From ba6d755120629e404edde9ffb18dcf07ee65ff83 Mon Sep 17 00:00:00 2001 From: hdt3213 Date: Thu, 27 Mar 2025 21:10:39 +0800 Subject: [PATCH 1/2] Support EC private key --- crates/meilisearch/src/option.rs | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/crates/meilisearch/src/option.rs b/crates/meilisearch/src/option.rs index 781d55aef..6cebc1cc3 100644 --- a/crates/meilisearch/src/option.rs +++ b/crates/meilisearch/src/option.rs @@ -16,7 +16,7 @@ use meilisearch_types::milli::update::IndexerConfig; use meilisearch_types::milli::ThreadPoolNoAbortBuilder; use rustls::server::{ServerSessionMemoryCache, WebPkiClientVerifier}; use rustls::RootCertStore; -use rustls_pemfile::{certs, rsa_private_keys}; +use rustls_pemfile::{certs, ec_private_keys, rsa_private_keys}; use serde::{Deserialize, Serialize}; use sysinfo::{MemoryRefreshKind, RefreshKind, System}; use url::Url; @@ -883,7 +883,7 @@ fn load_private_key( }; let pkcs8_keys = { - let keyfile = fs::File::open(filename) + let keyfile = fs::File::open(filename.clone()) .map_err(|_| anyhow::anyhow!("cannot open private key file"))?; let mut reader = BufReader::new(keyfile); rustls_pemfile::pkcs8_private_keys(&mut reader).collect::, _>>().map_err( @@ -895,12 +895,23 @@ fn load_private_key( )? }; + let ec_keys = { + let keyfile = fs::File::open(filename) + .map_err(|_| anyhow::anyhow!("cannot open private key file"))?; + let mut reader = BufReader::new(keyfile); + ec_private_keys(&mut reader) + .collect::, _>>() + .map_err(|_| anyhow::anyhow!("file contains invalid ec private key"))? + }; + // prefer to load pkcs8 keys if !pkcs8_keys.is_empty() { Ok(rustls::pki_types::PrivateKeyDer::Pkcs8(pkcs8_keys[0].clone_key())) - } else { - assert!(!rsa_keys.is_empty()); + } else if !rsa_keys.is_empty() { Ok(rustls::pki_types::PrivateKeyDer::Pkcs1(rsa_keys[0].clone_key())) + } else { + assert!(!ec_keys.is_empty()); + Ok(rustls::pki_types::PrivateKeyDer::Sec1(ec_keys[0].clone_key())) } } From 85efa6f4932732b215b049413dfdbcab04134b87 Mon Sep 17 00:00:00 2001 From: hdt3213 Date: Mon, 31 Mar 2025 20:31:26 +0800 Subject: [PATCH 2/2] Use ref instead of clone in option.rs --- crates/meilisearch/src/option.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crates/meilisearch/src/option.rs b/crates/meilisearch/src/option.rs index 6cebc1cc3..499efc7da 100644 --- a/crates/meilisearch/src/option.rs +++ b/crates/meilisearch/src/option.rs @@ -874,7 +874,7 @@ fn load_private_key( filename: PathBuf, ) -> anyhow::Result> { let rsa_keys = { - let keyfile = fs::File::open(filename.clone()) + let keyfile = fs::File::open(&filename) .map_err(|_| anyhow::anyhow!("cannot open private key file"))?; let mut reader = BufReader::new(keyfile); rsa_private_keys(&mut reader) @@ -883,7 +883,7 @@ fn load_private_key( }; let pkcs8_keys = { - let keyfile = fs::File::open(filename.clone()) + let keyfile = fs::File::open(&filename) .map_err(|_| anyhow::anyhow!("cannot open private key file"))?; let mut reader = BufReader::new(keyfile); rustls_pemfile::pkcs8_private_keys(&mut reader).collect::, _>>().map_err( @@ -896,7 +896,7 @@ fn load_private_key( }; let ec_keys = { - let keyfile = fs::File::open(filename) + let keyfile = fs::File::open(&filename) .map_err(|_| anyhow::anyhow!("cannot open private key file"))?; let mut reader = BufReader::new(keyfile); ec_private_keys(&mut reader)