Support EC private key

2025-05-25 09:03:59 +02:00 · 2025-03-27 21:10:39 +08:00 · 2025-03-27 21:10:39 +08:00 · ba6d755120
commit ba6d755120
parent 5607802fe1
1 changed files with 15 additions and 4 deletions
--- a/crates/meilisearch/src/option.rs
+++ b/crates/meilisearch/src/option.rs
@ -16,7 +16,7 @@ use meilisearch_types::milli::update::IndexerConfig;
 use meilisearch_types::milli::ThreadPoolNoAbortBuilder;
 use rustls::server::{ServerSessionMemoryCache, WebPkiClientVerifier};
 use rustls::RootCertStore;
-use rustls_pemfile::{certs, rsa_private_keys};
+use rustls_pemfile::{certs, ec_private_keys, rsa_private_keys};
 use serde::{Deserialize, Serialize};
 use sysinfo::{MemoryRefreshKind, RefreshKind, System};
 use url::Url;
@ -883,7 +883,7 @@ fn load_private_key(
    };

    let pkcs8_keys = {
-        let keyfile = fs::File::open(filename)
+        let keyfile = fs::File::open(filename.clone())
            .map_err(|_| anyhow::anyhow!("cannot open private key file"))?;
        let mut reader = BufReader::new(keyfile);
        rustls_pemfile::pkcs8_private_keys(&mut reader).collect::<Result<Vec<_>, _>>().map_err(
@ -895,12 +895,23 @@ fn load_private_key(
        )?
    };

+    let ec_keys = {
+        let keyfile = fs::File::open(filename)
+            .map_err(|_| anyhow::anyhow!("cannot open private key file"))?;
+        let mut reader = BufReader::new(keyfile);
+        ec_private_keys(&mut reader)
+            .collect::<Result<Vec<_>, _>>()
+            .map_err(|_| anyhow::anyhow!("file contains invalid ec private key"))?
+    };
+
    // prefer to load pkcs8 keys
    if !pkcs8_keys.is_empty() {
        Ok(rustls::pki_types::PrivateKeyDer::Pkcs8(pkcs8_keys[0].clone_key()))
-    } else {
-        assert!(!rsa_keys.is_empty());
+    } else if !rsa_keys.is_empty() {
        Ok(rustls::pki_types::PrivateKeyDer::Pkcs1(rsa_keys[0].clone_key()))
+    } else {
+        assert!(!ec_keys.is_empty());
+        Ok(rustls::pki_types::PrivateKeyDer::Sec1(ec_keys[0].clone_key()))
    }
 }