Add 'tokio-rustls/' from commit 'd7862fae8ae6870ad27bd62b7960798825998a62'
git-subtree-dir: tokio-rustls git-subtree-mainline:7e31085307
git-subtree-split:d7862fae8a
This commit is contained in:
commit
e961616b17
4
tokio-rustls/.github/actions-rs/grcov.yml
vendored
Normal file
4
tokio-rustls/.github/actions-rs/grcov.yml
vendored
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
branch: true
|
||||||
|
llvm: true
|
||||||
|
output-type: lcov
|
||||||
|
output-file: ./lcov.info
|
45
tokio-rustls/.github/workflows/ci.yml
vendored
Normal file
45
tokio-rustls/.github/workflows/ci.yml
vendored
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
name: Rust
|
||||||
|
|
||||||
|
on: [push, pull_request]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
test:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v1
|
||||||
|
|
||||||
|
- uses: actions-rs/toolchain@v1
|
||||||
|
with:
|
||||||
|
toolchain: nightly
|
||||||
|
profile: minimal
|
||||||
|
override: true
|
||||||
|
|
||||||
|
- uses: actions/cache@v1
|
||||||
|
with:
|
||||||
|
path: ~/.cargo
|
||||||
|
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.toml') }}
|
||||||
|
|
||||||
|
- uses: actions-rs/cargo@v1
|
||||||
|
with:
|
||||||
|
command: test
|
||||||
|
args: --features early-data,unstable
|
||||||
|
env:
|
||||||
|
'CARGO_INCREMENTAL': '0'
|
||||||
|
'RUSTFLAGS': '-Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Clink-dead-code -Coverflow-checks=off -Zno-landing-pads'
|
||||||
|
|
||||||
|
- name: Check
|
||||||
|
run: |
|
||||||
|
cd examples/client
|
||||||
|
cargo check
|
||||||
|
cd ../server
|
||||||
|
cargo check
|
||||||
|
|
||||||
|
- id: grcov
|
||||||
|
uses: actions-rs/grcov@v0.1
|
||||||
|
|
||||||
|
- name: Update Codecov
|
||||||
|
uses: codecov/codecov-action@v1
|
||||||
|
with:
|
||||||
|
token: ${{ secrets.CODECOV_TOKEN }}
|
||||||
|
file: ${{ steps.grcov.outputs.report }}
|
2
tokio-rustls/.gitignore
vendored
Normal file
2
tokio-rustls/.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
target
|
||||||
|
Cargo.lock
|
34
tokio-rustls/Cargo.toml
Normal file
34
tokio-rustls/Cargo.toml
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
[package]
|
||||||
|
name = "tokio-rustls"
|
||||||
|
version = "0.12.2"
|
||||||
|
authors = ["quininer kel <quininer@live.com>"]
|
||||||
|
license = "MIT/Apache-2.0"
|
||||||
|
repository = "https://github.com/quininer/tokio-rustls"
|
||||||
|
homepage = "https://github.com/quininer/tokio-rustls"
|
||||||
|
documentation = "https://docs.rs/tokio-rustls"
|
||||||
|
readme = "README.md"
|
||||||
|
description = "Asynchronous TLS/SSL streams for Tokio using Rustls."
|
||||||
|
categories = ["asynchronous", "cryptography", "network-programming"]
|
||||||
|
edition = "2018"
|
||||||
|
|
||||||
|
[badges]
|
||||||
|
github-actions = { repository = "quininer/tokio-rustls", workflow = "Rust" }
|
||||||
|
|
||||||
|
[dependencies]
|
||||||
|
tokio = "0.2.0"
|
||||||
|
futures-core = "0.3.1"
|
||||||
|
rustls = "0.16"
|
||||||
|
webpki = "0.21"
|
||||||
|
|
||||||
|
bytes = { version = "0.5", optional = true }
|
||||||
|
|
||||||
|
[features]
|
||||||
|
early-data = []
|
||||||
|
dangerous_configuration = ["rustls/dangerous_configuration"]
|
||||||
|
unstable = ["bytes"]
|
||||||
|
|
||||||
|
[dev-dependencies]
|
||||||
|
tokio = { version = "0.2.0", features = ["macros", "net", "io-util", "rt-core", "time"] }
|
||||||
|
futures-util = "0.3.1"
|
||||||
|
lazy_static = "1"
|
||||||
|
webpki-roots = "0.18"
|
201
tokio-rustls/LICENSE-APACHE
Normal file
201
tokio-rustls/LICENSE-APACHE
Normal file
@ -0,0 +1,201 @@
|
|||||||
|
Apache License
|
||||||
|
Version 2.0, January 2004
|
||||||
|
http://www.apache.org/licenses/
|
||||||
|
|
||||||
|
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||||
|
|
||||||
|
1. Definitions.
|
||||||
|
|
||||||
|
"License" shall mean the terms and conditions for use, reproduction,
|
||||||
|
and distribution as defined by Sections 1 through 9 of this document.
|
||||||
|
|
||||||
|
"Licensor" shall mean the copyright owner or entity authorized by
|
||||||
|
the copyright owner that is granting the License.
|
||||||
|
|
||||||
|
"Legal Entity" shall mean the union of the acting entity and all
|
||||||
|
other entities that control, are controlled by, or are under common
|
||||||
|
control with that entity. For the purposes of this definition,
|
||||||
|
"control" means (i) the power, direct or indirect, to cause the
|
||||||
|
direction or management of such entity, whether by contract or
|
||||||
|
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||||
|
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||||
|
|
||||||
|
"You" (or "Your") shall mean an individual or Legal Entity
|
||||||
|
exercising permissions granted by this License.
|
||||||
|
|
||||||
|
"Source" form shall mean the preferred form for making modifications,
|
||||||
|
including but not limited to software source code, documentation
|
||||||
|
source, and configuration files.
|
||||||
|
|
||||||
|
"Object" form shall mean any form resulting from mechanical
|
||||||
|
transformation or translation of a Source form, including but
|
||||||
|
not limited to compiled object code, generated documentation,
|
||||||
|
and conversions to other media types.
|
||||||
|
|
||||||
|
"Work" shall mean the work of authorship, whether in Source or
|
||||||
|
Object form, made available under the License, as indicated by a
|
||||||
|
copyright notice that is included in or attached to the work
|
||||||
|
(an example is provided in the Appendix below).
|
||||||
|
|
||||||
|
"Derivative Works" shall mean any work, whether in Source or Object
|
||||||
|
form, that is based on (or derived from) the Work and for which the
|
||||||
|
editorial revisions, annotations, elaborations, or other modifications
|
||||||
|
represent, as a whole, an original work of authorship. For the purposes
|
||||||
|
of this License, Derivative Works shall not include works that remain
|
||||||
|
separable from, or merely link (or bind by name) to the interfaces of,
|
||||||
|
the Work and Derivative Works thereof.
|
||||||
|
|
||||||
|
"Contribution" shall mean any work of authorship, including
|
||||||
|
the original version of the Work and any modifications or additions
|
||||||
|
to that Work or Derivative Works thereof, that is intentionally
|
||||||
|
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||||
|
or by an individual or Legal Entity authorized to submit on behalf of
|
||||||
|
the copyright owner. For the purposes of this definition, "submitted"
|
||||||
|
means any form of electronic, verbal, or written communication sent
|
||||||
|
to the Licensor or its representatives, including but not limited to
|
||||||
|
communication on electronic mailing lists, source code control systems,
|
||||||
|
and issue tracking systems that are managed by, or on behalf of, the
|
||||||
|
Licensor for the purpose of discussing and improving the Work, but
|
||||||
|
excluding communication that is conspicuously marked or otherwise
|
||||||
|
designated in writing by the copyright owner as "Not a Contribution."
|
||||||
|
|
||||||
|
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||||
|
on behalf of whom a Contribution has been received by Licensor and
|
||||||
|
subsequently incorporated within the Work.
|
||||||
|
|
||||||
|
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
copyright license to reproduce, prepare Derivative Works of,
|
||||||
|
publicly display, publicly perform, sublicense, and distribute the
|
||||||
|
Work and such Derivative Works in Source or Object form.
|
||||||
|
|
||||||
|
3. Grant of Patent License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
(except as stated in this section) patent license to make, have made,
|
||||||
|
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||||
|
where such license applies only to those patent claims licensable
|
||||||
|
by such Contributor that are necessarily infringed by their
|
||||||
|
Contribution(s) alone or by combination of their Contribution(s)
|
||||||
|
with the Work to which such Contribution(s) was submitted. If You
|
||||||
|
institute patent litigation against any entity (including a
|
||||||
|
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||||
|
or a Contribution incorporated within the Work constitutes direct
|
||||||
|
or contributory patent infringement, then any patent licenses
|
||||||
|
granted to You under this License for that Work shall terminate
|
||||||
|
as of the date such litigation is filed.
|
||||||
|
|
||||||
|
4. Redistribution. You may reproduce and distribute copies of the
|
||||||
|
Work or Derivative Works thereof in any medium, with or without
|
||||||
|
modifications, and in Source or Object form, provided that You
|
||||||
|
meet the following conditions:
|
||||||
|
|
||||||
|
(a) You must give any other recipients of the Work or
|
||||||
|
Derivative Works a copy of this License; and
|
||||||
|
|
||||||
|
(b) You must cause any modified files to carry prominent notices
|
||||||
|
stating that You changed the files; and
|
||||||
|
|
||||||
|
(c) You must retain, in the Source form of any Derivative Works
|
||||||
|
that You distribute, all copyright, patent, trademark, and
|
||||||
|
attribution notices from the Source form of the Work,
|
||||||
|
excluding those notices that do not pertain to any part of
|
||||||
|
the Derivative Works; and
|
||||||
|
|
||||||
|
(d) If the Work includes a "NOTICE" text file as part of its
|
||||||
|
distribution, then any Derivative Works that You distribute must
|
||||||
|
include a readable copy of the attribution notices contained
|
||||||
|
within such NOTICE file, excluding those notices that do not
|
||||||
|
pertain to any part of the Derivative Works, in at least one
|
||||||
|
of the following places: within a NOTICE text file distributed
|
||||||
|
as part of the Derivative Works; within the Source form or
|
||||||
|
documentation, if provided along with the Derivative Works; or,
|
||||||
|
within a display generated by the Derivative Works, if and
|
||||||
|
wherever such third-party notices normally appear. The contents
|
||||||
|
of the NOTICE file are for informational purposes only and
|
||||||
|
do not modify the License. You may add Your own attribution
|
||||||
|
notices within Derivative Works that You distribute, alongside
|
||||||
|
or as an addendum to the NOTICE text from the Work, provided
|
||||||
|
that such additional attribution notices cannot be construed
|
||||||
|
as modifying the License.
|
||||||
|
|
||||||
|
You may add Your own copyright statement to Your modifications and
|
||||||
|
may provide additional or different license terms and conditions
|
||||||
|
for use, reproduction, or distribution of Your modifications, or
|
||||||
|
for any such Derivative Works as a whole, provided Your use,
|
||||||
|
reproduction, and distribution of the Work otherwise complies with
|
||||||
|
the conditions stated in this License.
|
||||||
|
|
||||||
|
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||||
|
any Contribution intentionally submitted for inclusion in the Work
|
||||||
|
by You to the Licensor shall be under the terms and conditions of
|
||||||
|
this License, without any additional terms or conditions.
|
||||||
|
Notwithstanding the above, nothing herein shall supersede or modify
|
||||||
|
the terms of any separate license agreement you may have executed
|
||||||
|
with Licensor regarding such Contributions.
|
||||||
|
|
||||||
|
6. Trademarks. This License does not grant permission to use the trade
|
||||||
|
names, trademarks, service marks, or product names of the Licensor,
|
||||||
|
except as required for reasonable and customary use in describing the
|
||||||
|
origin of the Work and reproducing the content of the NOTICE file.
|
||||||
|
|
||||||
|
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||||
|
agreed to in writing, Licensor provides the Work (and each
|
||||||
|
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||||
|
implied, including, without limitation, any warranties or conditions
|
||||||
|
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||||
|
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||||
|
appropriateness of using or redistributing the Work and assume any
|
||||||
|
risks associated with Your exercise of permissions under this License.
|
||||||
|
|
||||||
|
8. Limitation of Liability. In no event and under no legal theory,
|
||||||
|
whether in tort (including negligence), contract, or otherwise,
|
||||||
|
unless required by applicable law (such as deliberate and grossly
|
||||||
|
negligent acts) or agreed to in writing, shall any Contributor be
|
||||||
|
liable to You for damages, including any direct, indirect, special,
|
||||||
|
incidental, or consequential damages of any character arising as a
|
||||||
|
result of this License or out of the use or inability to use the
|
||||||
|
Work (including but not limited to damages for loss of goodwill,
|
||||||
|
work stoppage, computer failure or malfunction, or any and all
|
||||||
|
other commercial damages or losses), even if such Contributor
|
||||||
|
has been advised of the possibility of such damages.
|
||||||
|
|
||||||
|
9. Accepting Warranty or Additional Liability. While redistributing
|
||||||
|
the Work or Derivative Works thereof, You may choose to offer,
|
||||||
|
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||||
|
or other liability obligations and/or rights consistent with this
|
||||||
|
License. However, in accepting such obligations, You may act only
|
||||||
|
on Your own behalf and on Your sole responsibility, not on behalf
|
||||||
|
of any other Contributor, and only if You agree to indemnify,
|
||||||
|
defend, and hold each Contributor harmless for any liability
|
||||||
|
incurred by, or claims asserted against, such Contributor by reason
|
||||||
|
of your accepting any such warranty or additional liability.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
APPENDIX: How to apply the Apache License to your work.
|
||||||
|
|
||||||
|
To apply the Apache License to your work, attach the following
|
||||||
|
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||||
|
replaced with your own identifying information. (Don't include
|
||||||
|
the brackets!) The text should be enclosed in the appropriate
|
||||||
|
comment syntax for the file format. We also recommend that a
|
||||||
|
file or class name and description of purpose be included on the
|
||||||
|
same "printed page" as the copyright notice for easier
|
||||||
|
identification within third-party archives.
|
||||||
|
|
||||||
|
Copyright 2017 quininer kel
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
25
tokio-rustls/LICENSE-MIT
Normal file
25
tokio-rustls/LICENSE-MIT
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
Copyright (c) 2017 quininer kel
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any
|
||||||
|
person obtaining a copy of this software and associated
|
||||||
|
documentation files (the "Software"), to deal in the
|
||||||
|
Software without restriction, including without
|
||||||
|
limitation the rights to use, copy, modify, merge,
|
||||||
|
publish, distribute, sublicense, and/or sell copies of
|
||||||
|
the Software, and to permit persons to whom the Software
|
||||||
|
is furnished to do so, subject to the following
|
||||||
|
conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice
|
||||||
|
shall be included in all copies or substantial portions
|
||||||
|
of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
|
||||||
|
ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
|
||||||
|
TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
|
||||||
|
PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
|
||||||
|
SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
||||||
|
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||||
|
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
|
||||||
|
IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
||||||
|
DEALINGS IN THE SOFTWARE.
|
66
tokio-rustls/README.md
Normal file
66
tokio-rustls/README.md
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
# tokio-rustls
|
||||||
|
[![github actions](https://github.com/quininer/tokio-rustls/workflows/Rust/badge.svg)](https://github.com/quininer/tokio-rustls/actions)
|
||||||
|
[![codecov](https://codecov.io/gh/quininer/tokio-rustls/branch/master/graph/badge.svg)](https://codecov.io/gh/quininer/tokio-rustls)
|
||||||
|
[![crates](https://img.shields.io/crates/v/tokio-rustls.svg)](https://crates.io/crates/tokio-rustls)
|
||||||
|
[![license](https://img.shields.io/badge/License-MIT-blue.svg)](https://github.com/quininer/tokio-rustls/blob/master/LICENSE-MIT)
|
||||||
|
[![license](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/quininer/tokio-rustls/blob/master/LICENSE-APACHE)
|
||||||
|
[![docs.rs](https://docs.rs/tokio-rustls/badge.svg)](https://docs.rs/tokio-rustls/)
|
||||||
|
|
||||||
|
Asynchronous TLS/SSL streams for [Tokio](https://tokio.rs/) using
|
||||||
|
[Rustls](https://github.com/ctz/rustls).
|
||||||
|
|
||||||
|
### Basic Structure of a Client
|
||||||
|
|
||||||
|
```rust
|
||||||
|
use webpki::DNSNameRef;
|
||||||
|
use tokio_rustls::{ TlsConnector, rustls::ClientConfig };
|
||||||
|
|
||||||
|
// ...
|
||||||
|
|
||||||
|
let mut config = ClientConfig::new();
|
||||||
|
config.root_store.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
|
||||||
|
let config = TlsConnector::from(Arc::new(config));
|
||||||
|
let dnsname = DNSNameRef::try_from_ascii_str("www.rust-lang.org").unwrap();
|
||||||
|
|
||||||
|
let stream = TcpStream::connect(&addr).await?;
|
||||||
|
let mut stream = config.connect(dnsname, stream).await?;
|
||||||
|
|
||||||
|
// ...
|
||||||
|
```
|
||||||
|
|
||||||
|
### Client Example Program
|
||||||
|
|
||||||
|
See [examples/client](examples/client/src/main.rs). You can run it with:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
cd examples/client
|
||||||
|
cargo run -- hsts.badssl.com
|
||||||
|
```
|
||||||
|
|
||||||
|
### Server Example Program
|
||||||
|
|
||||||
|
See [examples/server](examples/server/src/main.rs). You can run it with:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
cd examples/server
|
||||||
|
cargo run -- 127.0.0.1 --cert mycert.der --key mykey.der
|
||||||
|
```
|
||||||
|
|
||||||
|
### License & Origin
|
||||||
|
|
||||||
|
This project is licensed under either of
|
||||||
|
|
||||||
|
* Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0)
|
||||||
|
* MIT license ([LICENSE-MIT](LICENSE-MIT) or
|
||||||
|
http://opensource.org/licenses/MIT)
|
||||||
|
|
||||||
|
at your option.
|
||||||
|
|
||||||
|
This started as a fork of [tokio-tls](https://github.com/tokio-rs/tokio-tls).
|
||||||
|
|
||||||
|
### Contribution
|
||||||
|
|
||||||
|
Unless you explicitly state otherwise, any contribution intentionally submitted
|
||||||
|
for inclusion in tokio-rustls by you, as defined in the Apache-2.0 license, shall be
|
||||||
|
dual licensed as above, without any additional terms or conditions.
|
12
tokio-rustls/examples/client/Cargo.toml
Normal file
12
tokio-rustls/examples/client/Cargo.toml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
[package]
|
||||||
|
name = "client"
|
||||||
|
version = "0.1.0"
|
||||||
|
authors = ["quininer <quininer@live.com>"]
|
||||||
|
edition = "2018"
|
||||||
|
|
||||||
|
[dependencies]
|
||||||
|
futures-util = "0.3"
|
||||||
|
tokio = { version = "0.2", features = [ "net", "io-std", "io-util", "rt-threaded" ] }
|
||||||
|
structopt = "0.2"
|
||||||
|
tokio-rustls = { path = "../.." }
|
||||||
|
webpki-roots = "0.18"
|
88
tokio-rustls/examples/client/src/main.rs
Normal file
88
tokio-rustls/examples/client/src/main.rs
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
use std::io;
|
||||||
|
use std::fs::File;
|
||||||
|
use std::path::PathBuf;
|
||||||
|
use std::sync::Arc;
|
||||||
|
use std::net::ToSocketAddrs;
|
||||||
|
use std::io::BufReader;
|
||||||
|
use futures_util::future;
|
||||||
|
use structopt::StructOpt;
|
||||||
|
use tokio::runtime;
|
||||||
|
use tokio::net::TcpStream;
|
||||||
|
use tokio::io::{
|
||||||
|
AsyncWriteExt,
|
||||||
|
copy, split,
|
||||||
|
stdin as tokio_stdin, stdout as tokio_stdout
|
||||||
|
};
|
||||||
|
use tokio_rustls::{ TlsConnector, rustls::ClientConfig, webpki::DNSNameRef };
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(StructOpt)]
|
||||||
|
struct Options {
|
||||||
|
host: String,
|
||||||
|
|
||||||
|
/// port
|
||||||
|
#[structopt(short="p", long="port", default_value="443")]
|
||||||
|
port: u16,
|
||||||
|
|
||||||
|
/// domain
|
||||||
|
#[structopt(short="d", long="domain")]
|
||||||
|
domain: Option<String>,
|
||||||
|
|
||||||
|
/// cafile
|
||||||
|
#[structopt(short="c", long="cafile", parse(from_os_str))]
|
||||||
|
cafile: Option<PathBuf>
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
fn main() -> io::Result<()> {
|
||||||
|
let options = Options::from_args();
|
||||||
|
|
||||||
|
let addr = (options.host.as_str(), options.port)
|
||||||
|
.to_socket_addrs()?
|
||||||
|
.next()
|
||||||
|
.ok_or_else(|| io::Error::from(io::ErrorKind::NotFound))?;
|
||||||
|
let domain = options.domain.unwrap_or(options.host);
|
||||||
|
let content = format!(
|
||||||
|
"GET / HTTP/1.0\r\nHost: {}\r\n\r\n",
|
||||||
|
domain
|
||||||
|
);
|
||||||
|
|
||||||
|
let mut runtime = runtime::Builder::new()
|
||||||
|
.basic_scheduler()
|
||||||
|
.enable_io()
|
||||||
|
.build()?;
|
||||||
|
let mut config = ClientConfig::new();
|
||||||
|
if let Some(cafile) = &options.cafile {
|
||||||
|
let mut pem = BufReader::new(File::open(cafile)?);
|
||||||
|
config.root_store.add_pem_file(&mut pem)
|
||||||
|
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert"))?;
|
||||||
|
} else {
|
||||||
|
config.root_store.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
|
||||||
|
}
|
||||||
|
let connector = TlsConnector::from(Arc::new(config));
|
||||||
|
|
||||||
|
let fut = async {
|
||||||
|
let stream = TcpStream::connect(&addr).await?;
|
||||||
|
|
||||||
|
let (mut stdin, mut stdout) = (tokio_stdin(), tokio_stdout());
|
||||||
|
|
||||||
|
let domain = DNSNameRef::try_from_ascii_str(&domain)
|
||||||
|
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid dnsname"))?;
|
||||||
|
|
||||||
|
let mut stream = connector.connect(domain, stream).await?;
|
||||||
|
stream.write_all(content.as_bytes()).await?;
|
||||||
|
|
||||||
|
let (mut reader, mut writer) = split(stream);
|
||||||
|
future::select(
|
||||||
|
copy(&mut reader, &mut stdout),
|
||||||
|
copy(&mut stdin, &mut writer)
|
||||||
|
)
|
||||||
|
.await
|
||||||
|
.factor_first()
|
||||||
|
.0?;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
};
|
||||||
|
|
||||||
|
runtime.block_on(fut)
|
||||||
|
}
|
11
tokio-rustls/examples/server/Cargo.toml
Normal file
11
tokio-rustls/examples/server/Cargo.toml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
[package]
|
||||||
|
name = "server"
|
||||||
|
version = "0.1.0"
|
||||||
|
authors = ["quininer <quininer@live.com>"]
|
||||||
|
edition = "2018"
|
||||||
|
|
||||||
|
[dependencies]
|
||||||
|
futures-util = "0.3"
|
||||||
|
tokio = { version = "0.2", features = [ "net", "io-util", "rt-threaded" ] }
|
||||||
|
structopt = "0.2"
|
||||||
|
tokio-rustls = { path = "../.." }
|
99
tokio-rustls/examples/server/src/main.rs
Normal file
99
tokio-rustls/examples/server/src/main.rs
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
use std::fs::File;
|
||||||
|
use std::sync::Arc;
|
||||||
|
use std::net::ToSocketAddrs;
|
||||||
|
use std::path::{ PathBuf, Path };
|
||||||
|
use std::io::{ self, BufReader };
|
||||||
|
use futures_util::future::TryFutureExt;
|
||||||
|
use structopt::StructOpt;
|
||||||
|
use tokio::runtime;
|
||||||
|
use tokio::net::TcpListener;
|
||||||
|
use tokio::io::{ AsyncWriteExt, copy, split };
|
||||||
|
use tokio_rustls::rustls::{ Certificate, NoClientAuth, PrivateKey, ServerConfig };
|
||||||
|
use tokio_rustls::rustls::internal::pemfile::{ certs, rsa_private_keys };
|
||||||
|
use tokio_rustls::TlsAcceptor;
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(StructOpt)]
|
||||||
|
struct Options {
|
||||||
|
addr: String,
|
||||||
|
|
||||||
|
/// cert file
|
||||||
|
#[structopt(short="c", long="cert", parse(from_os_str))]
|
||||||
|
cert: PathBuf,
|
||||||
|
|
||||||
|
/// key file
|
||||||
|
#[structopt(short="k", long="key", parse(from_os_str))]
|
||||||
|
key: PathBuf,
|
||||||
|
|
||||||
|
/// echo mode
|
||||||
|
#[structopt(short="e", long="echo-mode")]
|
||||||
|
echo: bool
|
||||||
|
}
|
||||||
|
|
||||||
|
fn load_certs(path: &Path) -> io::Result<Vec<Certificate>> {
|
||||||
|
certs(&mut BufReader::new(File::open(path)?))
|
||||||
|
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert"))
|
||||||
|
}
|
||||||
|
|
||||||
|
fn load_keys(path: &Path) -> io::Result<Vec<PrivateKey>> {
|
||||||
|
rsa_private_keys(&mut BufReader::new(File::open(path)?))
|
||||||
|
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"))
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
fn main() -> io::Result<()> {
|
||||||
|
let options = Options::from_args();
|
||||||
|
|
||||||
|
let addr = options.addr.to_socket_addrs()?
|
||||||
|
.next()
|
||||||
|
.ok_or_else(|| io::Error::from(io::ErrorKind::AddrNotAvailable))?;
|
||||||
|
let certs = load_certs(&options.cert)?;
|
||||||
|
let mut keys = load_keys(&options.key)?;
|
||||||
|
let flag_echo = options.echo;
|
||||||
|
|
||||||
|
let mut runtime = runtime::Builder::new()
|
||||||
|
.threaded_scheduler()
|
||||||
|
.enable_io()
|
||||||
|
.build()?;
|
||||||
|
let handle = runtime.handle().clone();
|
||||||
|
let mut config = ServerConfig::new(NoClientAuth::new());
|
||||||
|
config.set_single_cert(certs, keys.remove(0))
|
||||||
|
.map_err(|err| io::Error::new(io::ErrorKind::InvalidInput, err))?;
|
||||||
|
let acceptor = TlsAcceptor::from(Arc::new(config));
|
||||||
|
|
||||||
|
let fut = async {
|
||||||
|
let mut listener = TcpListener::bind(&addr).await?;
|
||||||
|
|
||||||
|
loop {
|
||||||
|
let (stream, peer_addr) = listener.accept().await?;
|
||||||
|
let acceptor = acceptor.clone();
|
||||||
|
|
||||||
|
let fut = async move {
|
||||||
|
let mut stream = acceptor.accept(stream).await?;
|
||||||
|
|
||||||
|
if flag_echo {
|
||||||
|
let (mut reader, mut writer) = split(stream);
|
||||||
|
let n = copy(&mut reader, &mut writer).await?;
|
||||||
|
writer.flush().await?;
|
||||||
|
println!("Echo: {} - {}", peer_addr, n);
|
||||||
|
} else {
|
||||||
|
stream.write_all(
|
||||||
|
&b"HTTP/1.0 200 ok\r\n\
|
||||||
|
Connection: close\r\n\
|
||||||
|
Content-length: 12\r\n\
|
||||||
|
\r\n\
|
||||||
|
Hello world!"[..]
|
||||||
|
).await?;
|
||||||
|
stream.flush().await?;
|
||||||
|
println!("Hello: {}", peer_addr);
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(()) as io::Result<()>
|
||||||
|
};
|
||||||
|
|
||||||
|
handle.spawn(fut.unwrap_or_else(|err| eprintln!("{:?}", err)));
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
runtime.block_on(fut)
|
||||||
|
}
|
191
tokio-rustls/src/client.rs
Normal file
191
tokio-rustls/src/client.rs
Normal file
@ -0,0 +1,191 @@
|
|||||||
|
use super::*;
|
||||||
|
use rustls::Session;
|
||||||
|
use crate::common::IoSession;
|
||||||
|
|
||||||
|
|
||||||
|
/// A wrapper around an underlying raw stream which implements the TLS or SSL
|
||||||
|
/// protocol.
|
||||||
|
#[derive(Debug)]
|
||||||
|
pub struct TlsStream<IO> {
|
||||||
|
pub(crate) io: IO,
|
||||||
|
pub(crate) session: ClientSession,
|
||||||
|
pub(crate) state: TlsState,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO> TlsStream<IO> {
|
||||||
|
#[inline]
|
||||||
|
pub fn get_ref(&self) -> (&IO, &ClientSession) {
|
||||||
|
(&self.io, &self.session)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
pub fn get_mut(&mut self) -> (&mut IO, &mut ClientSession) {
|
||||||
|
(&mut self.io, &mut self.session)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
pub fn into_inner(self) -> (IO, ClientSession) {
|
||||||
|
(self.io, self.session)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO> IoSession for TlsStream<IO> {
|
||||||
|
type Io = IO;
|
||||||
|
type Session = ClientSession;
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn skip_handshake(&self) -> bool {
|
||||||
|
self.state.is_early_data()
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn get_mut(&mut self) -> (&mut TlsState, &mut Self::Io, &mut Self::Session) {
|
||||||
|
(&mut self.state, &mut self.io, &mut self.session)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn into_io(self) -> Self::Io {
|
||||||
|
self.io
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO> AsyncRead for TlsStream<IO>
|
||||||
|
where
|
||||||
|
IO: AsyncRead + AsyncWrite + Unpin,
|
||||||
|
{
|
||||||
|
#[cfg(feature = "unstable")]
|
||||||
|
unsafe fn prepare_uninitialized_buffer(&self, _buf: &mut [std::mem::MaybeUninit<u8>]) -> bool {
|
||||||
|
false
|
||||||
|
}
|
||||||
|
|
||||||
|
fn poll_read(self: Pin<&mut Self>, cx: &mut Context<'_>, buf: &mut [u8]) -> Poll<io::Result<usize>> {
|
||||||
|
match self.state {
|
||||||
|
#[cfg(feature = "early-data")]
|
||||||
|
TlsState::EarlyData(..) => Poll::Pending,
|
||||||
|
TlsState::Stream | TlsState::WriteShutdown => {
|
||||||
|
let this = self.get_mut();
|
||||||
|
let mut stream = Stream::new(&mut this.io, &mut this.session)
|
||||||
|
.set_eof(!this.state.readable());
|
||||||
|
|
||||||
|
match stream.as_mut_pin().poll_read(cx, buf) {
|
||||||
|
Poll::Ready(Ok(0)) => {
|
||||||
|
this.state.shutdown_read();
|
||||||
|
Poll::Ready(Ok(0))
|
||||||
|
},
|
||||||
|
Poll::Ready(Ok(n)) => Poll::Ready(Ok(n)),
|
||||||
|
Poll::Ready(Err(ref e)) if e.kind() == io::ErrorKind::ConnectionAborted => {
|
||||||
|
this.state.shutdown_read();
|
||||||
|
if this.state.writeable() {
|
||||||
|
stream.session.send_close_notify();
|
||||||
|
this.state.shutdown_write();
|
||||||
|
}
|
||||||
|
Poll::Ready(Ok(0))
|
||||||
|
},
|
||||||
|
output => output
|
||||||
|
}
|
||||||
|
}
|
||||||
|
TlsState::ReadShutdown | TlsState::FullyShutdown => Poll::Ready(Ok(0)),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO> AsyncWrite for TlsStream<IO>
|
||||||
|
where
|
||||||
|
IO: AsyncRead + AsyncWrite + Unpin,
|
||||||
|
{
|
||||||
|
/// Note: that it does not guarantee the final data to be sent.
|
||||||
|
/// To be cautious, you must manually call `flush`.
|
||||||
|
fn poll_write(self: Pin<&mut Self>, cx: &mut Context<'_>, buf: &[u8]) -> Poll<io::Result<usize>> {
|
||||||
|
let this = self.get_mut();
|
||||||
|
let mut stream = Stream::new(&mut this.io, &mut this.session)
|
||||||
|
.set_eof(!this.state.readable());
|
||||||
|
|
||||||
|
match this.state {
|
||||||
|
#[cfg(feature = "early-data")]
|
||||||
|
TlsState::EarlyData(ref mut pos, ref mut data) => {
|
||||||
|
use futures_core::ready;
|
||||||
|
use std::io::Write;
|
||||||
|
|
||||||
|
// write early data
|
||||||
|
if let Some(mut early_data) = stream.session.early_data() {
|
||||||
|
let len = match early_data.write(buf) {
|
||||||
|
Ok(n) => n,
|
||||||
|
Err(ref err) if err.kind() == io::ErrorKind::WouldBlock =>
|
||||||
|
return Poll::Pending,
|
||||||
|
Err(err) => return Poll::Ready(Err(err))
|
||||||
|
};
|
||||||
|
if len != 0 {
|
||||||
|
data.extend_from_slice(&buf[..len]);
|
||||||
|
return Poll::Ready(Ok(len));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// complete handshake
|
||||||
|
while stream.session.is_handshaking() {
|
||||||
|
ready!(stream.handshake(cx))?;
|
||||||
|
}
|
||||||
|
|
||||||
|
// write early data (fallback)
|
||||||
|
if !stream.session.is_early_data_accepted() {
|
||||||
|
while *pos < data.len() {
|
||||||
|
let len = ready!(stream.as_mut_pin().poll_write(cx, &data[*pos..]))?;
|
||||||
|
*pos += len;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// end
|
||||||
|
this.state = TlsState::Stream;
|
||||||
|
stream.as_mut_pin().poll_write(cx, buf)
|
||||||
|
}
|
||||||
|
_ => stream.as_mut_pin().poll_write(cx, buf),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn poll_flush(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
|
||||||
|
let this = self.get_mut();
|
||||||
|
let mut stream = Stream::new(&mut this.io, &mut this.session)
|
||||||
|
.set_eof(!this.state.readable());
|
||||||
|
|
||||||
|
#[cfg(feature = "early-data")] {
|
||||||
|
use futures_core::ready;
|
||||||
|
|
||||||
|
if let TlsState::EarlyData(ref mut pos, ref mut data) = this.state {
|
||||||
|
// complete handshake
|
||||||
|
while stream.session.is_handshaking() {
|
||||||
|
ready!(stream.handshake(cx))?;
|
||||||
|
}
|
||||||
|
|
||||||
|
// write early data (fallback)
|
||||||
|
if !stream.session.is_early_data_accepted() {
|
||||||
|
while *pos < data.len() {
|
||||||
|
let len = ready!(stream.as_mut_pin().poll_write(cx, &data[*pos..]))?;
|
||||||
|
*pos += len;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
this.state = TlsState::Stream;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stream.as_mut_pin().poll_flush(cx)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn poll_shutdown(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
|
||||||
|
if self.state.writeable() {
|
||||||
|
self.session.send_close_notify();
|
||||||
|
self.state.shutdown_write();
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(feature = "early-data")] {
|
||||||
|
// we skip the handshake
|
||||||
|
if let TlsState::EarlyData(..) = self.state {
|
||||||
|
return Pin::new(&mut self.io).poll_shutdown(cx);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
let this = self.get_mut();
|
||||||
|
let mut stream = Stream::new(&mut this.io, &mut this.session)
|
||||||
|
.set_eof(!this.state.readable());
|
||||||
|
stream.as_mut_pin().poll_shutdown(cx)
|
||||||
|
}
|
||||||
|
}
|
84
tokio-rustls/src/common/handshake.rs
Normal file
84
tokio-rustls/src/common/handshake.rs
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
use std::{ io, mem };
|
||||||
|
use std::pin::Pin;
|
||||||
|
use std::future::Future;
|
||||||
|
use std::task::{ Context, Poll };
|
||||||
|
use futures_core::future::FusedFuture;
|
||||||
|
use tokio::io::{ AsyncRead, AsyncWrite };
|
||||||
|
use rustls::Session;
|
||||||
|
use crate::common::{ TlsState, Stream };
|
||||||
|
|
||||||
|
|
||||||
|
pub(crate) trait IoSession {
|
||||||
|
type Io;
|
||||||
|
type Session;
|
||||||
|
|
||||||
|
fn skip_handshake(&self) -> bool;
|
||||||
|
fn get_mut(&mut self) -> (&mut TlsState, &mut Self::Io, &mut Self::Session);
|
||||||
|
fn into_io(self) -> Self::Io;
|
||||||
|
}
|
||||||
|
|
||||||
|
pub(crate) enum MidHandshake<IS> {
|
||||||
|
Handshaking(IS),
|
||||||
|
End,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IS> FusedFuture for MidHandshake<IS>
|
||||||
|
where
|
||||||
|
IS: IoSession + Unpin,
|
||||||
|
IS::Io: AsyncRead + AsyncWrite + Unpin,
|
||||||
|
IS::Session: Session + Unpin
|
||||||
|
{
|
||||||
|
fn is_terminated(&self) -> bool {
|
||||||
|
if let MidHandshake::End = self {
|
||||||
|
true
|
||||||
|
} else {
|
||||||
|
false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IS> Future for MidHandshake<IS>
|
||||||
|
where
|
||||||
|
IS: IoSession + Unpin,
|
||||||
|
IS::Io: AsyncRead + AsyncWrite + Unpin,
|
||||||
|
IS::Session: Session + Unpin
|
||||||
|
{
|
||||||
|
type Output = Result<IS, (io::Error, IS::Io)>;
|
||||||
|
|
||||||
|
fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
|
||||||
|
let this = self.get_mut();
|
||||||
|
|
||||||
|
if let MidHandshake::Handshaking(mut stream) = mem::replace(this, MidHandshake::End) {
|
||||||
|
if !stream.skip_handshake() {
|
||||||
|
let (state, io, session) = stream.get_mut();
|
||||||
|
let mut tls_stream = Stream::new(io, session)
|
||||||
|
.set_eof(!state.readable());
|
||||||
|
|
||||||
|
macro_rules! try_poll {
|
||||||
|
( $e:expr ) => {
|
||||||
|
match $e {
|
||||||
|
Poll::Ready(Ok(_)) => (),
|
||||||
|
Poll::Ready(Err(err)) => return Poll::Ready(Err((err, stream.into_io()))),
|
||||||
|
Poll::Pending => {
|
||||||
|
*this = MidHandshake::Handshaking(stream);
|
||||||
|
return Poll::Pending;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
while tls_stream.session.is_handshaking() {
|
||||||
|
try_poll!(tls_stream.handshake(cx));
|
||||||
|
}
|
||||||
|
|
||||||
|
while tls_stream.session.wants_write() {
|
||||||
|
try_poll!(tls_stream.write_io(cx));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Poll::Ready(Ok(stream))
|
||||||
|
} else {
|
||||||
|
panic!("unexpected polling after handshake")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
347
tokio-rustls/src/common/mod.rs
Normal file
347
tokio-rustls/src/common/mod.rs
Normal file
@ -0,0 +1,347 @@
|
|||||||
|
mod handshake;
|
||||||
|
|
||||||
|
#[cfg(feature = "unstable")]
|
||||||
|
mod vecbuf;
|
||||||
|
|
||||||
|
use std::pin::Pin;
|
||||||
|
use std::task::{ Poll, Context };
|
||||||
|
use std::io::{ self, Read };
|
||||||
|
use rustls::Session;
|
||||||
|
use tokio::io::{ AsyncRead, AsyncWrite };
|
||||||
|
use futures_core as futures;
|
||||||
|
pub(crate) use handshake::{ IoSession, MidHandshake };
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug)]
|
||||||
|
pub enum TlsState {
|
||||||
|
#[cfg(feature = "early-data")]
|
||||||
|
EarlyData(usize, Vec<u8>),
|
||||||
|
Stream,
|
||||||
|
ReadShutdown,
|
||||||
|
WriteShutdown,
|
||||||
|
FullyShutdown,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl TlsState {
|
||||||
|
#[inline]
|
||||||
|
pub fn shutdown_read(&mut self) {
|
||||||
|
match *self {
|
||||||
|
TlsState::WriteShutdown | TlsState::FullyShutdown =>
|
||||||
|
*self = TlsState::FullyShutdown,
|
||||||
|
_ => *self = TlsState::ReadShutdown,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
pub fn shutdown_write(&mut self) {
|
||||||
|
match *self {
|
||||||
|
TlsState::ReadShutdown | TlsState::FullyShutdown =>
|
||||||
|
*self = TlsState::FullyShutdown,
|
||||||
|
_ => *self = TlsState::WriteShutdown,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
pub fn writeable(&self) -> bool {
|
||||||
|
match *self {
|
||||||
|
TlsState::WriteShutdown | TlsState::FullyShutdown => false,
|
||||||
|
_ => true,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
pub fn readable(&self) -> bool {
|
||||||
|
match self {
|
||||||
|
TlsState::ReadShutdown | TlsState::FullyShutdown => false,
|
||||||
|
_ => true,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
#[cfg(feature = "early-data")]
|
||||||
|
pub fn is_early_data(&self) -> bool {
|
||||||
|
match self {
|
||||||
|
TlsState::EarlyData(..) => true,
|
||||||
|
_ => false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
#[cfg(not(feature = "early-data"))]
|
||||||
|
pub const fn is_early_data(&self) -> bool {
|
||||||
|
false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub struct Stream<'a, IO, S> {
|
||||||
|
pub io: &'a mut IO,
|
||||||
|
pub session: &'a mut S,
|
||||||
|
pub eof: bool
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<'a, IO: AsyncRead + AsyncWrite + Unpin, S: Session> Stream<'a, IO, S> {
|
||||||
|
pub fn new(io: &'a mut IO, session: &'a mut S) -> Self {
|
||||||
|
Stream {
|
||||||
|
io,
|
||||||
|
session,
|
||||||
|
// The state so far is only used to detect EOF, so either Stream
|
||||||
|
// or EarlyData state should both be all right.
|
||||||
|
eof: false,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn set_eof(mut self, eof: bool) -> Self {
|
||||||
|
self.eof = eof;
|
||||||
|
self
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn as_mut_pin(&mut self) -> Pin<&mut Self> {
|
||||||
|
Pin::new(self)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn process_new_packets(&mut self, cx: &mut Context) -> io::Result<()> {
|
||||||
|
self.session.process_new_packets()
|
||||||
|
.map_err(|err| {
|
||||||
|
// In case we have an alert to send describing this error,
|
||||||
|
// try a last-gasp write -- but don't predate the primary
|
||||||
|
// error.
|
||||||
|
let _ = self.write_io(cx);
|
||||||
|
|
||||||
|
io::Error::new(io::ErrorKind::InvalidData, err)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn read_io(&mut self, cx: &mut Context) -> Poll<io::Result<usize>> {
|
||||||
|
struct Reader<'a, 'b, T> {
|
||||||
|
io: &'a mut T,
|
||||||
|
cx: &'a mut Context<'b>
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<'a, 'b, T: AsyncRead + Unpin> Read for Reader<'a, 'b, T> {
|
||||||
|
fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
|
||||||
|
match Pin::new(&mut self.io).poll_read(self.cx, buf) {
|
||||||
|
Poll::Ready(result) => result,
|
||||||
|
Poll::Pending => Err(io::ErrorKind::WouldBlock.into())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
let mut reader = Reader { io: self.io, cx };
|
||||||
|
|
||||||
|
let n = match self.session.read_tls(&mut reader) {
|
||||||
|
Ok(n) => n,
|
||||||
|
Err(ref err) if err.kind() == io::ErrorKind::WouldBlock => return Poll::Pending,
|
||||||
|
Err(err) => return Poll::Ready(Err(err))
|
||||||
|
};
|
||||||
|
|
||||||
|
Poll::Ready(Ok(n))
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(not(feature = "unstable"))]
|
||||||
|
pub fn write_io(&mut self, cx: &mut Context) -> Poll<io::Result<usize>> {
|
||||||
|
use std::io::Write;
|
||||||
|
|
||||||
|
struct Writer<'a, 'b, T> {
|
||||||
|
io: &'a mut T,
|
||||||
|
cx: &'a mut Context<'b>
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<'a, 'b, T: AsyncWrite + Unpin> Write for Writer<'a, 'b, T> {
|
||||||
|
fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
|
||||||
|
match Pin::new(&mut self.io).poll_write(self.cx, buf) {
|
||||||
|
Poll::Ready(result) => result,
|
||||||
|
Poll::Pending => Err(io::ErrorKind::WouldBlock.into())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn flush(&mut self) -> io::Result<()> {
|
||||||
|
match Pin::new(&mut self.io).poll_flush(self.cx) {
|
||||||
|
Poll::Ready(result) => result,
|
||||||
|
Poll::Pending => Err(io::ErrorKind::WouldBlock.into())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
let mut writer = Writer { io: self.io, cx };
|
||||||
|
|
||||||
|
match self.session.write_tls(&mut writer) {
|
||||||
|
Err(ref err) if err.kind() == io::ErrorKind::WouldBlock => Poll::Pending,
|
||||||
|
result => Poll::Ready(result)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(feature = "unstable")]
|
||||||
|
pub fn write_io(&mut self, cx: &mut Context) -> Poll<io::Result<usize>> {
|
||||||
|
use rustls::WriteV;
|
||||||
|
|
||||||
|
struct Writer<'a, 'b, T> {
|
||||||
|
io: &'a mut T,
|
||||||
|
cx: &'a mut Context<'b>
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<'a, 'b, T: AsyncWrite + Unpin> WriteV for Writer<'a, 'b, T> {
|
||||||
|
fn writev(&mut self, vbuf: &[&[u8]]) -> io::Result<usize> {
|
||||||
|
use vecbuf::VecBuf;
|
||||||
|
|
||||||
|
let mut vbuf = VecBuf::new(vbuf);
|
||||||
|
|
||||||
|
match Pin::new(&mut self.io).poll_write_buf(self.cx, &mut vbuf) {
|
||||||
|
Poll::Ready(result) => result,
|
||||||
|
Poll::Pending => Err(io::ErrorKind::WouldBlock.into())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
let mut writer = Writer { io: self.io, cx };
|
||||||
|
|
||||||
|
match self.session.writev_tls(&mut writer) {
|
||||||
|
Err(ref err) if err.kind() == io::ErrorKind::WouldBlock => Poll::Pending,
|
||||||
|
result => Poll::Ready(result)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn handshake(&mut self, cx: &mut Context) -> Poll<io::Result<(usize, usize)>> {
|
||||||
|
let mut wrlen = 0;
|
||||||
|
let mut rdlen = 0;
|
||||||
|
|
||||||
|
loop {
|
||||||
|
let mut write_would_block = false;
|
||||||
|
let mut read_would_block = false;
|
||||||
|
|
||||||
|
while self.session.wants_write() {
|
||||||
|
match self.write_io(cx) {
|
||||||
|
Poll::Ready(Ok(n)) => wrlen += n,
|
||||||
|
Poll::Pending => {
|
||||||
|
write_would_block = true;
|
||||||
|
break
|
||||||
|
},
|
||||||
|
Poll::Ready(Err(err)) => return Poll::Ready(Err(err))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
while !self.eof && self.session.wants_read() {
|
||||||
|
match self.read_io(cx) {
|
||||||
|
Poll::Ready(Ok(0)) => self.eof = true,
|
||||||
|
Poll::Ready(Ok(n)) => rdlen += n,
|
||||||
|
Poll::Pending => {
|
||||||
|
read_would_block = true;
|
||||||
|
break
|
||||||
|
},
|
||||||
|
Poll::Ready(Err(err)) => return Poll::Ready(Err(err))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
self.process_new_packets(cx)?;
|
||||||
|
|
||||||
|
return match (self.eof, self.session.is_handshaking()) {
|
||||||
|
(true, true) => {
|
||||||
|
let err = io::Error::new(io::ErrorKind::UnexpectedEof, "tls handshake eof");
|
||||||
|
Poll::Ready(Err(err))
|
||||||
|
},
|
||||||
|
(_, false) => Poll::Ready(Ok((rdlen, wrlen))),
|
||||||
|
(_, true) if write_would_block || read_would_block => if rdlen != 0 || wrlen != 0 {
|
||||||
|
Poll::Ready(Ok((rdlen, wrlen)))
|
||||||
|
} else {
|
||||||
|
Poll::Pending
|
||||||
|
},
|
||||||
|
(..) => continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<'a, IO: AsyncRead + AsyncWrite + Unpin, S: Session> AsyncRead for Stream<'a, IO, S> {
|
||||||
|
fn poll_read(mut self: Pin<&mut Self>, cx: &mut Context, buf: &mut [u8]) -> Poll<io::Result<usize>> {
|
||||||
|
let mut pos = 0;
|
||||||
|
|
||||||
|
while pos != buf.len() {
|
||||||
|
let mut would_block = false;
|
||||||
|
|
||||||
|
// read a packet
|
||||||
|
while self.session.wants_read() {
|
||||||
|
match self.read_io(cx) {
|
||||||
|
Poll::Ready(Ok(0)) => {
|
||||||
|
self.eof = true;
|
||||||
|
break
|
||||||
|
},
|
||||||
|
Poll::Ready(Ok(_)) => (),
|
||||||
|
Poll::Pending => {
|
||||||
|
would_block = true;
|
||||||
|
break
|
||||||
|
},
|
||||||
|
Poll::Ready(Err(err)) => return Poll::Ready(Err(err))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
self.process_new_packets(cx)?;
|
||||||
|
|
||||||
|
return match self.session.read(&mut buf[pos..]) {
|
||||||
|
Ok(0) if pos == 0 && would_block => Poll::Pending,
|
||||||
|
Ok(n) if self.eof || would_block => Poll::Ready(Ok(pos + n)),
|
||||||
|
Ok(n) => {
|
||||||
|
pos += n;
|
||||||
|
continue
|
||||||
|
},
|
||||||
|
Err(ref err) if err.kind() == io::ErrorKind::WouldBlock => Poll::Pending,
|
||||||
|
Err(ref err) if err.kind() == io::ErrorKind::ConnectionAborted && pos != 0 =>
|
||||||
|
Poll::Ready(Ok(pos)),
|
||||||
|
Err(err) => Poll::Ready(Err(err))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Poll::Ready(Ok(pos))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<'a, IO: AsyncRead + AsyncWrite + Unpin, S: Session> AsyncWrite for Stream<'a, IO, S> {
|
||||||
|
fn poll_write(mut self: Pin<&mut Self>, cx: &mut Context, buf: &[u8]) -> Poll<io::Result<usize>> {
|
||||||
|
let mut pos = 0;
|
||||||
|
|
||||||
|
while pos != buf.len() {
|
||||||
|
let mut would_block = false;
|
||||||
|
|
||||||
|
match self.session.write(&buf[pos..]) {
|
||||||
|
Ok(n) => pos += n,
|
||||||
|
Err(ref err) if err.kind() == io::ErrorKind::WouldBlock => (),
|
||||||
|
Err(err) => return Poll::Ready(Err(err))
|
||||||
|
};
|
||||||
|
|
||||||
|
while self.session.wants_write() {
|
||||||
|
match self.write_io(cx) {
|
||||||
|
Poll::Ready(Ok(0)) | Poll::Pending => {
|
||||||
|
would_block = true;
|
||||||
|
break
|
||||||
|
},
|
||||||
|
Poll::Ready(Ok(_)) => (),
|
||||||
|
Poll::Ready(Err(err)) => return Poll::Ready(Err(err))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return match (pos, would_block) {
|
||||||
|
(0, true) => Poll::Pending,
|
||||||
|
(n, true) => Poll::Ready(Ok(n)),
|
||||||
|
(_, false) => continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Poll::Ready(Ok(pos))
|
||||||
|
}
|
||||||
|
|
||||||
|
fn poll_flush(mut self: Pin<&mut Self>, cx: &mut Context) -> Poll<io::Result<()>> {
|
||||||
|
self.session.flush()?;
|
||||||
|
while self.session.wants_write() {
|
||||||
|
futures::ready!(self.write_io(cx))?;
|
||||||
|
}
|
||||||
|
Pin::new(&mut self.io).poll_flush(cx)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn poll_shutdown(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
|
||||||
|
while self.session.wants_write() {
|
||||||
|
futures::ready!(self.write_io(cx))?;
|
||||||
|
}
|
||||||
|
Pin::new(&mut self.io).poll_shutdown(cx)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
mod test_stream;
|
220
tokio-rustls/src/common/test_stream.rs
Normal file
220
tokio-rustls/src/common/test_stream.rs
Normal file
@ -0,0 +1,220 @@
|
|||||||
|
use std::pin::Pin;
|
||||||
|
use std::sync::Arc;
|
||||||
|
use std::task::{ Poll, Context };
|
||||||
|
use futures_core::ready;
|
||||||
|
use futures_util::future::poll_fn;
|
||||||
|
use futures_util::task::noop_waker_ref;
|
||||||
|
use tokio::io::{ AsyncRead, AsyncWrite, AsyncReadExt, AsyncWriteExt };
|
||||||
|
use std::io::{ self, Read, Write, BufReader, Cursor };
|
||||||
|
use webpki::DNSNameRef;
|
||||||
|
use rustls::internal::pemfile::{ certs, rsa_private_keys };
|
||||||
|
use rustls::{
|
||||||
|
ServerConfig, ClientConfig,
|
||||||
|
ServerSession, ClientSession,
|
||||||
|
Session, NoClientAuth
|
||||||
|
};
|
||||||
|
use super::Stream;
|
||||||
|
|
||||||
|
|
||||||
|
struct Good<'a>(&'a mut dyn Session);
|
||||||
|
|
||||||
|
impl<'a> AsyncRead for Good<'a> {
|
||||||
|
fn poll_read(mut self: Pin<&mut Self>, _cx: &mut Context<'_>, mut buf: &mut [u8]) -> Poll<io::Result<usize>> {
|
||||||
|
Poll::Ready(self.0.write_tls(buf.by_ref()))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<'a> AsyncWrite for Good<'a> {
|
||||||
|
fn poll_write(mut self: Pin<&mut Self>, _cx: &mut Context<'_>, mut buf: &[u8]) -> Poll<io::Result<usize>> {
|
||||||
|
let len = self.0.read_tls(buf.by_ref())?;
|
||||||
|
self.0.process_new_packets()
|
||||||
|
.map_err(|err| io::Error::new(io::ErrorKind::InvalidData, err))?;
|
||||||
|
Poll::Ready(Ok(len))
|
||||||
|
}
|
||||||
|
|
||||||
|
fn poll_flush(mut self: Pin<&mut Self>, _cx: &mut Context<'_>) -> Poll<io::Result<()>> {
|
||||||
|
self.0.process_new_packets()
|
||||||
|
.map_err(|err| io::Error::new(io::ErrorKind::InvalidData, err))?;
|
||||||
|
Poll::Ready(Ok(()))
|
||||||
|
}
|
||||||
|
|
||||||
|
fn poll_shutdown(mut self: Pin<&mut Self>, _cx: &mut Context<'_>) -> Poll<io::Result<()>> {
|
||||||
|
self.0.send_close_notify();
|
||||||
|
Poll::Ready(Ok(()))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
struct Pending;
|
||||||
|
|
||||||
|
impl AsyncRead for Pending {
|
||||||
|
fn poll_read(self: Pin<&mut Self>, _cx: &mut Context<'_>, _: &mut [u8]) -> Poll<io::Result<usize>> {
|
||||||
|
Poll::Pending
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl AsyncWrite for Pending {
|
||||||
|
fn poll_write(self: Pin<&mut Self>, _cx: &mut Context<'_>, _buf: &[u8]) -> Poll<io::Result<usize>> {
|
||||||
|
Poll::Pending
|
||||||
|
}
|
||||||
|
|
||||||
|
fn poll_flush(self: Pin<&mut Self>, _cx: &mut Context<'_>) -> Poll<io::Result<()>> {
|
||||||
|
Poll::Ready(Ok(()))
|
||||||
|
}
|
||||||
|
|
||||||
|
fn poll_shutdown(self: Pin<&mut Self>, _cx: &mut Context<'_>) -> Poll<io::Result<()>> {
|
||||||
|
Poll::Ready(Ok(()))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
struct Eof;
|
||||||
|
|
||||||
|
impl AsyncRead for Eof {
|
||||||
|
fn poll_read(self: Pin<&mut Self>, _cx: &mut Context<'_>, _: &mut [u8]) -> Poll<io::Result<usize>> {
|
||||||
|
Poll::Ready(Ok(0))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl AsyncWrite for Eof {
|
||||||
|
fn poll_write(self: Pin<&mut Self>, _cx: &mut Context<'_>, buf: &[u8]) -> Poll<io::Result<usize>> {
|
||||||
|
Poll::Ready(Ok(buf.len()))
|
||||||
|
}
|
||||||
|
|
||||||
|
fn poll_flush(self: Pin<&mut Self>, _cx: &mut Context<'_>) -> Poll<io::Result<()>> {
|
||||||
|
Poll::Ready(Ok(()))
|
||||||
|
}
|
||||||
|
|
||||||
|
fn poll_shutdown(self: Pin<&mut Self>, _cx: &mut Context<'_>) -> Poll<io::Result<()>> {
|
||||||
|
Poll::Ready(Ok(()))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn stream_good() -> io::Result<()> {
|
||||||
|
const FILE: &'static [u8] = include_bytes!("../../README.md");
|
||||||
|
|
||||||
|
let (mut server, mut client) = make_pair();
|
||||||
|
poll_fn(|cx| do_handshake(&mut client, &mut server, cx)).await?;
|
||||||
|
io::copy(&mut Cursor::new(FILE), &mut server)?;
|
||||||
|
|
||||||
|
{
|
||||||
|
let mut good = Good(&mut server);
|
||||||
|
let mut stream = Stream::new(&mut good, &mut client);
|
||||||
|
|
||||||
|
let mut buf = Vec::new();
|
||||||
|
stream.read_to_end(&mut buf).await?;
|
||||||
|
assert_eq!(buf, FILE);
|
||||||
|
stream.write_all(b"Hello World!").await?;
|
||||||
|
stream.flush().await?;
|
||||||
|
}
|
||||||
|
|
||||||
|
let mut buf = String::new();
|
||||||
|
server.read_to_string(&mut buf)?;
|
||||||
|
assert_eq!(buf, "Hello World!");
|
||||||
|
|
||||||
|
Ok(()) as io::Result<()>
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn stream_bad() -> io::Result<()> {
|
||||||
|
let (mut server, mut client) = make_pair();
|
||||||
|
poll_fn(|cx| do_handshake(&mut client, &mut server, cx)).await?;
|
||||||
|
client.set_buffer_limit(1024);
|
||||||
|
|
||||||
|
let mut bad = Pending;
|
||||||
|
let mut stream = Stream::new(&mut bad, &mut client);
|
||||||
|
assert_eq!(poll_fn(|cx| stream.as_mut_pin().poll_write(cx, &[0x42; 8])).await?, 8);
|
||||||
|
assert_eq!(poll_fn(|cx| stream.as_mut_pin().poll_write(cx, &[0x42; 8])).await?, 8);
|
||||||
|
let r = poll_fn(|cx| stream.as_mut_pin().poll_write(cx, &[0x00; 1024])).await?; // fill buffer
|
||||||
|
assert!(r < 1024);
|
||||||
|
|
||||||
|
let mut cx = Context::from_waker(noop_waker_ref());
|
||||||
|
let ret = stream.as_mut_pin().poll_write(&mut cx, &[0x01]);
|
||||||
|
assert!(ret.is_pending());
|
||||||
|
|
||||||
|
Ok(()) as io::Result<()>
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn stream_handshake() -> io::Result<()> {
|
||||||
|
let (mut server, mut client) = make_pair();
|
||||||
|
|
||||||
|
{
|
||||||
|
let mut good = Good(&mut server);
|
||||||
|
let mut stream = Stream::new(&mut good, &mut client);
|
||||||
|
let (r, w) = poll_fn(|cx| stream.handshake(cx)).await?;
|
||||||
|
|
||||||
|
assert!(r > 0);
|
||||||
|
assert!(w > 0);
|
||||||
|
|
||||||
|
poll_fn(|cx| stream.handshake(cx)).await?; // finish server handshake
|
||||||
|
}
|
||||||
|
|
||||||
|
assert!(!server.is_handshaking());
|
||||||
|
assert!(!client.is_handshaking());
|
||||||
|
|
||||||
|
Ok(()) as io::Result<()>
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn stream_handshake_eof() -> io::Result<()> {
|
||||||
|
let (_, mut client) = make_pair();
|
||||||
|
|
||||||
|
let mut bad = Eof;
|
||||||
|
let mut stream = Stream::new(&mut bad, &mut client);
|
||||||
|
|
||||||
|
let mut cx = Context::from_waker(noop_waker_ref());
|
||||||
|
let r = stream.handshake(&mut cx);
|
||||||
|
assert_eq!(r.map_err(|err| err.kind()), Poll::Ready(Err(io::ErrorKind::UnexpectedEof)));
|
||||||
|
|
||||||
|
Ok(()) as io::Result<()>
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn stream_eof() -> io::Result<()> {
|
||||||
|
let (mut server, mut client) = make_pair();
|
||||||
|
poll_fn(|cx| do_handshake(&mut client, &mut server, cx)).await?;
|
||||||
|
|
||||||
|
let mut good = Good(&mut server);
|
||||||
|
let mut stream = Stream::new(&mut good, &mut client).set_eof(true);
|
||||||
|
|
||||||
|
let mut buf = Vec::new();
|
||||||
|
stream.read_to_end(&mut buf).await?;
|
||||||
|
assert_eq!(buf.len(), 0);
|
||||||
|
|
||||||
|
Ok(()) as io::Result<()>
|
||||||
|
}
|
||||||
|
|
||||||
|
fn make_pair() -> (ServerSession, ClientSession) {
|
||||||
|
const CERT: &str = include_str!("../../tests/end.cert");
|
||||||
|
const CHAIN: &str = include_str!("../../tests/end.chain");
|
||||||
|
const RSA: &str = include_str!("../../tests/end.rsa");
|
||||||
|
|
||||||
|
let cert = certs(&mut BufReader::new(Cursor::new(CERT))).unwrap();
|
||||||
|
let mut keys = rsa_private_keys(&mut BufReader::new(Cursor::new(RSA))).unwrap();
|
||||||
|
let mut sconfig = ServerConfig::new(NoClientAuth::new());
|
||||||
|
sconfig.set_single_cert(cert, keys.pop().unwrap()).unwrap();
|
||||||
|
let server = ServerSession::new(&Arc::new(sconfig));
|
||||||
|
|
||||||
|
let domain = DNSNameRef::try_from_ascii_str("localhost").unwrap();
|
||||||
|
let mut cconfig = ClientConfig::new();
|
||||||
|
let mut chain = BufReader::new(Cursor::new(CHAIN));
|
||||||
|
cconfig.root_store.add_pem_file(&mut chain).unwrap();
|
||||||
|
let client = ClientSession::new(&Arc::new(cconfig), domain);
|
||||||
|
|
||||||
|
(server, client)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn do_handshake(client: &mut ClientSession, server: &mut ServerSession, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
|
||||||
|
let mut good = Good(server);
|
||||||
|
let mut stream = Stream::new(&mut good, client);
|
||||||
|
|
||||||
|
while stream.session.is_handshaking() {
|
||||||
|
ready!(stream.handshake(cx))?;
|
||||||
|
}
|
||||||
|
|
||||||
|
while stream.session.wants_write() {
|
||||||
|
ready!(stream.write_io(cx))?;
|
||||||
|
}
|
||||||
|
|
||||||
|
Poll::Ready(Ok(()))
|
||||||
|
}
|
128
tokio-rustls/src/common/vecbuf.rs
Normal file
128
tokio-rustls/src/common/vecbuf.rs
Normal file
@ -0,0 +1,128 @@
|
|||||||
|
use std::io::IoSlice;
|
||||||
|
use std::cmp::{ self, Ordering };
|
||||||
|
use bytes::Buf;
|
||||||
|
|
||||||
|
|
||||||
|
pub struct VecBuf<'a, 'b: 'a> {
|
||||||
|
pos: usize,
|
||||||
|
cur: usize,
|
||||||
|
inner: &'a [&'b [u8]]
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<'a, 'b> VecBuf<'a, 'b> {
|
||||||
|
pub fn new(vbytes: &'a [&'b [u8]]) -> Self {
|
||||||
|
VecBuf { pos: 0, cur: 0, inner: vbytes }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<'a, 'b> Buf for VecBuf<'a, 'b> {
|
||||||
|
fn remaining(&self) -> usize {
|
||||||
|
let sum = self.inner
|
||||||
|
.iter()
|
||||||
|
.skip(self.pos)
|
||||||
|
.map(|bytes| bytes.len())
|
||||||
|
.sum::<usize>();
|
||||||
|
sum - self.cur
|
||||||
|
}
|
||||||
|
|
||||||
|
fn bytes(&self) -> &[u8] {
|
||||||
|
&self.inner[self.pos][self.cur..]
|
||||||
|
}
|
||||||
|
|
||||||
|
fn advance(&mut self, cnt: usize) {
|
||||||
|
let current = self.inner[self.pos].len();
|
||||||
|
match (self.cur + cnt).cmp(¤t) {
|
||||||
|
Ordering::Equal => if self.pos + 1 < self.inner.len() {
|
||||||
|
self.pos += 1;
|
||||||
|
self.cur = 0;
|
||||||
|
} else {
|
||||||
|
self.cur += cnt;
|
||||||
|
},
|
||||||
|
Ordering::Greater => {
|
||||||
|
if self.pos + 1 < self.inner.len() {
|
||||||
|
self.pos += 1;
|
||||||
|
}
|
||||||
|
let remaining = self.cur + cnt - current;
|
||||||
|
self.advance(remaining);
|
||||||
|
},
|
||||||
|
Ordering::Less => self.cur += cnt,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[allow(clippy::needless_range_loop)]
|
||||||
|
fn bytes_vectored<'c>(&'c self, dst: &mut [IoSlice<'c>]) -> usize {
|
||||||
|
let len = cmp::min(self.inner.len() - self.pos, dst.len());
|
||||||
|
|
||||||
|
if len > 0 {
|
||||||
|
dst[0] = IoSlice::new(self.bytes());
|
||||||
|
}
|
||||||
|
|
||||||
|
for i in 1..len {
|
||||||
|
dst[i] = IoSlice::new(&self.inner[self.pos + i]);
|
||||||
|
}
|
||||||
|
|
||||||
|
len
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
mod test_vecbuf {
|
||||||
|
use super::*;
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_fresh_cursor_vec() {
|
||||||
|
let mut buf = VecBuf::new(&[b"he", b"llo"]);
|
||||||
|
|
||||||
|
assert_eq!(buf.remaining(), 5);
|
||||||
|
assert_eq!(buf.bytes(), b"he");
|
||||||
|
|
||||||
|
buf.advance(1);
|
||||||
|
|
||||||
|
assert_eq!(buf.remaining(), 4);
|
||||||
|
assert_eq!(buf.bytes(), b"e");
|
||||||
|
|
||||||
|
buf.advance(1);
|
||||||
|
|
||||||
|
assert_eq!(buf.remaining(), 3);
|
||||||
|
assert_eq!(buf.bytes(), b"llo");
|
||||||
|
|
||||||
|
buf.advance(3);
|
||||||
|
|
||||||
|
assert_eq!(buf.remaining(), 0);
|
||||||
|
assert_eq!(buf.bytes(), b"");
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_get_u8() {
|
||||||
|
let mut buf = VecBuf::new(&[b"\x21z", b"omg"]);
|
||||||
|
assert_eq!(0x21, buf.get_u8());
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_get_u16() {
|
||||||
|
let mut buf = VecBuf::new(&[b"\x21\x54z", b"omg"]);
|
||||||
|
assert_eq!(0x2154, buf.get_u16());
|
||||||
|
let mut buf = VecBuf::new(&[b"\x21\x54z", b"omg"]);
|
||||||
|
assert_eq!(0x5421, buf.get_u16_le());
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
#[should_panic]
|
||||||
|
fn test_get_u16_buffer_underflow() {
|
||||||
|
let mut buf = VecBuf::new(&[b"\x21"]);
|
||||||
|
buf.get_u16();
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_bufs_vec() {
|
||||||
|
let buf = VecBuf::new(&[b"he", b"llo"]);
|
||||||
|
|
||||||
|
let b1: &[u8] = &mut [0];
|
||||||
|
let b2: &[u8] = &mut [0];
|
||||||
|
|
||||||
|
let mut dst: [IoSlice; 2] =
|
||||||
|
[IoSlice::new(b1), IoSlice::new(b2)];
|
||||||
|
|
||||||
|
assert_eq!(2, buf.bytes_vectored(&mut dst[..]));
|
||||||
|
}
|
||||||
|
}
|
316
tokio-rustls/src/lib.rs
Normal file
316
tokio-rustls/src/lib.rs
Normal file
@ -0,0 +1,316 @@
|
|||||||
|
//! Asynchronous TLS/SSL streams for Tokio using [Rustls](https://github.com/ctz/rustls).
|
||||||
|
|
||||||
|
mod common;
|
||||||
|
pub mod client;
|
||||||
|
pub mod server;
|
||||||
|
|
||||||
|
use std::io;
|
||||||
|
use std::pin::Pin;
|
||||||
|
use std::sync::Arc;
|
||||||
|
use std::future::Future;
|
||||||
|
use std::task::{ Context, Poll };
|
||||||
|
use futures_core::future::FusedFuture;
|
||||||
|
use tokio::io::{ AsyncRead, AsyncWrite };
|
||||||
|
use webpki::DNSNameRef;
|
||||||
|
use rustls::{ ClientConfig, ClientSession, ServerConfig, ServerSession, Session };
|
||||||
|
use common::{ Stream, TlsState, MidHandshake };
|
||||||
|
|
||||||
|
pub use rustls;
|
||||||
|
pub use webpki;
|
||||||
|
|
||||||
|
/// A wrapper around a `rustls::ClientConfig`, providing an async `connect` method.
|
||||||
|
#[derive(Clone)]
|
||||||
|
pub struct TlsConnector {
|
||||||
|
inner: Arc<ClientConfig>,
|
||||||
|
#[cfg(feature = "early-data")]
|
||||||
|
early_data: bool,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// A wrapper around a `rustls::ServerConfig`, providing an async `accept` method.
|
||||||
|
#[derive(Clone)]
|
||||||
|
pub struct TlsAcceptor {
|
||||||
|
inner: Arc<ServerConfig>,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl From<Arc<ClientConfig>> for TlsConnector {
|
||||||
|
fn from(inner: Arc<ClientConfig>) -> TlsConnector {
|
||||||
|
TlsConnector {
|
||||||
|
inner,
|
||||||
|
#[cfg(feature = "early-data")]
|
||||||
|
early_data: false,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl From<Arc<ServerConfig>> for TlsAcceptor {
|
||||||
|
fn from(inner: Arc<ServerConfig>) -> TlsAcceptor {
|
||||||
|
TlsAcceptor { inner }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl TlsConnector {
|
||||||
|
/// Enable 0-RTT.
|
||||||
|
///
|
||||||
|
/// If you want to use 0-RTT,
|
||||||
|
/// You must also set `ClientConfig.enable_early_data` to `true`.
|
||||||
|
#[cfg(feature = "early-data")]
|
||||||
|
pub fn early_data(mut self, flag: bool) -> TlsConnector {
|
||||||
|
self.early_data = flag;
|
||||||
|
self
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
pub fn connect<IO>(&self, domain: DNSNameRef, stream: IO) -> Connect<IO>
|
||||||
|
where
|
||||||
|
IO: AsyncRead + AsyncWrite + Unpin,
|
||||||
|
{
|
||||||
|
self.connect_with(domain, stream, |_| ())
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn connect_with<IO, F>(&self, domain: DNSNameRef, stream: IO, f: F) -> Connect<IO>
|
||||||
|
where
|
||||||
|
IO: AsyncRead + AsyncWrite + Unpin,
|
||||||
|
F: FnOnce(&mut ClientSession),
|
||||||
|
{
|
||||||
|
let mut session = ClientSession::new(&self.inner, domain);
|
||||||
|
f(&mut session);
|
||||||
|
|
||||||
|
Connect(MidHandshake::Handshaking(client::TlsStream {
|
||||||
|
io: stream,
|
||||||
|
|
||||||
|
#[cfg(not(feature = "early-data"))]
|
||||||
|
state: TlsState::Stream,
|
||||||
|
|
||||||
|
#[cfg(feature = "early-data")]
|
||||||
|
state: if self.early_data && session.early_data().is_some() {
|
||||||
|
TlsState::EarlyData(0, Vec::new())
|
||||||
|
} else {
|
||||||
|
TlsState::Stream
|
||||||
|
},
|
||||||
|
|
||||||
|
session
|
||||||
|
}))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl TlsAcceptor {
|
||||||
|
#[inline]
|
||||||
|
pub fn accept<IO>(&self, stream: IO) -> Accept<IO>
|
||||||
|
where
|
||||||
|
IO: AsyncRead + AsyncWrite + Unpin,
|
||||||
|
{
|
||||||
|
self.accept_with(stream, |_| ())
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn accept_with<IO, F>(&self, stream: IO, f: F) -> Accept<IO>
|
||||||
|
where
|
||||||
|
IO: AsyncRead + AsyncWrite + Unpin,
|
||||||
|
F: FnOnce(&mut ServerSession),
|
||||||
|
{
|
||||||
|
let mut session = ServerSession::new(&self.inner);
|
||||||
|
f(&mut session);
|
||||||
|
|
||||||
|
Accept(MidHandshake::Handshaking(server::TlsStream {
|
||||||
|
session,
|
||||||
|
io: stream,
|
||||||
|
state: TlsState::Stream,
|
||||||
|
}))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Future returned from `TlsConnector::connect` which will resolve
|
||||||
|
/// once the connection handshake has finished.
|
||||||
|
pub struct Connect<IO>(MidHandshake<client::TlsStream<IO>>);
|
||||||
|
|
||||||
|
/// Future returned from `TlsAcceptor::accept` which will resolve
|
||||||
|
/// once the accept handshake has finished.
|
||||||
|
pub struct Accept<IO>(MidHandshake<server::TlsStream<IO>>);
|
||||||
|
|
||||||
|
/// Like [Connect], but returns `IO` on failure.
|
||||||
|
pub struct FailableConnect<IO>(MidHandshake<client::TlsStream<IO>>);
|
||||||
|
|
||||||
|
/// Like [Accept], but returns `IO` on failure.
|
||||||
|
pub struct FailableAccept<IO>(MidHandshake<server::TlsStream<IO>>);
|
||||||
|
|
||||||
|
impl<IO> Connect<IO> {
|
||||||
|
#[inline]
|
||||||
|
pub fn into_failable(self) -> FailableConnect<IO> {
|
||||||
|
FailableConnect(self.0)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO> Accept<IO> {
|
||||||
|
#[inline]
|
||||||
|
pub fn into_failable(self) -> FailableAccept<IO> {
|
||||||
|
FailableAccept(self.0)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO: AsyncRead + AsyncWrite + Unpin> Future for Connect<IO> {
|
||||||
|
type Output = io::Result<client::TlsStream<IO>>;
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
|
||||||
|
Pin::new(&mut self.0)
|
||||||
|
.poll(cx)
|
||||||
|
.map_err(|(err, _)| err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO: AsyncRead + AsyncWrite + Unpin> FusedFuture for Connect<IO> {
|
||||||
|
#[inline]
|
||||||
|
fn is_terminated(&self) -> bool {
|
||||||
|
self.0.is_terminated()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO: AsyncRead + AsyncWrite + Unpin> Future for Accept<IO> {
|
||||||
|
type Output = io::Result<server::TlsStream<IO>>;
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
|
||||||
|
Pin::new(&mut self.0)
|
||||||
|
.poll(cx)
|
||||||
|
.map_err(|(err, _)| err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO: AsyncRead + AsyncWrite + Unpin> FusedFuture for Accept<IO> {
|
||||||
|
#[inline]
|
||||||
|
fn is_terminated(&self) -> bool {
|
||||||
|
self.0.is_terminated()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO: AsyncRead + AsyncWrite + Unpin> Future for FailableConnect<IO> {
|
||||||
|
type Output = Result<client::TlsStream<IO>, (io::Error, IO)>;
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
|
||||||
|
Pin::new(&mut self.0).poll(cx)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO: AsyncRead + AsyncWrite + Unpin> FusedFuture for FailableConnect<IO> {
|
||||||
|
#[inline]
|
||||||
|
fn is_terminated(&self) -> bool {
|
||||||
|
self.0.is_terminated()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO: AsyncRead + AsyncWrite + Unpin> Future for FailableAccept<IO> {
|
||||||
|
type Output = Result<server::TlsStream<IO>, (io::Error, IO)>;
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
|
||||||
|
Pin::new(&mut self.0).poll(cx)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO: AsyncRead + AsyncWrite + Unpin> FusedFuture for FailableAccept<IO> {
|
||||||
|
#[inline]
|
||||||
|
fn is_terminated(&self) -> bool {
|
||||||
|
self.0.is_terminated()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Unified TLS stream type
|
||||||
|
///
|
||||||
|
/// This abstracts over the inner `client::TlsStream` and `server::TlsStream`, so you can use
|
||||||
|
/// a single type to keep both client- and server-initiated TLS-encrypted connections.
|
||||||
|
pub enum TlsStream<T> {
|
||||||
|
Client(client::TlsStream<T>),
|
||||||
|
Server(server::TlsStream<T>),
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<T> TlsStream<T> {
|
||||||
|
pub fn get_ref(&self) -> (&T, &dyn Session) {
|
||||||
|
use TlsStream::*;
|
||||||
|
match self {
|
||||||
|
Client(io) => {
|
||||||
|
let (io, session) = io.get_ref();
|
||||||
|
(io, &*session)
|
||||||
|
}
|
||||||
|
Server(io) => {
|
||||||
|
let (io, session) = io.get_ref();
|
||||||
|
(io, &*session)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn get_mut(&mut self) -> (&mut T, &mut dyn Session) {
|
||||||
|
use TlsStream::*;
|
||||||
|
match self {
|
||||||
|
Client(io) => {
|
||||||
|
let (io, session) = io.get_mut();
|
||||||
|
(io, &mut *session)
|
||||||
|
}
|
||||||
|
Server(io) => {
|
||||||
|
let (io, session) = io.get_mut();
|
||||||
|
(io, &mut *session)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<T> From<client::TlsStream<T>> for TlsStream<T> {
|
||||||
|
fn from(s: client::TlsStream<T>) -> Self {
|
||||||
|
Self::Client(s)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<T> From<server::TlsStream<T>> for TlsStream<T> {
|
||||||
|
fn from(s: server::TlsStream<T>) -> Self {
|
||||||
|
Self::Server(s)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<T> AsyncRead for TlsStream<T>
|
||||||
|
where
|
||||||
|
T: AsyncRead + AsyncWrite + Unpin,
|
||||||
|
{
|
||||||
|
#[inline]
|
||||||
|
fn poll_read(
|
||||||
|
self: Pin<&mut Self>,
|
||||||
|
cx: &mut Context<'_>,
|
||||||
|
buf: &mut [u8],
|
||||||
|
) -> Poll<io::Result<usize>> {
|
||||||
|
match self.get_mut() {
|
||||||
|
TlsStream::Client(x) => Pin::new(x).poll_read(cx, buf),
|
||||||
|
TlsStream::Server(x) => Pin::new(x).poll_read(cx, buf),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<T> AsyncWrite for TlsStream<T>
|
||||||
|
where
|
||||||
|
T: AsyncRead + AsyncWrite + Unpin,
|
||||||
|
{
|
||||||
|
#[inline]
|
||||||
|
fn poll_write(
|
||||||
|
self: Pin<&mut Self>,
|
||||||
|
cx: &mut Context<'_>,
|
||||||
|
buf: &[u8],
|
||||||
|
) -> Poll<io::Result<usize>> {
|
||||||
|
match self.get_mut() {
|
||||||
|
TlsStream::Client(x) => Pin::new(x).poll_write(cx, buf),
|
||||||
|
TlsStream::Server(x) => Pin::new(x).poll_write(cx, buf),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn poll_flush(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
|
||||||
|
match self.get_mut() {
|
||||||
|
TlsStream::Client(x) => Pin::new(x).poll_flush(cx),
|
||||||
|
TlsStream::Server(x) => Pin::new(x).poll_flush(cx),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn poll_shutdown(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
|
||||||
|
match self.get_mut() {
|
||||||
|
TlsStream::Client(x) => Pin::new(x).poll_shutdown(cx),
|
||||||
|
TlsStream::Server(x) => Pin::new(x).poll_shutdown(cx),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
124
tokio-rustls/src/server.rs
Normal file
124
tokio-rustls/src/server.rs
Normal file
@ -0,0 +1,124 @@
|
|||||||
|
use super::*;
|
||||||
|
use rustls::Session;
|
||||||
|
use crate::common::IoSession;
|
||||||
|
|
||||||
|
/// A wrapper around an underlying raw stream which implements the TLS or SSL
|
||||||
|
/// protocol.
|
||||||
|
#[derive(Debug)]
|
||||||
|
pub struct TlsStream<IO> {
|
||||||
|
pub(crate) io: IO,
|
||||||
|
pub(crate) session: ServerSession,
|
||||||
|
pub(crate) state: TlsState,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO> TlsStream<IO> {
|
||||||
|
#[inline]
|
||||||
|
pub fn get_ref(&self) -> (&IO, &ServerSession) {
|
||||||
|
(&self.io, &self.session)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
pub fn get_mut(&mut self) -> (&mut IO, &mut ServerSession) {
|
||||||
|
(&mut self.io, &mut self.session)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
pub fn into_inner(self) -> (IO, ServerSession) {
|
||||||
|
(self.io, self.session)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO> IoSession for TlsStream<IO> {
|
||||||
|
type Io = IO;
|
||||||
|
type Session = ServerSession;
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn skip_handshake(&self) -> bool {
|
||||||
|
false
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn get_mut(&mut self) -> (&mut TlsState, &mut Self::Io, &mut Self::Session) {
|
||||||
|
(&mut self.state, &mut self.io, &mut self.session)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn into_io(self) -> Self::Io {
|
||||||
|
self.io
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO> AsyncRead for TlsStream<IO>
|
||||||
|
where
|
||||||
|
IO: AsyncRead + AsyncWrite + Unpin,
|
||||||
|
{
|
||||||
|
#[cfg(feature = "unstable")]
|
||||||
|
unsafe fn prepare_uninitialized_buffer(&self, _buf: &mut [std::mem::MaybeUninit<u8>]) -> bool {
|
||||||
|
// TODO
|
||||||
|
//
|
||||||
|
// https://doc.rust-lang.org/nightly/std/io/trait.Read.html#method.initializer
|
||||||
|
false
|
||||||
|
}
|
||||||
|
|
||||||
|
fn poll_read(self: Pin<&mut Self>, cx: &mut Context<'_>, buf: &mut [u8]) -> Poll<io::Result<usize>> {
|
||||||
|
let this = self.get_mut();
|
||||||
|
let mut stream = Stream::new(&mut this.io, &mut this.session)
|
||||||
|
.set_eof(!this.state.readable());
|
||||||
|
|
||||||
|
match &this.state {
|
||||||
|
TlsState::Stream | TlsState::WriteShutdown => match stream.as_mut_pin().poll_read(cx, buf) {
|
||||||
|
Poll::Ready(Ok(0)) => {
|
||||||
|
this.state.shutdown_read();
|
||||||
|
Poll::Ready(Ok(0))
|
||||||
|
}
|
||||||
|
Poll::Ready(Ok(n)) => Poll::Ready(Ok(n)),
|
||||||
|
Poll::Ready(Err(ref err)) if err.kind() == io::ErrorKind::ConnectionAborted => {
|
||||||
|
this.state.shutdown_read();
|
||||||
|
if this.state.writeable() {
|
||||||
|
stream.session.send_close_notify();
|
||||||
|
this.state.shutdown_write();
|
||||||
|
}
|
||||||
|
Poll::Ready(Ok(0))
|
||||||
|
}
|
||||||
|
Poll::Ready(Err(e)) => Poll::Ready(Err(e)),
|
||||||
|
Poll::Pending => Poll::Pending
|
||||||
|
},
|
||||||
|
TlsState::ReadShutdown | TlsState::FullyShutdown => Poll::Ready(Ok(0)),
|
||||||
|
#[cfg(feature = "early-data")]
|
||||||
|
s => unreachable!("server TLS can not hit this state: {:?}", s),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<IO> AsyncWrite for TlsStream<IO>
|
||||||
|
where
|
||||||
|
IO: AsyncRead + AsyncWrite + Unpin,
|
||||||
|
{
|
||||||
|
/// Note: that it does not guarantee the final data to be sent.
|
||||||
|
/// To be cautious, you must manually call `flush`.
|
||||||
|
fn poll_write(self: Pin<&mut Self>, cx: &mut Context<'_>, buf: &[u8]) -> Poll<io::Result<usize>> {
|
||||||
|
let this = self.get_mut();
|
||||||
|
let mut stream = Stream::new(&mut this.io, &mut this.session)
|
||||||
|
.set_eof(!this.state.readable());
|
||||||
|
stream.as_mut_pin().poll_write(cx, buf)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn poll_flush(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
|
||||||
|
let this = self.get_mut();
|
||||||
|
let mut stream = Stream::new(&mut this.io, &mut this.session)
|
||||||
|
.set_eof(!this.state.readable());
|
||||||
|
stream.as_mut_pin().poll_flush(cx)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn poll_shutdown(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
|
||||||
|
if self.state.writeable() {
|
||||||
|
self.session.send_close_notify();
|
||||||
|
self.state.shutdown_write();
|
||||||
|
}
|
||||||
|
|
||||||
|
let this = self.get_mut();
|
||||||
|
let mut stream = Stream::new(&mut this.io, &mut this.session)
|
||||||
|
.set_eof(!this.state.readable());
|
||||||
|
stream.as_mut_pin().poll_shutdown(cx)
|
||||||
|
}
|
||||||
|
}
|
63
tokio-rustls/tests/badssl.rs
Normal file
63
tokio-rustls/tests/badssl.rs
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
use std::io;
|
||||||
|
use std::sync::Arc;
|
||||||
|
use std::net::ToSocketAddrs;
|
||||||
|
use tokio::prelude::*;
|
||||||
|
use tokio::net::TcpStream;
|
||||||
|
use rustls::ClientConfig;
|
||||||
|
use tokio_rustls::{ TlsConnector, client::TlsStream };
|
||||||
|
|
||||||
|
|
||||||
|
async fn get(config: Arc<ClientConfig>, domain: &str, port: u16)
|
||||||
|
-> io::Result<(TlsStream<TcpStream>, String)>
|
||||||
|
{
|
||||||
|
let connector = TlsConnector::from(config);
|
||||||
|
let input = format!("GET / HTTP/1.0\r\nHost: {}\r\n\r\n", domain);
|
||||||
|
|
||||||
|
let addr = (domain, port)
|
||||||
|
.to_socket_addrs()?
|
||||||
|
.next().unwrap();
|
||||||
|
let domain = webpki::DNSNameRef::try_from_ascii_str(&domain).unwrap();
|
||||||
|
let mut buf = Vec::new();
|
||||||
|
|
||||||
|
let stream = TcpStream::connect(&addr).await?;
|
||||||
|
let mut stream = connector.connect(domain, stream).await?;
|
||||||
|
stream.write_all(input.as_bytes()).await?;
|
||||||
|
stream.flush().await?;
|
||||||
|
stream.read_to_end(&mut buf).await?;
|
||||||
|
|
||||||
|
Ok((stream, String::from_utf8(buf).unwrap()))
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn test_tls12() -> io::Result<()> {
|
||||||
|
let mut config = ClientConfig::new();
|
||||||
|
config.root_store.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
|
||||||
|
config.versions = vec![rustls::ProtocolVersion::TLSv1_2];
|
||||||
|
let config = Arc::new(config);
|
||||||
|
let domain = "tls-v1-2.badssl.com";
|
||||||
|
|
||||||
|
let (_, output) = get(config.clone(), domain, 1012).await?;
|
||||||
|
assert!(output.contains("<title>tls-v1-2.badssl.com</title>"));
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
#[ignore]
|
||||||
|
#[should_panic]
|
||||||
|
#[test]
|
||||||
|
fn test_tls13() {
|
||||||
|
unimplemented!("todo https://github.com/chromium/badssl.com/pull/373");
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn test_modern() -> io::Result<()> {
|
||||||
|
let mut config = ClientConfig::new();
|
||||||
|
config.root_store.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
|
||||||
|
let config = Arc::new(config);
|
||||||
|
let domain = "mozilla-modern.badssl.com";
|
||||||
|
|
||||||
|
let (_, output) = get(config.clone(), domain, 443).await?;
|
||||||
|
assert!(output.contains("<title>mozilla-modern.badssl.com</title>"));
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
120
tokio-rustls/tests/early-data.rs
Normal file
120
tokio-rustls/tests/early-data.rs
Normal file
@ -0,0 +1,120 @@
|
|||||||
|
#![cfg(feature = "early-data")]
|
||||||
|
|
||||||
|
use std::io::{ self, BufReader, BufRead, Cursor };
|
||||||
|
use std::process::{ Command, Child, Stdio };
|
||||||
|
use std::net::SocketAddr;
|
||||||
|
use std::sync::Arc;
|
||||||
|
use std::marker::Unpin;
|
||||||
|
use std::pin::{ Pin };
|
||||||
|
use std::task::{ Context, Poll };
|
||||||
|
use std::time::Duration;
|
||||||
|
use tokio::prelude::*;
|
||||||
|
use tokio::net::TcpStream;
|
||||||
|
use tokio::time::delay_for;
|
||||||
|
use futures_util::{ future, ready };
|
||||||
|
use rustls::ClientConfig;
|
||||||
|
use tokio_rustls::{ TlsConnector, client::TlsStream };
|
||||||
|
use std::future::Future;
|
||||||
|
|
||||||
|
|
||||||
|
struct Read1<T>(T);
|
||||||
|
|
||||||
|
impl<T: AsyncRead + Unpin> Future for Read1<T> {
|
||||||
|
type Output = io::Result<()>;
|
||||||
|
|
||||||
|
fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
|
||||||
|
let mut buf = [0];
|
||||||
|
ready!(Pin::new(&mut self.0).poll_read(cx, &mut buf))?;
|
||||||
|
Poll::Pending
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn send(config: Arc<ClientConfig>, addr: SocketAddr, data: &[u8])
|
||||||
|
-> io::Result<TlsStream<TcpStream>>
|
||||||
|
{
|
||||||
|
let connector = TlsConnector::from(config)
|
||||||
|
.early_data(true);
|
||||||
|
let stream = TcpStream::connect(&addr).await?;
|
||||||
|
let domain = webpki::DNSNameRef::try_from_ascii_str("testserver.com").unwrap();
|
||||||
|
|
||||||
|
let mut stream = connector.connect(domain, stream).await?;
|
||||||
|
stream.write_all(data).await?;
|
||||||
|
stream.flush().await?;
|
||||||
|
|
||||||
|
// sleep 1s
|
||||||
|
//
|
||||||
|
// see https://www.mail-archive.com/openssl-users@openssl.org/msg84451.html
|
||||||
|
let sleep1 = delay_for(Duration::from_secs(1));
|
||||||
|
let mut stream = match future::select(Read1(stream), sleep1).await {
|
||||||
|
future::Either::Right((_, Read1(stream))) => stream,
|
||||||
|
future::Either::Left((Err(err), _)) => return Err(err),
|
||||||
|
future::Either::Left((Ok(_), _)) => unreachable!(),
|
||||||
|
};
|
||||||
|
|
||||||
|
stream.shutdown().await?;
|
||||||
|
|
||||||
|
Ok(stream)
|
||||||
|
}
|
||||||
|
|
||||||
|
struct DropKill(Child);
|
||||||
|
|
||||||
|
impl Drop for DropKill {
|
||||||
|
fn drop(&mut self) {
|
||||||
|
self.0.kill().unwrap();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn test_0rtt() -> io::Result<()> {
|
||||||
|
let mut handle = Command::new("openssl")
|
||||||
|
.arg("s_server")
|
||||||
|
.arg("-early_data")
|
||||||
|
.arg("-tls1_3")
|
||||||
|
.args(&["-cert", "./tests/end.cert"])
|
||||||
|
.args(&["-key", "./tests/end.rsa"])
|
||||||
|
.args(&["-port", "12354"])
|
||||||
|
.stdout(Stdio::piped())
|
||||||
|
.spawn()
|
||||||
|
.map(DropKill)?;
|
||||||
|
|
||||||
|
// wait openssl server
|
||||||
|
delay_for(Duration::from_secs(1)).await;
|
||||||
|
|
||||||
|
let mut config = ClientConfig::new();
|
||||||
|
let mut chain = BufReader::new(Cursor::new(include_str!("end.chain")));
|
||||||
|
config.root_store.add_pem_file(&mut chain).unwrap();
|
||||||
|
config.versions = vec![rustls::ProtocolVersion::TLSv1_3];
|
||||||
|
config.enable_early_data = true;
|
||||||
|
let config = Arc::new(config);
|
||||||
|
let addr = SocketAddr::from(([127, 0, 0, 1], 12354));
|
||||||
|
|
||||||
|
let io = send(config.clone(), addr, b"hello").await?;
|
||||||
|
assert!(!io.get_ref().1.is_early_data_accepted());
|
||||||
|
|
||||||
|
let io = send(config, addr, b"world!").await?;
|
||||||
|
assert!(io.get_ref().1.is_early_data_accepted());
|
||||||
|
|
||||||
|
let stdout = handle.0.stdout.as_mut().unwrap();
|
||||||
|
let mut lines = BufReader::new(stdout).lines();
|
||||||
|
|
||||||
|
let mut f1 = false;
|
||||||
|
let mut f2 = false;
|
||||||
|
|
||||||
|
for line in lines.by_ref() {
|
||||||
|
if line?.contains("hello") {
|
||||||
|
f1 = true;
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
for line in lines.by_ref() {
|
||||||
|
if line?.contains("world!") {
|
||||||
|
f2 = true;
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
assert!(f1 && f2);
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
24
tokio-rustls/tests/end.cert
Normal file
24
tokio-rustls/tests/end.cert
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIEADCCAmigAwIBAgICAcgwDQYJKoZIhvcNAQELBQAwLDEqMCgGA1UEAwwhcG9u
|
||||||
|
eXRvd24gUlNBIGxldmVsIDIgaW50ZXJtZWRpYXRlMB4XDTE2MTIxMDE3NDIzM1oX
|
||||||
|
DTIyMDYwMjE3NDIzM1owGTEXMBUGA1UEAwwOdGVzdHNlcnZlci5jb20wggEiMA0G
|
||||||
|
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1YDz66+7VD4DL1+/sVHMQ+BbDRgmD
|
||||||
|
OQlX++mfW8D3QNQm/qDBEbu7T7qqdc9GKDar4WIzBN8SBkzM1EjMGwNnZPV/Tfz0
|
||||||
|
qUAR1L/7Zzf1GaFZvWXgksyUpfwvmprH3Iy/dpkETwtPthpTPNlui3hZnm/5kkjR
|
||||||
|
RWg9HmID4O04Ld6SK313v2ZgrPZbkKvbqlqhUnYWjL3blKVGbpXIsuZzEU9Ph+gH
|
||||||
|
tPcEhZpFsM6eLe+2TVscIrycMEOTXqAAmO6zZ9sQWtfllu3CElm904H6+jA/9Leg
|
||||||
|
al72pMmkYr8wWniqDDuijXuCPlVx5EDFFyxBmW18UeDEQaKV3kNfelaTAgMBAAGj
|
||||||
|
gb4wgbswDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFIYhJkVy
|
||||||
|
AAKT6cY/ruH1Eu+NNxteMEIGA1UdIwQ7MDmAFNwuPy4Do//Sm5CZDrocHWTrNr96
|
||||||
|
oR6kHDAaMRgwFgYDVQQDDA9wb255dG93biBSU0EgQ0GCAXswOwYDVR0RBDQwMoIO
|
||||||
|
dGVzdHNlcnZlci5jb22CFXNlY29uZC50ZXN0c2VydmVyLmNvbYIJbG9jYWxob3N0
|
||||||
|
MA0GCSqGSIb3DQEBCwUAA4IBgQCWV76jfQDZKtfmj45fTwZzoe/PxjWPRbAvSEnt
|
||||||
|
LRHrPhqQfpMLqpun8uu/w86mHiR/AmiAySMu3zivW6wfGzlRWLi/zCyO6r9LGsgH
|
||||||
|
bNk5CF642cdZFvn1SiSm1oGXQrolIpcyXu88nUpt74RnY4ETCC1dRQKqxsYufe5T
|
||||||
|
DOmTm3ChinNW4QRG3yvW6DVuyxVAgZvofyKJOsM3GO6oogIM41aBqZ3UTwmIwp6D
|
||||||
|
oISdiATslFOzYzjnyXNR8DG8OOkv1ehWuyb8x+hQCZAuogQOWYtCSd6k3kKgd0EM
|
||||||
|
4CWbt1XDV9ZJwBf2uxZeKuCu/KIy9auNtijAwPsUv9qxuzko018zhl3lWm5p2Sqw
|
||||||
|
O7fFshU3A6df8hMw7ST6/tgFY7geT88U4iJhfWMwr/CZSRSVMXhTyJgbLIXxKYZj
|
||||||
|
Ym5v4NAIQP6hI4HixzQaYgrhW6YX6myk+emMjQLRJHT8uHvmT7fuxMJVWWgsCkr1
|
||||||
|
C75pRQEagykN/Uzr5e6Tm8sVu88=
|
||||||
|
-----END CERTIFICATE-----
|
89
tokio-rustls/tests/end.chain
Normal file
89
tokio-rustls/tests/end.chain
Normal file
@ -0,0 +1,89 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIGnzCCAoegAwIBAgIBezANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9wb255
|
||||||
|
dG93biBSU0EgQ0EwHhcNMTYxMjEwMTc0MjMzWhcNMjYxMjA4MTc0MjMzWjAsMSow
|
||||||
|
KAYDVQQDDCFwb255dG93biBSU0EgbGV2ZWwgMiBpbnRlcm1lZGlhdGUwggGiMA0G
|
||||||
|
CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDnfb7vaJbaHEyVTflswWhmHqx5W0NO
|
||||||
|
KyKbDp2zXEJwDO+NDJq6i1HGnFd/vO4LyjJBU1wUsKtE+m55cfRmUHVuZ2w4n/VF
|
||||||
|
p7Z7n+SNuvJNcrzDxyKVy4GIZ39zQePnniqtLqXh6eI8Ow6jiMgVxC/wbWcVLKv6
|
||||||
|
4RM+2fLjJAC9b27QfjhOlMKVeMOEvPrrpjLSauaHAktQPhuzIAwzxM0+KnvDkWWy
|
||||||
|
NVqAV/lq6fSO/9vJRhM4E2nxo6yqi7qTdxVxMmKsNn7L6HvjQgx+FXziAUs55Qd9
|
||||||
|
cP7etCmPmoefkcgdbxDOIKH8D+DvfacZwngqcnr/q96Ff4uJ13d2OzR1mWVSZ2hE
|
||||||
|
JQt/BbZBANciqu9OZf3dj6uOOXgFF705ak0GfLtpZpc29M+fVnknXPDSiKFqjzOO
|
||||||
|
KL+SRGyuNc9ZYjBKkXPJ1OToAs6JSvgDxfOfX0thuo2rslqfpj2qCFugsRIRAqvb
|
||||||
|
eyFwg+BPM/P/EfauXlAcQtBF04fOi7xN2okCAwEAAaNeMFwwHQYDVR0OBBYEFNwu
|
||||||
|
Py4Do//Sm5CZDrocHWTrNr96MCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEF
|
||||||
|
BQcDAjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB/jANBgkqhkiG9w0BAQsFAAOC
|
||||||
|
BAEAMHZpBqDIUAVFZNw4XbuimXQ4K8q4uePrLGHLb4F/gHbr8kYrU4H+cy4l+xXf
|
||||||
|
2dlEBdZoqjSF7uXzQg5Fd8Ff3ZgutXd1xeUJnxo0VdpKIhqeaTPqhffC2X6FQQH5
|
||||||
|
KrN7NVWQSnUhPNpBFELpmdpY1lHigFW7nytYj0C6VJ4QsbqhfW+n/t+Zgqtfh/Od
|
||||||
|
ZbclzxFwMM55zRA2HP6IwXS2+d61Jk/RpDHTzhWdjGH4906zGNNMa7slHpCTA9Ju
|
||||||
|
TrtjEAGt2PBSievBJOHZW80KVAoEX2n9B3ZABaz+uX0VVZG0D2FwhPpUeA57YiXu
|
||||||
|
qiktZR4Ankph3LabXp4IlAX16qpYsEW8TWE/HLreeqoM0WDoI6rF9qnTpV2KWqBf
|
||||||
|
ziMYkfSkT7hQ2bWc493lW+QwSxCsuBsDwlrCwAl6jFSf1+jEQx98/8n9rDNyD9dL
|
||||||
|
PvECmtF30WY98nwZ9/kO2DufQrd0mwSHcIT0pAwl5fimpkwTjj+TTbytO3M4jK5L
|
||||||
|
tuIzsViQ95BmJQ3XuLdkQ/Ug8rpECYRX5fQX1qXkkvl920ohpKqKyEji1OmfmJ0Z
|
||||||
|
tZChaEcu3Mp3U+gD4az2ogmle3i/Phz8ZEPFo4/21G5Qd72z0lBgaQIeyyCk5MHt
|
||||||
|
Yg0vA7X0/w4bz+OJv5tf7zJsPCYSprr+c/7YUJk9Fqu6+g9ZAavI99xFKdGhz4Og
|
||||||
|
w0trnKNCxYc6+NPopTDbXuY+fo4DK7C0CSae5sKs7013Ne6w4KvgfLKpvlemkGfg
|
||||||
|
ZA3+1FMXVfFIEH7Cw9cx6F02Sr3k1VrU68oM3wH5nvTUkELOf8nRMlzliQjVCpKB
|
||||||
|
yFSe9dzRVSFEbMDxChiEulGgNUHj/6wwpg0ZmCwPRHutppT3jkfEqizN5iHb69GH
|
||||||
|
k6kol6knJofkaL656Q3Oc9o0ZrMlFh1RwmOvAk5fVK0/CV88/phROz2Wdmy5Bz4a
|
||||||
|
t0vzqFWA54y6+9EEVoOk9SU0CYfpGtpX4URjLK1EUG/l+RR3366Uee6TPrtEZ9cg
|
||||||
|
56VQMxhSaRNAvJ6DfiSuscSCNJzwuXaMXSZydGYnnP9Tb9p6c1uy1sXdluZkBIcK
|
||||||
|
CgC+gdDMSNlDn9ghc4xZGkuA8bjzfAYuRuGKmfTt8uuklkjw2b9w3SHjC4/Cmd2W
|
||||||
|
cFRnzfg2oL6e78hNg2ZGgsLzvb6Lu6/5IhXCO7RitzYf2+HLBbc+YLFsnG3qeGe1
|
||||||
|
28yGnXOQd97Cr4+IzFucVy/33gMQkesNUSDFJSq1gE/hGrMgTTMQJ7yC3PRqg0kG
|
||||||
|
tpqTyKNdM0g1adxlR1qfDPvpUBApkgBbySnMyWEr5+tBuoHUtH2m49oV9YD4odMJ
|
||||||
|
yJjlGxituO/YNN6O8oANlraG1Q==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIJBzCCBO+gAwIBAgIJAN7WS1mRS9A+MA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV
|
||||||
|
BAMMD3Bvbnl0b3duIFJTQSBDQTAeFw0xNjEyMTAxNzQyMzNaFw0yNjEyMDgxNzQy
|
||||||
|
MzNaMBoxGDAWBgNVBAMMD3Bvbnl0b3duIFJTQSBDQTCCBCIwDQYJKoZIhvcNAQEB
|
||||||
|
BQADggQPADCCBAoCggQBAMNEzJ7aNdD2JSk9+NF9Hh2za9OQnt1d/7j6DtE3ieoT
|
||||||
|
ms8mMSXzoImXZayZ9Glx3yx/RhEb2vmINyb0vRUM4I/GH+XHdOBcs9kaJNv/Mpw4
|
||||||
|
Ggd4e1LUqV1pzNrhYwRrTQTKyaDiDX2WEBNfQaaYnHltmSmsfyt3Klj+IMc6CyqV
|
||||||
|
q8SOQ6Go414Vn++Jj7p3E6owdwuvSvO8ERLobiA6vYB+qrS7E48c4zRIAFIO4uwt
|
||||||
|
g4TiCJLLWc1fRSoqGGX7KS+LzQF8Pq67IOHVna4e9peSe6nQnm0LQZAmaosYHvF4
|
||||||
|
AX0Bj6TLv9PXCAGtB7Pciev5Br0tRZEdVyYfmwiVKUWcp77TghV3W+VaJVhPh5LN
|
||||||
|
X91ktvpeYek3uglqv2ZHtSG2S1KkBtTkbMOD+a2BEUfq0c0+BIsj6jdvt4cvIfet
|
||||||
|
4gUOxCvYMBs4/dmNT1zoe/kJ0lf8YXYLsXwVWdIW3jEE8QdkLtLI9XfyU9OKLZuD
|
||||||
|
mmoAf7ezvv/T3nKLFqhcwUFGgGtCIX+oWC16XSbDPBcKDBwNZn8C49b7BLdxqAg3
|
||||||
|
msfxwhYzSs9F1MXt/h2dh7FVmkCSxtgNDX3NJn5/yT6USws2y0AS5vXVP9hRf0NV
|
||||||
|
KfKn9XlmHCxnZExwm68uZkUUYHB05jSWFojbfWE+Mf9djUeQ4FuwusztZdbyQ4yS
|
||||||
|
mMtBXO0I6SQBmjCoOa1ySW3DTuw/eKCfq+PoxqWD434bYA9nUa+pE27MP7GLyjCS
|
||||||
|
6+ED3MACizSF0YxkcC9pWUo4L5FKp+DxnNbtzMIILnsDZTVHOvKUy/gjTyTWm/+7
|
||||||
|
2t98l7vBE8gn3Aux0V5WFe2uZIZ07wIi/OThoBO8mpt9Bm5cJTG07JStKEXX/UH1
|
||||||
|
nL7cDZ2V5qbf4hJdDy4qixxxIZtmf//1BRlVQ9iYTOsMoy+36DXWbc3vSmjRefW1
|
||||||
|
YENt4zxOPe4LUq2Z+LXq1OgVQrHrVevux0vieys7Rr2gA1sH8FaaNwTr7Q8dq+Av
|
||||||
|
Evk+iOUH4FuYorU1HuGHPkAkvLWosVwlB+VhfEai0V6+PmttmaOnCJNHfFTu5wCu
|
||||||
|
B9CFJ1tdzTzAbrLwgtWmO70KV7CfZPHO7lMWhSvplU0i5T9WytxP91IoFtXwRSO8
|
||||||
|
+Ghyu0ynB3HywCH2dez89Vy903P6PEU0qTnYWRz6D/wi5+yHHNrm9CilWurs/Qex
|
||||||
|
kyB7lLD7Cb1JJc8QIFTqT6vj+cids3xd245hUdpFyZTX99YbF6IkiB2zGi5wvUmP
|
||||||
|
f1GPvkTLb7eF7bne9OClEjEqvc0hVJ2abO2WXkqxlQFEYZHNofm+y6bnby/BZZJo
|
||||||
|
beaSFcLOCe2Z8iZvVnzfHBCeLyWE89gc94z784S3LEsCAwEAAaNQME4wHQYDVR0O
|
||||||
|
BBYEFNz2wEPCQbx9OdRCNE4eALwHJfIgMB8GA1UdIwQYMBaAFNz2wEPCQbx9OdRC
|
||||||
|
NE4eALwHJfIgMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggQBACbm2YX7
|
||||||
|
sBG0Aslj36gmVlCTTluNg2tuK2isHbK3YhNwujrH/o/o2OV7UeUkZkPwE4g4/SjC
|
||||||
|
OwDWYniRNyDKBOeD9Q0XxR5z5IZQO+pRVvXF8DXO6kygWCOJM9XheKxp9Uke0aDg
|
||||||
|
m8F02NslKLUdy7piGlLSz1sgdjiE3izIwFZRpZY7sMozNWWvSAmzprbkE78LghIm
|
||||||
|
VEydQzIQlr5soWqc65uFLNbEA6QBPoFc6dDW+mnzXf8nrZUM03CACxAsuq/YkjRp
|
||||||
|
OHgwgfdNRdlu4YhZtuQNak4BUvDmigTGxDC+aMJw0ldL1bLtqLG6BvQbyLNPOOfo
|
||||||
|
5S8lGh4y06gb//052xHaqtCh5Ax5sHUE5By6wKHAKbuJy26qyKfaRoc3Jigs4Fd5
|
||||||
|
3CuoDWHbyXfkgKiU+sc+1mvCxQKFRJ2fpGEFP8iEcLvdUae7ZkRM4Kb0vST+QhQV
|
||||||
|
fDaFkM3Bwqtui5YaZ6cHHQVyXQdujCmfesoZXKil2yduQ3KWgePjewzRV+aDWMzk
|
||||||
|
qKaF+TRANSqWbBU6JTwwQ4veKQThU3ir7nS2ovdPbhNS/FnWoKodj6eaqXfdYuBh
|
||||||
|
XOXLewIF568MJsLOuBubeAO2a9LOlhnv6eLGp2P4M7vwEdN/LRRQtwBBmqq8C3h+
|
||||||
|
ewrJP12B/ag0bJDi9vCgPhYtDEpjpfsnxZEIqVZwshJ/MqXykFp2kYk62ylyfDWq
|
||||||
|
veI/aHwpzT2k+4CI/XmPWXl9NlI50HPdpcwCBDy8xVHwb/x7stNgQdIhaj9tzmKa
|
||||||
|
S+eqitclc8Iqrbd523H//QDzm8yiqRZUdveNa9gioTMErR0ujCpK8tO8mVZcVfNX
|
||||||
|
i1/Vsar5++nXcPhxKsd1t8XV2dk3gUZIfMgzLLzs+KSiFg+bT3c7LkCd+I3w30Iv
|
||||||
|
fh9cxFBAyYO9giwxaCfJgoz7OYqaHOOtASF85UV7gK9ELT7/z+RAcS/UfY1xbd54
|
||||||
|
hIi1vRZj8lfkAYNtnYlud44joi1BvW/GZGFCiJ13SSvfHNs9v/5xguyCSgyCc0qx
|
||||||
|
ZkN/fzj/5wFQbxSl3MPn/JrsvlH6wvJht1SA50uVdUvJ5e5V8EgLYfMqlJNNpTHP
|
||||||
|
wZcHF+Dw126oyu2KhUxD126Gusxp+tV6I0EEZnVwwduFQWq9xm/gT+qohpveeylf
|
||||||
|
Q2XGz56DF2udJJnSFGSqzQOl9XopNC/4ecBMwIzqdFSpaWgK3VNAcigyDajgoE4v
|
||||||
|
ZuiVDEiLhLowZvi1V8GOWzcka7R2BQBjhOLWByQGDcm8cOMS7w8oCSQCaYmJyHvE
|
||||||
|
tTHq7fX6/sXv0AJqM3ysSdU01IVBNahnr5WEkmQMaFF0DGvRfqkVdKcChwrKv7r2
|
||||||
|
DLxargy39i2aQGg=
|
||||||
|
-----END CERTIFICATE-----
|
27
tokio-rustls/tests/end.rsa
Normal file
27
tokio-rustls/tests/end.rsa
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEogIBAAKCAQEAtWA8+uvu1Q+Ay9fv7FRzEPgWw0YJgzkJV/vpn1vA90DUJv6g
|
||||||
|
wRG7u0+6qnXPRig2q+FiMwTfEgZMzNRIzBsDZ2T1f0389KlAEdS/+2c39RmhWb1l
|
||||||
|
4JLMlKX8L5qax9yMv3aZBE8LT7YaUzzZbot4WZ5v+ZJI0UVoPR5iA+DtOC3ekit9
|
||||||
|
d79mYKz2W5Cr26paoVJ2Foy925SlRm6VyLLmcxFPT4foB7T3BIWaRbDOni3vtk1b
|
||||||
|
HCK8nDBDk16gAJjus2fbEFrX5ZbtwhJZvdOB+vowP/S3oGpe9qTJpGK/MFp4qgw7
|
||||||
|
oo17gj5VceRAxRcsQZltfFHgxEGild5DX3pWkwIDAQABAoIBAFDTazlSbGML/pRY
|
||||||
|
TTWeyIw2UkaA7npIr45C13BJfitw+1nJPK/tDCDDveZ6i3yzLPHZhV5A/HtWzWC1
|
||||||
|
9R7nptOrnO83PNN2nPOVQFxzOe+ClXGdQkoagQp5EXHRTspj0WD9I+FUrDDAcOjJ
|
||||||
|
BAgMJPyi6zlnZAXGDVa3NGyQDoZqwU2k36L4rEsJIkG0NVurZhpiCexNkkf32495
|
||||||
|
TOINQ0iKdfJ4iZoEYQ9G+x4NiuAJRCHuIcH76SNfT+Uv3wX0ut5EFPtflnvtdgcp
|
||||||
|
QVcoKwYdO0+mgO5xqWlBcsujSvgBdiNAGnAxKHWiEaacuIJi4+yYovyEebP6QI2X
|
||||||
|
Zg/U2wkCgYEA794dE5CPXLOmv6nioVC/ubOESk7vjSlEka/XFbKr4EY794YEqrB1
|
||||||
|
8TUqg09Bn3396AS1e6P2shr3bxos5ybhOxDGSLnJ+aC0tRFjd1BPKnA80vZM7ggt
|
||||||
|
5cjmdD5Zp0tIQTIAAYU5bONQOwj0ej4PE7lny26eLa5vfvCwlrD+rM0CgYEAwZMN
|
||||||
|
W/5PA2A+EM08IaHic8my0dCunrNLF890ouZnDG99SbgMGvvEsGIcCP1sai702hNh
|
||||||
|
VgGDxCz6/HUy+4O4YNFVtjY7uGEpfIEcEI7CsLQRP2ggWEFxThZtnEtO8PbM3J/i
|
||||||
|
qcS6njHdE+0XuCjgZwGgva5xH2pkWFzw/AIpEN8CgYB2HOo2axWc8T2n3TCifI+c
|
||||||
|
EqCOsqXU3cBM+MgxgASQcCUxMkX0AuZguuxPMmS+85xmdoMi+c8NTqgOhlYcEJIR
|
||||||
|
sqXgw9OH3zF8g6513w7Md+4Ld4rUHyTypGWOUfF1pmVS7RsBpKdtTdWA7FzuIMbt
|
||||||
|
0HsiujqbheyTFlPuMAOH9QKBgBWS1gJSrWuq5j/pH7J/4EUXTZ6kq1F0mgHlVRJy
|
||||||
|
qzlvk38LzA2V0a32wTkfRV3wLcnALzDuqkjK2o4YYb42R+5CZlMQaEd8TKtbmE0g
|
||||||
|
HAKljuaKLFCpun8BcOXiXsHsP5i3GQPisQnAdOsrmWEk7R2NyORa9LCToutWMGVl
|
||||||
|
uD3xAoGAA183Vldm+m4KPsKS17t8MbwBryDXvowGzruh/Z+PGA0spr+ke4XxwT1y
|
||||||
|
kMMP1+5flzmjlAf4+W8LehKuVqvQoMlPn5UVHmSxQ7cGx/O/o6Gbn8Q25/6UT+sM
|
||||||
|
B1Y0rlLoKG62pnkeXp1O4I57gnClatWRg5qw11a8V8e3jvDKIYM=
|
||||||
|
-----END RSA PRIVATE KEY-----
|
128
tokio-rustls/tests/test.rs
Normal file
128
tokio-rustls/tests/test.rs
Normal file
@ -0,0 +1,128 @@
|
|||||||
|
use std::{ io, thread };
|
||||||
|
use std::io::{ BufReader, Cursor };
|
||||||
|
use std::sync::Arc;
|
||||||
|
use std::sync::mpsc::channel;
|
||||||
|
use std::net::SocketAddr;
|
||||||
|
use futures_util::future::TryFutureExt;
|
||||||
|
use lazy_static::lazy_static;
|
||||||
|
use tokio::prelude::*;
|
||||||
|
use tokio::runtime;
|
||||||
|
use tokio::io::{ copy, split };
|
||||||
|
use tokio::net::{ TcpListener, TcpStream };
|
||||||
|
use rustls::{ ServerConfig, ClientConfig };
|
||||||
|
use rustls::internal::pemfile::{ certs, rsa_private_keys };
|
||||||
|
use tokio_rustls::{ TlsConnector, TlsAcceptor };
|
||||||
|
|
||||||
|
const CERT: &str = include_str!("end.cert");
|
||||||
|
const CHAIN: &str = include_str!("end.chain");
|
||||||
|
const RSA: &str = include_str!("end.rsa");
|
||||||
|
|
||||||
|
lazy_static!{
|
||||||
|
static ref TEST_SERVER: (SocketAddr, &'static str, &'static str) = {
|
||||||
|
let cert = certs(&mut BufReader::new(Cursor::new(CERT))).unwrap();
|
||||||
|
let mut keys = rsa_private_keys(&mut BufReader::new(Cursor::new(RSA))).unwrap();
|
||||||
|
|
||||||
|
let mut config = ServerConfig::new(rustls::NoClientAuth::new());
|
||||||
|
config.set_single_cert(cert, keys.pop().unwrap())
|
||||||
|
.expect("invalid key or certificate");
|
||||||
|
let acceptor = TlsAcceptor::from(Arc::new(config));
|
||||||
|
|
||||||
|
let (send, recv) = channel();
|
||||||
|
|
||||||
|
thread::spawn(move || {
|
||||||
|
let mut runtime = runtime::Builder::new()
|
||||||
|
.basic_scheduler()
|
||||||
|
.enable_io()
|
||||||
|
.build()
|
||||||
|
.unwrap();
|
||||||
|
|
||||||
|
let handle = runtime.handle().clone();
|
||||||
|
|
||||||
|
let done = async move {
|
||||||
|
let addr = SocketAddr::from(([127, 0, 0, 1], 0));
|
||||||
|
let mut listener = TcpListener::bind(&addr).await?;
|
||||||
|
|
||||||
|
send.send(listener.local_addr()?).unwrap();
|
||||||
|
|
||||||
|
loop {
|
||||||
|
let (stream, _) = listener.accept().await?;
|
||||||
|
|
||||||
|
let acceptor = acceptor.clone();
|
||||||
|
let fut = async move {
|
||||||
|
let stream = acceptor.accept(stream).await?;
|
||||||
|
|
||||||
|
let (mut reader, mut writer) = split(stream);
|
||||||
|
copy(&mut reader, &mut writer).await?;
|
||||||
|
|
||||||
|
Ok(()) as io::Result<()>
|
||||||
|
}.unwrap_or_else(|err| eprintln!("server: {:?}", err));
|
||||||
|
|
||||||
|
handle.spawn(fut);
|
||||||
|
}
|
||||||
|
}.unwrap_or_else(|err: io::Error| eprintln!("server: {:?}", err));
|
||||||
|
|
||||||
|
runtime.block_on(done);
|
||||||
|
});
|
||||||
|
|
||||||
|
let addr = recv.recv().unwrap();
|
||||||
|
(addr, "testserver.com", CHAIN)
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
fn start_server() -> &'static (SocketAddr, &'static str, &'static str) {
|
||||||
|
&*TEST_SERVER
|
||||||
|
}
|
||||||
|
|
||||||
|
async fn start_client(addr: SocketAddr, domain: &str, config: Arc<ClientConfig>) -> io::Result<()> {
|
||||||
|
const FILE: &'static [u8] = include_bytes!("../README.md");
|
||||||
|
|
||||||
|
let domain = webpki::DNSNameRef::try_from_ascii_str(domain).unwrap();
|
||||||
|
let config = TlsConnector::from(config);
|
||||||
|
let mut buf = vec![0; FILE.len()];
|
||||||
|
|
||||||
|
let stream = TcpStream::connect(&addr).await?;
|
||||||
|
let mut stream = config.connect(domain, stream).await?;
|
||||||
|
stream.write_all(FILE).await?;
|
||||||
|
stream.flush().await?;
|
||||||
|
stream.read_exact(&mut buf).await?;
|
||||||
|
|
||||||
|
assert_eq!(buf, FILE);
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn pass() -> io::Result<()> {
|
||||||
|
let (addr, domain, chain) = start_server();
|
||||||
|
|
||||||
|
// TODO: not sure how to resolve this right now but since
|
||||||
|
// TcpStream::bind now returns a future it creates a race
|
||||||
|
// condition until its ready sometimes.
|
||||||
|
use std::time::*;
|
||||||
|
tokio::time::delay_for(Duration::from_secs(1)).await;
|
||||||
|
|
||||||
|
let mut config = ClientConfig::new();
|
||||||
|
let mut chain = BufReader::new(Cursor::new(chain));
|
||||||
|
config.root_store.add_pem_file(&mut chain).unwrap();
|
||||||
|
let config = Arc::new(config);
|
||||||
|
|
||||||
|
start_client(addr.clone(), domain, config.clone()).await?;
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
#[tokio::test]
|
||||||
|
async fn fail() -> io::Result<()> {
|
||||||
|
let (addr, domain, chain) = start_server();
|
||||||
|
|
||||||
|
let mut config = ClientConfig::new();
|
||||||
|
let mut chain = BufReader::new(Cursor::new(chain));
|
||||||
|
config.root_store.add_pem_file(&mut chain).unwrap();
|
||||||
|
let config = Arc::new(config);
|
||||||
|
|
||||||
|
assert_ne!(domain, &"google.com");
|
||||||
|
let ret = start_client(addr.clone(), "google.com", config).await;
|
||||||
|
assert!(ret.is_err());
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user