Upgrade to rustls 0.22 breaks access to cert details

[robklg]

@hannesdejager maybe I'm overlooking something, but I'm looking into upgrading to rustls 0.22.

Here:

libunftp/src/server/controlchan/control_loop.rs

Line 251 in edd1b6e

session.cert_chain = Some(certs.iter().map(|c| crate::auth::ClientCert(c.0.clone())).collect());

we copy the certificate bytes and we need it later for matching the client certificate here:

libunftp/src/auth/authenticator.rs

Lines 104 to 113 in edd1b6e

	impl ClientCert {
	/// Returns true if the Common Name from the client certificate matches the allowed_cn
	pub fn verify_cn(&self, allowed_cn: &str) -> Result<bool, std::io::Error> {
	let client_cert = parse_x509_certificate(&self.0);
	let subject = match client_cert {
	Ok(c) => c.1.subject().to_string(),
	Err(e) => return Err(std::io::Error::new(std::io::ErrorKind::Other, e.to_string())),
	};
	Ok(subject.contains(allowed_cn))

But since rustls 0.22.0 peer_certificates no longer returns rustls::Certificate but it was replaced by CertificateDer from a new crate rustls_pki_types. CertificateDer does not allow access to the certificate data, so we cannot convert it to our ClientCert.

Do you have any idea how we can solve this, or do we need to raise an issue with rustls_pki_types?

[hannesdejager]

I upgraded it to 0.23.8 in #516