From 51ed8da9cbfc4ad7a4a790ffaa2a28e3c3dcec48 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Sun, 3 Sep 2017 12:58:55 -1000 Subject: [PATCH] Update to in-progress Rustls, webpki, and webpki-roots. Use the new, less error-prone, API in Rustls. --- Cargo.toml | 5 +++-- examples/client.rs | 3 +++ examples/server.rs | 4 ++-- src/lib.rs | 5 +++-- src/proto.rs | 15 ++++++++------- tests/test.rs | 8 +++++--- 6 files changed, 24 insertions(+), 16 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 6e8ec9f..cc6a0c8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -17,13 +17,14 @@ appveyor = { repository = "quininer/tokio-rustls" } [dependencies] futures = "0.1.15" tokio-io = "0.1.3" -rustls = "0.11" +rustls = { git = "https://github.com/ctz/rustls" } tokio-proto = { version = "0.1.1", optional = true } +webpki = { git = "https://github.com/briansmith/webpki" } [dev-dependencies] tokio-core = "0.1.9" clap = "2.26" -webpki-roots = "0.13" +webpki-roots = { git = "https://github.com/briansmith/webpki-roots", branch = "webpki-github" } [target.'cfg(unix)'.dev-dependencies] tokio-file-unix = "0.4" diff --git a/examples/client.rs b/examples/client.rs index 4a737f6..418a6a4 100644 --- a/examples/client.rs +++ b/examples/client.rs @@ -3,6 +3,7 @@ extern crate rustls; extern crate futures; extern crate tokio_io; extern crate tokio_core; +extern crate webpki; extern crate webpki_roots; extern crate tokio_rustls; @@ -68,6 +69,8 @@ fn main() { } let arc_config = Arc::new(config); + let domain = webpki::DNSNameRef::try_from_ascii_str(domain).unwrap(); + let socket = TcpStream::connect(&addr, &handle); // Use async non-blocking I/O for stdin/stdout on Unixy platforms. diff --git a/examples/server.rs b/examples/server.rs index 89a049f..9d407b9 100644 --- a/examples/server.rs +++ b/examples/server.rs @@ -11,7 +11,7 @@ use std::net::ToSocketAddrs; use std::io::BufReader; use std::fs::File; use futures::{ Future, Stream }; -use rustls::{ Certificate, PrivateKey, ServerConfig }; +use rustls::{ Certificate, NoClientAuth, PrivateKey, ServerConfig }; use rustls::internal::pemfile::{ certs, rsa_private_keys }; use tokio_io::{ io, AsyncRead }; use tokio_core::net::TcpListener; @@ -51,7 +51,7 @@ fn main() { let mut core = Core::new().unwrap(); let handle = core.handle(); - let mut config = ServerConfig::new(); + let mut config = ServerConfig::new(NoClientAuth::new()); config.set_single_cert(load_certs(cert_file), load_keys(key_file).remove(0)); let arc_config = Arc::new(config); diff --git a/src/lib.rs b/src/lib.rs index 12cdf53..8ec6017 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -4,6 +4,7 @@ #[cfg_attr(feature = "tokio-proto", macro_use)] extern crate futures; #[macro_use] extern crate tokio_io; extern crate rustls; +extern crate webpki; pub mod proto; @@ -19,7 +20,7 @@ use rustls::{ /// Extension trait for the `Arc` type in the `rustls` crate. pub trait ClientConfigExt { - fn connect_async(&self, domain: &str, stream: S) + fn connect_async(&self, domain: webpki::DNSNameRef, stream: S) -> ConnectAsync where S: AsyncRead + AsyncWrite; } @@ -42,7 +43,7 @@ pub struct AcceptAsync(MidHandshake); impl ClientConfigExt for Arc { - fn connect_async(&self, domain: &str, stream: S) + fn connect_async(&self, domain: webpki::DNSNameRef, stream: S) -> ConnectAsync where S: AsyncRead + AsyncWrite { diff --git a/src/proto.rs b/src/proto.rs index 688bb19..7c659e4 100644 --- a/src/proto.rs +++ b/src/proto.rs @@ -19,6 +19,7 @@ use rustls::{ ServerConfig, ClientConfig, ServerSession, ClientSession }; use self::tokio_proto::multiplex; use self::tokio_proto::pipeline; use self::tokio_proto::streaming; +use webpki; use { TlsStream, ServerConfigExt, ClientConfigExt, AcceptAsync, ConnectAsync }; @@ -292,7 +293,7 @@ impl Future for ServerStreamingMultiplexBind pub struct Client { inner: Arc, connector: Arc, - hostname: String, + hostname: webpki::DNSName, } impl Client { @@ -303,11 +304,11 @@ impl Client { /// will go through the negotiated TLS stream through the `protocol` specified. pub fn new(protocol: T, connector: Arc, - hostname: &str) -> Client { + hostname: webpki::DNSName) -> Client { Client { inner: Arc::new(protocol), connector: connector, - hostname: hostname.to_string(), + hostname: hostname, } } } @@ -339,7 +340,7 @@ impl pipeline::ClientProto for Client fn bind_transport(&self, io: I) -> Self::BindTransport { let proto = self.inner.clone(); - let io = self.connector.connect_async(&self.hostname, io); + let io = self.connector.connect_async(self.hostname.as_ref(), io); ClientPipelineBind { state: ClientPipelineState::First(io, proto), @@ -397,7 +398,7 @@ impl multiplex::ClientProto for Client fn bind_transport(&self, io: I) -> Self::BindTransport { let proto = self.inner.clone(); - let io = self.connector.connect_async(&self.hostname, io); + let io = self.connector.connect_async(self.hostname.as_ref(), io); ClientMultiplexBind { state: ClientMultiplexState::First(io, proto), @@ -458,7 +459,7 @@ impl streaming::pipeline::ClientProto for Client fn bind_transport(&self, io: I) -> Self::BindTransport { let proto = self.inner.clone(); - let io = self.connector.connect_async(&self.hostname, io); + let io = self.connector.connect_async(self.hostname.as_ref(), io); ClientStreamingPipelineBind { state: ClientStreamingPipelineState::First(io, proto), @@ -519,7 +520,7 @@ impl streaming::multiplex::ClientProto for Client fn bind_transport(&self, io: I) -> Self::BindTransport { let proto = self.inner.clone(); - let io = self.connector.connect_async(&self.hostname, io); + let io = self.connector.connect_async(self.hostname.as_ref(), io); ClientStreamingMultiplexBind { state: ClientStreamingMultiplexState::First(io, proto), diff --git a/tests/test.rs b/tests/test.rs index 86c715e..e66e2aa 100644 --- a/tests/test.rs +++ b/tests/test.rs @@ -3,6 +3,7 @@ extern crate futures; extern crate tokio_core; extern crate tokio_io; extern crate tokio_rustls; +extern crate webpki; use std::{ io, thread }; use std::io::{ BufReader, Cursor }; @@ -24,7 +25,7 @@ const HELLO_WORLD: &[u8] = b"Hello world!"; fn start_server(cert: Vec, rsa: PrivateKey) -> SocketAddr { - let mut config = ServerConfig::new(); + let mut config = ServerConfig::new(rustls::NoClientAuth::new()); config.set_single_cert(cert, rsa); let config = Arc::new(config); @@ -60,7 +61,9 @@ fn start_server(cert: Vec, rsa: PrivateKey) -> SocketAddr { recv.recv().unwrap() } -fn start_client(addr: &SocketAddr, domain: &str, chain: Option>>) -> io::Result<()> { +fn start_client(addr: &SocketAddr, domain: &str, + chain: Option>>) -> io::Result<()> { + let domain = webpki::DNSNameRef::try_from_ascii_str(domain).unwrap(); let mut config = ClientConfig::new(); if let Some(mut chain) = chain { config.root_store.add_pem_file(&mut chain).unwrap(); @@ -91,7 +94,6 @@ fn main() { let chain = BufReader::new(Cursor::new(CHAIN)); let addr = start_server(cert, keys.pop().unwrap()); - start_client(&addr, "localhost", Some(chain)).unwrap(); }