colin/hickory-dns
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix audit, upgrade openssl

Browse Source
This commit is contained in:
YISH 2023-03-27 21:43:33 +08:00 committed by Benjamin Fry
parent 14c742467d
commit 6ef52b3798
6 changed files with 137 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
Cargo.lock generated
View File

@ -89,22 +89,22 @@ dependencies = [
[[package]]
name = "async-io"
version = "1.12.0"
version = "1.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8c374dda1ed3e7d8f0d9ba58715f924862c63eae6849c92d3a18e7fbde9e2794"
checksum = "0fc5b45d93ef0529756f812ca52e44c221b35341892d3dcc34132ac02f3dd2af"
dependencies = [
"async-lock",
"autocfg",
"cfg-if",
"concurrent-queue",
"futures-lite",
"libc",
"log",
"parking",
"polling",
"rustix 0.37.3",
"slab",
"socket2",
"waker-fn",
"windows-sys 0.42.0",
]
[[package]]
@ -142,7 +142,7 @@ checksum = "0e97ce7de6cf12de5d7226c73f5ba9811622f4db3a5b91b55c53e987e5f91cba"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.2",
"syn 2.0.10",
]
[[package]]
@ -188,19 +188,19 @@ dependencies = [
[[package]]
name = "async-task"
version = "4.3.0"
version = "4.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7a40729d2133846d9ed0ea60a8b9541bccddab49cd30f0715a1da672fe9a2524"
checksum = "ecc7ab41815b3c653ccd2978ec3255c81349336702dfdf62ee6f7069b12a3aae"
[[package]]
name = "async-trait"
version = "0.1.67"
version = "0.1.68"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "86ea188f25f0255d8f92797797c97ebf5631fa88178beb1a46fdf5622c9a00e4"
checksum = "b9ccdd8f2a161be9bd5c023df56f1b2a0bd1d83872ae53b71a84a12c9bf6e842"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.2",
"syn 2.0.10",
]
[[package]]
@ -242,12 +242,6 @@ version = "1.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
[[package]]
name = "bitflags"
version = "2.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "487f1e0fcbe47deb8b0574e646def1c903389d95241dd1bbcc6ce4a715dfc0c1"
[[package]]
name = "blocking"
version = "1.3.0"
@ -288,11 +282,11 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]]
name = "clap"
version = "4.1.11"
version = "4.1.13"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "42dfd32784433290c51d92c438bb72ea5063797fc3cc9a21a8c4346bebbb2098"
checksum = "3c911b090850d79fc64fe9ea01e28e465f65e821e08813ced95bced72f7a8a9b"
dependencies = [
"bitflags 2.0.2",
"bitflags",
"clap_derive",
"clap_lex",
"is-terminal",
@ -303,15 +297,14 @@ dependencies = [
[[package]]
name = "clap_derive"
version = "4.1.9"
version = "4.1.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fddf67631444a3a3e3e5ac51c36a5e01335302de677bd78759eaa90ab1f46644"
checksum = "9a932373bab67b984c790ddf2c9ca295d8e3af3b7ef92de5a5bacdccdee4b09b"
dependencies = [
"heck",
"proc-macro-error",
"proc-macro2",
"quote",
"syn 1.0.109",
"syn 2.0.10",
]
[[package]]
@ -421,6 +414,17 @@ dependencies = [
"winapi",
]
[[package]]
name = "errno"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "50d6a0976c999d473fe89ad888d5a284e55366d9dc9038b1ba2aa15128c4afa0"
dependencies = [
"errno-dragonfly",
"libc",
"windows-sys 0.45.0",
]
[[package]]
name = "errno-dragonfly"
version = "0.1.2"
@ -714,9 +718,9 @@ dependencies = [
[[package]]
name = "indexmap"
version = "1.9.2"
version = "1.9.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1885e79c1fc4b10f0e172c475f458b7f7b93061064d98c3293e98c5ba0c8b399"
checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99"
dependencies = [
"autocfg",
"hashbrown",
@ -733,9 +737,9 @@ dependencies = [
[[package]]
name = "io-lifetimes"
version = "1.0.8"
version = "1.0.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0dd6da19f25979c7270e70fa95ab371ec3b701cd0eefc47667a09785b3c59155"
checksum = "09270fd4fa1111bc614ed2246c7ef56239a3063d5be0d1ec3b589c505d400aeb"
dependencies = [
"hermit-abi 0.3.1",
"libc",
@ -768,7 +772,7 @@ checksum = "8687c819457e979cc940d09cb16e42a1bf70aa6b60a549de6d3a62a0ee90c69e"
dependencies = [
"hermit-abi 0.3.1",
"io-lifetimes",
"rustix",
"rustix 0.36.11",
"windows-sys 0.45.0",
]
@ -831,6 +835,12 @@ version = "0.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f051f77a7c8e6957c0696eac88f26b0117e54f52d3fc682ab19397a8812846a4"
[[package]]
name = "linux-raw-sys"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cd550e73688e6d578f0ac2119e32b797a327631a42f9433e59d02e139c8df60d"
[[package]]
name = "lock_api"
version = "0.4.9"
@ -966,11 +976,11 @@ checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3"
[[package]]
name = "openssl"
version = "0.10.41"
version = "0.10.48"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "618febf65336490dfcf20b73f885f5651a0c89c64c2d4a8c3662585a70bf5bd0"
checksum = "518915b97df115dd36109bfa429a48b8f737bd05508cf9588977b599648926d2"
dependencies = [
"bitflags 1.3.2",
"bitflags",
"cfg-if",
"foreign-types",
"libc",
@ -998,9 +1008,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
[[package]]
name = "openssl-sys"
version = "0.9.82"
version = "0.9.83"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a95792af3c4e0153c3914df2261bedd30a98476f94dc892b67dfe1d89d433a04"
checksum = "666416d899cf077260dac8698d60a60b435a46d57e82acb1be3d0dad87284e5b"
dependencies = [
"autocfg",
"cc",
@ -1081,7 +1091,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7e1f879b2998099c2d69ab9605d145d5b661195627eccc680002c4918a7fb6fa"
dependencies = [
"autocfg",
"bitflags 1.3.2",
"bitflags",
"cfg-if",
"concurrent-queue",
"libc",
@ -1096,35 +1106,11 @@ version = "0.2.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
[[package]]
name = "proc-macro-error"
version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
dependencies = [
"proc-macro-error-attr",
"proc-macro2",
"quote",
"syn 1.0.109",
"version_check",
]
[[package]]
name = "proc-macro-error-attr"
version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
dependencies = [
"proc-macro2",
"quote",
"version_check",
]
[[package]]
name = "proc-macro2"
version = "1.0.52"
version = "1.0.54"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1d0e1ae9e836cc3beddd63db0df682593d7e2d3d891ae8c9083d2113e1744224"
checksum = "e472a104799c74b514a57226160104aa483546de37e839ec50e3c2e41dd87534"
dependencies = [
"unicode-ident",
]
@ -1240,14 +1226,14 @@ version = "0.2.16"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a"
dependencies = [
"bitflags 1.3.2",
"bitflags",
]
[[package]]
name = "regex"
version = "1.7.1"
version = "1.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "48aaa5748ba571fb95cd2c85c09f629215d3a6ece942baa100950af03a34f733"
checksum = "8b1f693b24f6ac912f4893ef08244d70b6067480d2f1a46e950c9691e6749d1d"
dependencies = [
"aho-corasick",
"memchr",
@ -1265,9 +1251,9 @@ dependencies = [
[[package]]
name = "regex-syntax"
version = "0.6.28"
version = "0.6.29"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "456c603be3e8d448b072f410900c09faf164fbce2d480456f50eea6e25f9c848"
checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
[[package]]
name = "resolv-conf"
@ -1300,7 +1286,7 @@ version = "0.28.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "01e213bc3ecb39ac32e81e51ebe31fd888a940515173e3a18a35f8c6e896422a"
dependencies = [
"bitflags 1.3.2",
"bitflags",
"fallible-iterator",
"fallible-streaming-iterator",
"hashlink",
@ -1311,9 +1297,9 @@ dependencies = [
[[package]]
name = "rustc-demangle"
version = "0.1.21"
version = "0.1.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7ef03e0a2b150c7a90d01faf6254c9c48a41e95fb2a8c2ac1c6f0d2b9aefc342"
checksum = "d4a36c42d1873f9a77c53bde094f9664d9891bc604a45b4798fd2c389ed12e5b"
[[package]]
name = "rustc-hash"
@ -1323,15 +1309,29 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
[[package]]
name = "rustix"
version = "0.36.10"
version = "0.36.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2fe885c3a125aa45213b68cc1472a49880cb5923dc23f522ad2791b882228778"
checksum = "db4165c9963ab29e422d6c26fbc1d37f15bace6b2810221f9d925023480fcf0e"
dependencies = [
"bitflags 1.3.2",
"errno",
"bitflags",
"errno 0.2.8",
"io-lifetimes",
"libc",
"linux-raw-sys",
"linux-raw-sys 0.1.4",
"windows-sys 0.45.0",
]
[[package]]
name = "rustix"
version = "0.37.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "62b24138615de35e32031d041a09032ef3487a616d901ca4db224e7d557efae2"
dependencies = [
"bitflags",
"errno 0.3.0",
"io-lifetimes",
"libc",
"linux-raw-sys 0.3.0",
"windows-sys 0.45.0",
]
@ -1399,7 +1399,7 @@ version = "2.8.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a332be01508d814fed64bf28f798a146d73792121129962fdf335bb3c49a4254"
dependencies = [
"bitflags 1.3.2",
"bitflags",
"core-foundation",
"core-foundation-sys",
"libc",
@ -1418,22 +1418,22 @@ dependencies = [
[[package]]
name = "serde"
version = "1.0.157"
version = "1.0.158"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "707de5fcf5df2b5788fca98dd7eab490bc2fd9b7ef1404defc462833b83f25ca"
checksum = "771d4d9c4163ee138805e12c710dd365e4f44be8be0503cb1bb9eb989425d9c9"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
version = "1.0.157"
version = "1.0.158"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "78997f4555c22a7971214540c4a661291970619afd56de19f77e0de86296e1e5"
checksum = "e801c1712f48475582b7696ac71e0ca34ebb30e09338425384269d9717c62cad"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.2",
"syn 2.0.10",
]
[[package]]
@ -1523,9 +1523,9 @@ dependencies = [
[[package]]
name = "syn"
version = "2.0.2"
version = "2.0.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "59d3276aee1fa0c33612917969b5172b5be2db051232a6e4826f1a1a9191b045"
checksum = "5aad1363ed6d37b84299588d62d3a7d95b5a5c2d9aad5c85609fda12afaa1f40"
dependencies = [
"proc-macro2",
"quote",
@ -1541,7 +1541,7 @@ dependencies = [
"cfg-if",
"fastrand",
"redox_syscall",
"rustix",
"rustix 0.36.11",
"windows-sys 0.42.0",
]
@ -1571,7 +1571,7 @@ checksum = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.2",
"syn 2.0.10",
]
[[package]]
@ -1725,9 +1725,9 @@ dependencies = [
[[package]]
name = "toml_edit"
version = "0.19.7"
version = "0.19.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dc18466501acd8ac6a3f615dd29a3438f8ca6bb3b19537138b3106e575621274"
checksum = "239410c8609e8125456927e6707163a3b1fdb40561e4b803bc041f466ccfdc13"
dependencies = [
"indexmap",
"serde",
@ -2025,9 +2025,9 @@ dependencies = [
[[package]]
name = "unicode-bidi"
version = "0.3.12"
version = "0.3.13"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7d502c968c6a838ead8e69b2ee18ec708802f99db92a0d156705ec9ef801993b"
checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460"
[[package]]
name = "unicode-ident"
@ -2323,9 +2323,9 @@ checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0"
[[package]]
name = "winnow"
version = "0.3.6"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "23d020b441f92996c80d94ae9166e8501e59c7bb56121189dc9eab3bd8216966"
checksum = "ae8970b36c66498d8ff1d66685dc86b91b29db0c7739899012f63a63814b4b28"
dependencies = [
"memchr",
]

2
Cargo.toml
View File

@ -53,7 +53,7 @@ parking_lot = "0.12"
# ssl
native-tls = "0.2"
openssl = "=0.10.41"
openssl = "0.10.48"
rustls = "0.20.0"
rustls-pemfile = "1.0.0"
webpki = "0.22.0"

8
crates/proto/src/openssl/tls_server.rs
View File

@ -15,7 +15,7 @@ use std::path::Path;
use crate::error::{ProtoError, ProtoResult};
use openssl::ssl::{SslAcceptor, SslMethod, SslOptions, SslVerifyMode};
pub use openssl::pkcs12::{ParsedPkcs12, Pkcs12};
pub use openssl::pkcs12::Pkcs12;
pub use openssl::pkey::{PKey, Private};
pub use openssl::stack::Stack;
pub use openssl::x509::X509;
@ -27,7 +27,7 @@ pub use openssl::x509::X509;
pub fn read_cert_pkcs12(
path: &Path,
password: Option<&str>,
) -> ProtoResult<((X509, Option<Stack<X509>>), PKey<Private>)> {
) -> ProtoResult<((Option<X509>, Option<Stack<X509>>), Option<PKey<Private>>)> {
let mut file = File::open(path).map_err(|e| {
ProtoError::from(format!(
"error opening pkcs12 cert file: {}: {}",
@ -51,7 +51,7 @@ pub fn read_cert_pkcs12(
e
))
})?;
let parsed = pkcs12.parse(password.unwrap_or("")).map_err(|e| {
let parsed = pkcs12.parse2(password.unwrap_or("")).map_err(|e| {
ProtoError::from(format!(
"failed to open pkcs12 from: {}: {}",
path.display(),
@ -59,7 +59,7 @@ pub fn read_cert_pkcs12(
))
})?;
Ok(((parsed.cert, parsed.chain), parsed.pkey))
Ok(((parsed.cert, parsed.ca), parsed.pkey))
}
/// Read the certificate from the specified path.

34
crates/proto/src/openssl/tls_stream.rs
View File

@ -11,12 +11,12 @@ use std::pin::Pin;
use std::{future::Future, marker::PhantomData};
use futures_util::{future, TryFutureExt};
use openssl::pkcs12::ParsedPkcs12;
use openssl::pkey::{PKeyRef, Private};
use openssl::pkcs12::ParsedPkcs12_2;
use openssl::pkey::{PKey, Private};
use openssl::ssl::{ConnectConfiguration, SslConnector, SslContextBuilder, SslMethod, SslOptions};
use openssl::stack::Stack;
use openssl::x509::store::X509StoreBuilder;
use openssl::x509::{X509Ref, X509};
use openssl::x509::X509;
use tokio_openssl::{self, SslStream as TokioTlsStream};
use crate::iocompat::{AsyncIoStdAsTokio, AsyncIoTokioAsStd};
@ -25,14 +25,18 @@ use crate::tcp::{Connect, DnsTcpStream};
use crate::xfer::BufDnsStreamHandle;
pub(crate) trait TlsIdentityExt {
fn identity(&mut self, pkcs12: &ParsedPkcs12) -> io::Result<()> {
self.identity_parts(&pkcs12.cert, &pkcs12.pkey, pkcs12.chain.as_ref())
fn identity(&mut self, pkcs12: &ParsedPkcs12_2) -> io::Result<()> {
self.identity_parts(
pkcs12.cert.as_ref(),
pkcs12.pkey.as_ref(),
pkcs12.ca.as_ref(),
)
}
fn identity_parts(
&mut self,
cert: &X509Ref,
pkey: &PKeyRef<Private>,
cert: Option<&X509>,
pkey: Option<&PKey<Private>>,
chain: Option<&Stack<X509>>,
) -> io::Result<()>;
}
@ -40,12 +44,16 @@ pub(crate) trait TlsIdentityExt {
impl TlsIdentityExt for SslContextBuilder {
fn identity_parts(
&mut self,
cert: &X509Ref,
pkey: &PKeyRef<Private>,
cert: Option<&X509>,
pkey: Option<&PKey<Private>>,
chain: Option<&Stack<X509>>,
) -> io::Result<()> {
self.set_certificate(cert)?;
self.set_private_key(pkey)?;
if let Some(cert) = cert {
self.set_certificate(cert)?;
}
if let Some(pkey) = pkey {
self.set_private_key(pkey)?;
}
self.check_private_key()?;
if let Some(chain) = chain {
for cert in chain {
@ -60,7 +68,7 @@ impl TlsIdentityExt for SslContextBuilder {
pub type TlsStream<S> = TcpStream<AsyncIoTokioAsStd<TokioTlsStream<S>>>;
pub(crate) type CompatTlsStream<S> = TlsStream<AsyncIoStdAsTokio<S>>;
fn new(certs: Vec<X509>, pkcs12: Option<ParsedPkcs12>) -> io::Result<SslConnector> {
fn new(certs: Vec<X509>, pkcs12: Option<ParsedPkcs12_2>) -> io::Result<SslConnector> {
let mut tls = SslConnector::builder(SslMethod::tls())
.map_err(|e| io::Error::new(io::ErrorKind::ConnectionRefused, format!("tls error: {e}")))?;
@ -139,7 +147,7 @@ where
#[derive(Default)]
pub struct TlsStreamBuilder<S> {
ca_chain: Vec<X509>,
identity: Option<ParsedPkcs12>,
identity: Option<ParsedPkcs12_2>,
bind_addr: Option<SocketAddr>,
marker: PhantomData<S>,
}

16
crates/proto/src/rustls/tests.rs
View File

@ -107,17 +107,19 @@ fn tls_client_stream_test(server_addr: IpAddr, mtls: bool) {
.name("test_tls_client_stream:server".to_string())
.spawn(move || {
let pkcs12 = Pkcs12::from_der(&server_pkcs12_der)
.and_then(|p| p.parse("mypass"))
.and_then(|p| p.parse2("mypass"))
.expect("Pkcs12::from_der");
let mut tls =
SslAcceptor::mozilla_modern(SslMethod::tls()).expect("mozilla_modern failed");
if let Some(pkey) = pkcs12.pkey.as_ref() {
tls.set_private_key(pkey).expect("failed to associated key");
}
if let Some(cert) = &pkcs12.cert {
tls.set_certificate(cert)
.expect("failed to associated cert");
}
tls.set_private_key(&pkcs12.pkey)
.expect("failed to associated key");
tls.set_certificate(&pkcs12.cert)
.expect("failed to associated cert");
if let Some(ref chain) = pkcs12.chain {
if let Some(ref chain) = pkcs12.ca {
for cert in chain {
tls.add_extra_chain_cert(cert.to_owned())
.expect("failed to add chain");

21
crates/proto/tests/openssl_tests.rs
View File

@ -107,17 +107,20 @@ fn tls_client_stream_test(server_addr: IpAddr, mtls: bool) {
.name("test_tls_client_stream:server".to_string())
.spawn(move || {
let pkcs12 = Pkcs12::from_der(&server_pkcs12_der)
.and_then(|p| p.parse("mypass"))
.and_then(|p| p.parse2("mypass"))
.expect("Pkcs12::from_der");
let mut tls =
SslAcceptor::mozilla_modern(SslMethod::tls()).expect("mozilla_modern failed");
tls.set_private_key(&pkcs12.pkey)
.expect("failed to associated key");
tls.set_certificate(&pkcs12.cert)
.expect("failed to associated cert");
if let Some(pkey) = pkcs12.pkey.as_ref() {
tls.set_private_key(pkey).expect("failed to associated key");
}
if let Some(cert) = pkcs12.cert.as_ref() {
tls.set_certificate(cert)
.expect("failed to associated cert");
}
if let Some(ref chain) = pkcs12.chain {
if let Some(ref chain) = pkcs12.ca {
for cert in chain {
tls.add_extra_chain_cert(cert.to_owned())
.expect("failed to add chain");
@ -360,9 +363,11 @@ fn cert(
x509_build.sign(ca_pkey, MessageDigest::sha256()).unwrap();
let cert = x509_build.build();
let pkcs12_builder = Pkcs12::builder();
let mut pkcs12_builder = Pkcs12::builder();
let pkcs12 = pkcs12_builder
.build("mypass", subject_name, &pkey, &cert)
.pkey(&pkey)
.cert(&cert)
.build2("mypass")
.unwrap();
(pkey, cert, pkcs12)