@@ -8,7 +8,11 @@ use hyper::{body::Incoming, service::service_fn};
8
8
use hyper_util:: rt:: { TokioExecutor , TokioIo } ;
9
9
use opentelemetry:: trace:: { FutureExt , SpanKind } ;
10
10
use snafu:: { ResultExt , Snafu } ;
11
- use stackable_certs:: { CertificatePairError , ca:: CertificateAuthority , keys:: rsa} ;
11
+ use stackable_certs:: {
12
+ CertificatePairError ,
13
+ ca:: { CertificateAuthority , DEFAULT_CA_VALIDITY_SECONDS } ,
14
+ keys:: ecdsa,
15
+ } ;
12
16
use stackable_operator:: time:: Duration ;
13
17
use tokio:: net:: TcpListener ;
14
18
use tokio_rustls:: {
@@ -44,12 +48,12 @@ pub enum Error {
44
48
45
49
#[ snafu( display( "failed to encode leaf certificate as DER" ) ) ]
46
50
EncodeCertificateDer {
47
- source : CertificatePairError < rsa :: Error > ,
51
+ source : CertificatePairError < ecdsa :: Error > ,
48
52
} ,
49
53
50
54
#[ snafu( display( "failed to encode private key as DER" ) ) ]
51
55
EncodePrivateKeyDer {
52
- source : CertificatePairError < rsa :: Error > ,
56
+ source : CertificatePairError < ecdsa :: Error > ,
53
57
} ,
54
58
55
59
#[ snafu( display( "failed to set safe TLS protocol versions" ) ) ]
@@ -103,10 +107,13 @@ impl TlsServer {
103
107
// See https://docs.rs/tokio/latest/tokio/task/fn.spawn_blocking.html
104
108
let task = tokio:: task:: spawn_blocking ( move || {
105
109
let mut certificate_authority =
106
- CertificateAuthority :: new_rsa ( ) . context ( CreateCertificateAuthoritySnafu ) ?;
107
-
110
+ CertificateAuthority :: new_ecdsa ( ) . context ( CreateCertificateAuthoritySnafu ) ?;
108
111
let leaf_certificate = certificate_authority
109
- . generate_rsa_leaf_certificate ( "Leaf" , "webhook" , Duration :: from_secs ( 3600 ) )
112
+ . generate_ecdsa_leaf_certificate (
113
+ "Leaf" ,
114
+ "webhook" ,
115
+ Duration :: from_secs ( DEFAULT_CA_VALIDITY_SECONDS ) ,
116
+ )
110
117
. context ( GenerateLeafCertificateSnafu ) ?;
111
118
112
119
let certificate_der = leaf_certificate
0 commit comments