ -17,7 +17,12 @@ axum-server = { version = "0.7", features = ["tls-rustls-no-provider"] }
 base64-url = "2.0.2"
 bytes = "1.7"
 clap = { version = "4.5.1", features = ["derive"] }
-derive_more = { version = "1.0.0", features = ["debug", "display", "into", "from"] }
+derive_more = { version = "1.0.0", features = [
+    "debug",
+    "display",
+    "into",
+    "from",
+] }
 dirs-next = "2.0.0"
 futures-lite = "2.3.0"
 governor = "0.6.3"
@@ -28,8 +33,12 @@ iroh-metrics = { version = "0.28.0" }
 lru = "0.12.3"
 mainline = "2.0.1"
 parking_lot = "0.12.1"
-pkarr = { version = "2.2.0", features = [ "async", "relay", "dht"], default-features = false }
-rcgen = "0.12.1"
+pkarr = { version = "2.2.0", features = [
+    "async",
+    "relay",
+    "dht",
+], default-features = false }
+rcgen = "0.13"
 redb = "2.0.0"
 regex = "1.10.3"
 rustls = { version = "0.23", default-features = false, features = ["ring"] }
@@ -38,7 +47,10 @@ serde = { version = "1.0.197", features = ["derive"] }
 struct_iterable = "0.1.1"
 strum = { version = "0.26.1", features = ["derive"] }
 tokio = { version = "1.36.0", features = ["full"] }
-tokio-rustls = { version = "0.26", default-features = false, features = ["logging", "ring"] }
+tokio-rustls = { version = "0.26", default-features = false, features = [
+    "logging",
+    "ring",
+] }
 tokio-rustls-acme = { version = "0.4", features = ["axum"] }
 tokio-stream = "0.1.14"
 tokio-util = "0.7.10"
diff --git a/iroh-dns-server/src/http/tls.rs b/iroh-dns-server/src/http/tls.rs
@@ -74,9 +74,9 @@ impl<I: AsyncRead + AsyncWrite + Unpin + Send + 'static, S: Send + 'static> Acce
 
 impl TlsAcceptor {
     async fn self_signed(domains: Vec<String>) -> Result<Self> {
-        let tls_cert = rcgen::generate_simple_self_signed(domains)?;
-        let key = tls_cert.serialize_private_key_der();
-        let config = RustlsConfig::from_der(vec![tls_cert.serialize_der()?], key).await?;
+        let rcgen::CertifiedKey { cert, key_pair } = rcgen::generate_simple_self_signed(domains)?;
+        let config =
+            RustlsConfig::from_der(vec![cert.der().to_vec()], key_pair.serialize_der()).await?;
         let acceptor = RustlsAcceptor::new(config);
         Ok(Self::Manual(acceptor))
     }
diff --git a/iroh-net/Cargo.toml b/iroh-net/Cargo.toml
@@ -25,7 +25,13 @@ base64 = "0.22.1"
 bytes = "1.7"
 clap = { version = "4", features = ["derive"], optional = true }
 der = { version = "0.7", features = ["alloc", "derive"] }
-derive_more = { version = "1.0.0", features = ["debug", "display", "from", "try_into", "deref"] }
+derive_more = { version = "1.0.0", features = [
+    "debug",
+    "display",
+    "from",
+    "try_into",
+    "deref",
+] }
 futures-buffered = "0.2.8"
 futures-concurrency = "7.6.0"
 futures-lite = "2.3"
@@ -50,16 +56,25 @@ num_enum = "0.7"
 once_cell = "1.18.0"
 parking_lot = "0.12.1"
 pin-project = "1"
-pkarr = { version = "2", default-features = false, features = ["async", "relay"] }
+pkarr = { version = "2", default-features = false, features = [
+    "async",
+    "relay",
+] }
 portmapper = { version = "0.1.0", path = "../net-tools/portmapper" }
-postcard = { version = "1", default-features = false, features = ["alloc", "use-std", "experimental-derive"] }
+postcard = { version = "1", default-features = false, features = [
+    "alloc",
+    "use-std",
+    "experimental-derive",
+] }
 quinn = { package = "iroh-quinn", version = "0.12.0" }
 quinn-proto = { package = "iroh-quinn-proto", version = "0.12.0" }
 quinn-udp = { package = "iroh-quinn-udp", version = "0.5.5" }
 rand = "0.8"
-rcgen = "0.12"
+rcgen = "0.13"
 regex = { version = "1.7.1", optional = true }
-reqwest = { version = "0.12", default-features = false, features = ["rustls-tls"] }
+reqwest = { version = "0.12", default-features = false, features = [
+    "rustls-tls",
+] }
 ring = "0.17"
 rustls = { version = "0.23", default-features = false, features = ["ring"] }
 serde = { version = "1", features = ["derive", "rc"] }
@@ -69,14 +84,29 @@ stun-rs = "0.1.5"
 surge-ping = "0.8.0"
 thiserror = "1"
 time = "0.3.20"
-tokio = { version = "1", features = ["io-util", "macros", "sync", "rt", "net", "fs", "io-std", "signal", "process"] }
-tokio-rustls = { version = "0.26", default-features = false, features = ["logging", "ring"] }
+tokio = { version = "1", features = [
+    "io-util",
+    "macros",
+    "sync",
+    "rt",
+    "net",
+    "fs",
+    "io-std",
+    "signal",
+    "process",
+] }
+tokio-rustls = { version = "0.26", default-features = false, features = [
+    "logging",
+    "ring",
+] }
 tokio-stream = { version = "0.1.15" }
 tokio-tungstenite = "0.21"
 tokio-tungstenite-wasm = "0.3"
 tokio-util = { version = "0.7.12", features = ["io-util", "io", "codec", "rt"] }
 tracing = "0.1"
-tracing-subscriber = { version = "0.3", features = ["env-filter"], optional = true }
+tracing-subscriber = { version = "0.3", features = [
+    "env-filter",
+], optional = true }
 tungstenite = "0.21"
 url = { version = "2.4", features = ["serde"] }
 watchable = "1.1.2"
@@ -103,7 +133,12 @@ rtnetlink = "0.13.0"
 
 [target.'cfg(target_os = "windows")'.dependencies]
 wmi = "0.13"
-windows = { version = "0.51", features = ["Win32_NetworkManagement_IpHelper", "Win32_Foundation", "Win32_NetworkManagement_Ndis", "Win32_Networking_WinSock"] }
+windows = { version = "0.51", features = [
+    "Win32_NetworkManagement_IpHelper",
+    "Win32_Foundation",
+    "Win32_NetworkManagement_Ndis",
+    "Win32_Networking_WinSock",
+] }
 
 [dev-dependencies]
 axum = { version = "0.7.4" }
@@ -112,7 +147,16 @@ criterion = "0.5.1"
 crypto_box = { version = "0.9.1", features = ["serde", "chacha20"] }
 pretty_assertions = "1.4"
 rand_chacha = "0.3.1"
-tokio = { version = "1", features = ["io-util", "sync", "rt", "net", "fs", "macros", "time", "test-util"] }
+tokio = { version = "1", features = [
+    "io-util",
+    "sync",
+    "rt",
+    "net",
+    "fs",
+    "macros",
+    "time",
+    "test-util",
+] }
 tracing-subscriber = { version = "0.3", features = ["env-filter"] }
 iroh-test = "0.28.0"
 iroh-net = { path = "." }
diff --git a/iroh-net/bench/Cargo.toml b/iroh-net/bench/Cargo.toml
@@ -12,12 +12,18 @@ hdrhistogram = { version = "7.2", default-features = false }
 iroh-net = { path = ".." }
 iroh-metrics = { path = "../../iroh-metrics" }
 quinn = { package = "iroh-quinn", version = "0.12" }
-rcgen = "0.12"
+rcgen = "0.13"
 rustls = { version = "0.23", default-features = false, features = ["ring"] }
 clap = { version = "4", features = ["derive"] }
 tokio = { version = "1.0.1", features = ["rt", "sync"] }
 tracing = "0.1"
-tracing-subscriber = { version = "0.3.0", default-features = false, features = ["env-filter", "fmt", "ansi", "time", "local-time"] }
+tracing-subscriber = { version = "0.3.0", default-features = false, features = [
+    "env-filter",
+    "fmt",
+    "ansi",
+    "time",
+    "local-time",
+] }
 socket2 = "0.5"
 futures-lite = "2.3.0"
 
diff --git a/iroh-net/src/test_utils.rs b/iroh-net/src/test_utils.rs
@@ -42,9 +42,8 @@ pub async fn run_relay_server_with(
     let cert =
         rcgen::generate_simple_self_signed(vec!["localhost".to_string(), "127.0.0.1".to_string()])
             .expect("valid");
-    let rustls_cert = rustls::pki_types::CertificateDer::from(cert.serialize_der().unwrap());
-    let private_key =
-        rustls::pki_types::PrivatePkcs8KeyDer::from(cert.get_key_pair().serialize_der());
+    let rustls_cert = cert.cert.der();
+    let private_key = rustls::pki_types::PrivatePkcs8KeyDer::from(cert.key_pair.serialize_der());
     let private_key = rustls::pki_types::PrivateKeyDer::from(private_key);
 
     let config = ServerConfig {
@@ -53,7 +52,7 @@ pub async fn run_relay_server_with(
             tls: Some(TlsConfig {
                 cert: CertConfig::<(), ()>::Manual {
                     private_key,
-                    certs: vec![rustls_cert],
+                    certs: vec![rustls_cert.clone()],
                 },
                 https_bind_addr: (Ipv4Addr::LOCALHOST, 0).into(),
             }),
diff --git a/iroh-net/src/tls/certificate.rs b/iroh-net/src/tls/certificate.rs
@@ -91,24 +91,22 @@ pub fn generate(
     // Endpoints MAY generate a new key and certificate
     // for every connection attempt, or they MAY reuse the same key
     // and certificate for multiple connections.
-    let certificate_keypair = rcgen::KeyPair::generate(P2P_SIGNATURE_ALGORITHM)?;
+    let certificate_keypair = rcgen::KeyPair::generate_for(P2P_SIGNATURE_ALGORITHM)?;
     let rustls_key =
         rustls::pki_types::PrivateKeyDer::try_from(certificate_keypair.serialize_der()).unwrap();
     let certificate = {
-        let mut params = rcgen::CertificateParams::new(vec![]);
+        let mut params = rcgen::CertificateParams::default();
         params.distinguished_name = rcgen::DistinguishedName::new();
         params.custom_extensions.push(make_libp2p_extension(
             identity_secret_key,
             &certificate_keypair,
         )?);
-        params.alg = P2P_SIGNATURE_ALGORITHM;
-        params.key_pair = Some(certificate_keypair);
-        rcgen::Certificate::from_params(params)?
+        params
+            .self_signed(&certificate_keypair)
+            .expect("self signed certificate to be generated")
     };
 
-    let rustls_certificate = rustls::pki_types::CertificateDer::from(certificate.serialize_der()?);
-
-    Ok((rustls_certificate, rustls_key))
+    Ok((certificate.der().clone(), rustls_key))
 }
 
 /// Attempts to parse the provided bytes as a [`P2pCertificate`].
diff --git a/iroh-relay/Cargo.toml b/iroh-relay/Cargo.toml
@@ -18,7 +18,13 @@ anyhow = { version = "1" }
 base64 = "0.22.1"
 bytes = "1.7"
 clap = { version = "4", features = ["derive"], optional = true }
-derive_more = { version = "1.0.0", features = ["debug", "display", "from", "try_into", "deref"] }
+derive_more = { version = "1.0.0", features = [
+    "debug",
+    "display",
+    "from",
+    "try_into",
+    "deref",
+] }
 futures-buffered = "0.2.9"
 futures-lite = "2.3"
 futures-sink = "0.3.25"
@@ -33,17 +39,23 @@ http-body-util = "0.1.0"
 hyper = { version = "1", features = ["server", "client", "http1"] }
 hyper-util = "0.1.1"
 iroh-base = { version = "0.28.0", features = ["key"] }
-iroh-metrics = { version = "0.28.0", default-features = false}
+iroh-metrics = { version = "0.28.0", default-features = false }
 libc = "0.2.139"
 num_enum = "0.7"
 once_cell = "1.18.0"
 parking_lot = "0.12.1"
 pin-project = "1"
-postcard = { version = "1", default-features = false, features = ["alloc", "use-std", "experimental-derive"] }
+postcard = { version = "1", default-features = false, features = [
+    "alloc",
+    "use-std",
+    "experimental-derive",
+] }
 rand = "0.8"
-rcgen = { version = "0.12", optional = true}
+rcgen = { version = "0.13", optional = true }
 regex = { version = "1.7.1", optional = true }
-reqwest = { version = "0.12", default-features = false, features = ["rustls-tls"] }
+reqwest = { version = "0.12", default-features = false, features = [
+    "rustls-tls",
+] }
 ring = "0.17"
 rustls = { version = "0.23", default-features = false, features = ["ring"] }
 rustls-pemfile = { version = "2.1", optional = true }
@@ -53,15 +65,30 @@ socket2 = "0.5.3"
 stun-rs = "0.1.5"
 thiserror = "1"
 time = "0.3.20"
-tokio = { version = "1", features = ["io-util", "macros", "sync", "rt", "net", "fs", "io-std", "signal", "process"] }
-tokio-rustls = { version = "0.26", default-features = false, features = ["logging", "ring"] }
+tokio = { version = "1", features = [
+    "io-util",
+    "macros",
+    "sync",
+    "rt",
+    "net",
+    "fs",
+    "io-std",
+    "signal",
+    "process",
+] }
+tokio-rustls = { version = "0.26", default-features = false, features = [
+    "logging",
+    "ring",
+] }
 tokio-rustls-acme = { version = "0.4", optional = true }
 tokio-tungstenite = "0.21"
 tokio-tungstenite-wasm = "0.3"
 tokio-util = { version = "0.7.12", features = ["io-util", "io", "codec", "rt"] }
 toml = { version = "0.8", optional = true }
 tracing = "0.1"
-tracing-subscriber = { version = "0.3", features = ["env-filter"], optional = true }
+tracing-subscriber = { version = "0.3", features = [
+    "env-filter",
+], optional = true }
 tungstenite = "0.21"
 url = { version = "2.4", features = ["serde"] }
 webpki = { package = "rustls-webpki", version = "0.102" }
@@ -72,7 +99,16 @@ clap = { version = "4", features = ["derive"] }
 crypto_box = { version = "0.9.1", features = ["serde", "chacha20"] }
 proptest = "1.2.0"
 rand_chacha = "0.3.1"
-tokio = { version = "1", features = ["io-util", "sync", "rt", "net", "fs", "macros", "time", "test-util"] }
+tokio = { version = "1", features = [
+    "io-util",
+    "sync",
+    "rt",
+    "net",
+    "fs",
+    "macros",
+    "time",
+    "test-util",
+] }
 tracing-subscriber = { version = "0.3", features = ["env-filter"] }
 iroh-test = "0.28.0"
 serde_json = "1.0.107"
diff --git a/iroh-relay/src/server/http_server.rs b/iroh-relay/src/server/http_server.rs
