fixed #1336 - correctly parse ECC certificates - no longer handle incorrect PEM header

Cargo.lock

@@ -5448,7 +5448,6 @@ dependencies = [
 name = "warpgate-common"
 version = "0.14.0"
 dependencies = [
- "aho-corasick",
  "anyhow",
  "argon2",
  "async-trait",

warpgate-common/Cargo.toml

@@ -43,6 +43,5 @@ warpgate-sso = { version = "*", path = "../warpgate-sso" }
 rustls.workspace = true
 rustls-pemfile = "1.0"
 webpki = "0.22"
-aho-corasick = "1.1.3"
 tokio-stream.workspace = true
 git-version = "0.3.9"

warpgate-common/src/tls/cert.rs

@@ -1,7 +1,6 @@
 use std::path::Path;
 use std::sync::Arc;
 
-use aho_corasick::AhoCorasick;
 use poem::listener::RustlsCertificate;
 use rustls::pki_types::{CertificateDer, PrivateKeyDer};
 use rustls::sign::{CertifiedKey, SigningKey};
@@ -59,17 +58,6 @@ impl TlsPrivateKey {
     }
 
     pub fn from_bytes(bytes: Vec<u8>) -> Result<Self, RustlsSetupError> {
-        let bytes = {
-            // https://github.com/rustls/rustls/issues/767
-            #[allow(clippy::expect_used)]
-            let ac = AhoCorasick::new([b"EC PRIVATE KEY"]).expect("EC PK AhoCorasick");
-            let mut new_bytes = vec![];
-            ac.replace_all_with_bytes(&bytes, &mut new_bytes, |_, _, dst| {
-                dst.extend_from_slice(b"PRIVATE KEY");
-                true
-            });
-            new_bytes
-        };
         let mut key = rustls_pemfile::pkcs8_private_keys(&mut bytes.as_slice())?
             .drain(..)
             .next()