Commit Graph

258 Commits

Author SHA1 Message Date
Geoff Jacobsen
fcbae20f8c
add: take_io method to LazyConfigAcceptor (#145)
* add: take_io method to LazyConfigAcceptor

The `take_io` method can be used to take back ownership of the client IO stream when an error occurs
during clientHello handshake.

An example of this is when a client tries to connect to an TLS socket expecting it to be plain text
connection. In this case take_io can be used to send a 400 response, "The plain HTTP request was
sent to HTTPS port", back to the client.

* rename test lazy_config_acceptor_take_io
2023-06-06 14:15:07 +08:00
Shih-Chiang Chien
3fcf85892b
expose rustls secret_extraction feature (#134) 2023-05-23 13:36:01 +02:00
John T. Wodder II
0f00a0c11b
tokio-rustls: Fix "Basic Structure of a Client" code in README (#142) 2023-04-17 09:51:11 +08:00
Paolo Barbolini
7ea7a17831
Remove webpki (#82) 2023-03-31 00:13:12 +08:00
Daniel McCarney
07e8da6e52
update rustls v0.20.7 -> v0.21.0 (#137)
* deps: update to rustls 0.21.0.

This commit updates tokio-rustls to use the freshly released Rustls
0.21.0 release tag, and the rustls-webpki fork of webpki.

* tests: improve server wait in early data test.

Previously the `test_0rtt` test had a hardcoded 1s sleep waiting for an
`openssl s_server` process to become ready.

If 1s waiting wasn't long enough, the test could fail with an error
like:

```
Error: Os { code: 10061, kind: ConnectionRefused, message: "No
connection could be made because the target machine actively refused
it." }
```

This commit replaces the hardcoded sleep with a sleep loop that
gradually increases the delay time up to a fixed maximum. This makes the
test run faster when the server is ready quickly and prevents an error
if it takes longer than 1s to stabilize.

* version: 0.23.4 -> 0.24.0
2023-03-30 17:44:26 +02:00
Dirkjan Ochtman
7dfc981020
tokio-native-tls: remove unused dependencies (#133) 2023-03-30 23:29:17 +08:00
David Cook
357bc56248
Fix early-data test (#132)
* Fix domain name in early-data test

* Run early data test in CI

* Add missing wake call

* Workaround: write to OpenSSL's input

This is necessary to work around an issue that only appears on Windows.

* Don't rerun other tests in CI
2023-02-19 08:40:05 +08:00
nickelc
e3841d6e3a
Replace unmaintained GitHub Actions (#131)
The toolchain is now installed with `dtolnay/rust-toolchain` and
`actions-rs/cargo` is replaced with plain commands.
2023-02-08 12:28:15 -05:00
nickelc
f9d55a686c
chore: update readme links & badges (#49) 2023-02-08 12:27:45 -05:00
Noah Kennedy
3716340633
chore: prepare tokio-native-tls 0.3.1 (#129)
# 0.3.1 (February 4th, 2023)

### Additions
- Add Vendored Feature ([#125])
- Implement AsRawFd for both tokio-rustls and tokio-native-tls TlsStream\<S\> ([#74])

### Internal
- Fix warning about renamed lint ([#93])
- fix a handful of lints, one of which was breaking the build ([#65])

[#65]: https://github.com/tokio-rs/tls/pull/65
[#74]: https://github.com/tokio-rs/tls/pull/74
[#93]: https://github.com/tokio-rs/tls/pull/93
[#125]: https://github.com/tokio-rs/tls/pull/125
2023-02-07 11:05:15 -06:00
John Vandenberg
874478f09a
Bump the test dependencies (#130) 2023-02-06 09:39:21 +01:00
Dirkjan Ochtman
27ec4a3f4f
Clippy 1.67 (#127)
* tokio-rustls: specify rust-version as 1.56 as required by rustls 0.20.7

* tokio-rustls: apply clippy lints for 1.67
2023-01-28 22:10:27 +01:00
Selyatin
df272e9958
Add Vendored Feature (#125) 2022-12-20 12:00:12 -05:00
Alex Touchet
271980ff97
Fix Actions badge and update links (#124) 2022-12-17 14:53:39 +08:00
Dirkjan Ochtman
9d58c7d29e
chore: apply clippy suggestions from 1.65 (#122) 2022-11-04 22:11:05 +01:00
Dirkjan Ochtman
24473eaff9
tokio-rustls: initialize Acceptor with default() in tests (#119) 2022-10-23 13:43:45 +08:00
Dirkjan Ochtman
c033514814
Clippy fixes (#118) 2022-10-11 16:12:04 +02:00
Dirkjan Ochtman
87ecfe7c01
Upgrade to rustls-pemfile 1 (#114) 2022-08-02 22:54:13 +02:00
Taiki Endo
e902e5160d
Update actions/checkout action to v3 (#109) 2022-07-28 17:25:11 +02:00
Dirkjan Ochtman
c2d1fe6813
Refresh test certificates for tokio-rustls (#113)
Used the script in tokio-native-tls/scripts to generate new certs.
2022-07-28 18:51:38 +08:00
Dirkjan Ochtman
ce11bf7274
Fix warning about renamed lint (#93) 2022-05-09 21:57:54 +02:00
quininer
0cf2ccc1ad
tokio-rustls: release 0.23.4 (#105) 2022-05-04 16:34:25 +02:00
Sergio Benitez
f1c7d22ad3
add 'get_ref()' and 'get_mut()' to 'Accept' (#104)
* add 'get_ref()' and 'get_mut()' to 'Accept'

* add 'get_ref()' and 'get_mut()' to 'Connect'
2022-05-04 10:29:52 +08:00
quininer
bcf4f8e3f9
Rustls buffered handshake eof failed (#98)
* rustls/tests: use BufWriter in handshake

* tokio-rustls: move test to stream_buffered_handshake

* Fix tokio-rustls bufwriter handshake fail #96

* Use need_flush

* More flush

* tokio-rustls: release 0.23.3

* Fix fmt

Co-authored-by: tharvik <tharvik@users.noreply.github.com>
2022-03-19 06:09:28 +01:00
quininer
47b2ef50c1
release tokio-rustls 0.23.2 (#88) 2021-12-16 15:35:57 +01:00
Moritz Gunz
fe8a0f4152
fix: Fix EOF spin loop by removing intermediate buffer in LazyConfigAcceptor (#87)
* chore: Remove intermediate buffer in LazyConfigAcceptor

* chore: Document WouldBlock behavior

* chore: satisfy clippy

* chore: Rename Reader -> SyncReadAdapter

* chore: add test for EOF
2021-12-16 21:32:46 +08:00
quininer
8519354ad6
release tokoi-rustls 0.23.1 (#83) 2021-10-30 13:45:10 +02:00
Dirkjan Ochtman
33506018e7
Add LazyConfigAcceptor API (#69) 2021-10-30 08:10:58 +02:00
quininer
48caaf751f
Add poll_write docs (#73) 2021-10-14 20:15:39 +02:00
Dirkjan Ochtman
ea14b430d7
Fix incorrect spelling (#76) 2021-10-12 20:49:28 +08:00
quininer
56855b7166
don't throw eof error to keep consistency (#79) 2021-10-12 10:05:51 +02:00
quininer
5aae337945
Fix #77 regression (#78)
* Add regression test for #77

* Fix handshake alert

* Fix style
2021-10-07 09:45:42 +02:00
quininer
0bf243566d
Fix early-data wakeup loss (#72) 2021-10-05 10:43:54 +02:00
Jerome Gravel-Niquet
438cb8f9c8
Implement AsRawFd for both tokio-rustls and tokio-native-tls TlsStream<S> (#74)
* implement AsRawFd for both tokio-rustls and tokio-native-tls TlsStream<S>

* implement windows' AsRawHandle

* typo in cfg(windows)

* use RawSocket, not RawHandle

* implement AsRawFd & AsRawSocket for tokio_rustls::client::TlsStream and tokio_rustls::TlsStream enum
2021-10-01 21:52:10 +08:00
Eliza Weisman
8501aafae5
[DRAFT] update tokio-rustls to rustls 0.20.x (#64)
* update to rustls 0.20

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* track simple renamings in rustls

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* use reader/writer methods

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* fix find and replace

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* use rustls-pemfile crate for pem file parsing

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* update misc api breakage

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* update client example with api changes

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* update server example with new APIs

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* update test_stream test

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* update tests to use new APIs

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* rm unused imports

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* handle rustls `WouldBlock` on eof

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* expect rustls to return wouldblock in tests

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* i think this is *actually* the right EOF behavior

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* bump version

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* okay that seems to fix it

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* update to track builder API changes

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* actually shutdown read side on close notify

Signed-off-by: Eliza Weisman <eliza@buoyant.io>

* Further updates to rustls 0.20 (#68)

* Adapt to RootCertStore API changes

* Handle UnexpectedEof errors

* Rename would_block to io_pending

* Try to make badssl test failures more verbose

* Rebuild AsyncRead impl

* Upgrade to current rustls

* Revert to using assert!()

* Update to rustls 0.20

* Forward rustls features

Co-authored-by: Dirkjan Ochtman <dirkjan@ochtman.nl>
2021-09-29 01:01:37 +08:00
Eliza Weisman
db01bce007
fix a handful of lints, one of which was breaking the build (#65)
* native-tls: fix use of non-fmt panic in tests
* fix some misc. clippy lints

This branch fixes a number of lints. The most important one was the use
of a non-`format_args!` expression in a `panic!` macro, which generates
a compiler warning in recent Rust toolchains, which is breaking the CI
`cargo check` run on PR #64.

While I was here, I also fixed some miscellaneous Clippy lints, mostly
in tests. These include:

* Use of `clone()` on `SocketAddr`s (which implement `Copy`)
* Unnecessary single-path-segment imports (which probably used to be
  `extern crate`s in earlier Rust?)
* `'static` lifetimes in `const` type annotations (`const`s always have
  the `'static` lifetime)

None of these were breaking the build on CI, but I figured I'd address
them while I was fixing other lints.

Signed-off-by: Eliza Weisman <eliza@buoyant.io>
2021-06-29 15:45:21 -07:00
Nikhil Benesch
794659740d
tokio-native-tls: prepare v0.3.0 (#47) 2020-12-24 12:13:08 -05:00
Nikhil Benesch
f85882fbc7
tokio-rustls: prepare v0.22.0 (#48) 2020-12-24 08:22:29 +08:00
nickelc
44e978cfa6
Update to tokio 1.0 (#46)
* Update to tokio 1.0

* fix early data test
2020-12-23 13:42:03 -08:00
Roman Titov
e40608bfeb
tokio-rustls: Derive Debug for tokio_rustls::TlsStream (#45) 2020-12-14 22:40:01 +08:00
quininer
5ea7060a45
release 0.21.1 (#43)
* writev support
2020-12-09 11:07:34 +08:00
Eliza Weisman
c2dbab6c5d
rustls: add write_vectored implementation (#42)
Signed-off-by: Eliza Weisman <eliza@buoyant.io>
2020-12-08 11:30:55 +08:00
quininer
0c2d573a4e
release 0.21.0 (#38) 2020-11-25 23:39:12 +08:00
Jason Heeris
35df2e3920
Update rustls version to 0.19. (#37) 2020-11-24 12:40:37 +08:00
Lucio Franco
a517e1d0a6
native: Upgrade tokio and prepare 0.2 release (#31) 2020-10-16 11:02:29 -04:00
quininer
e6ef54641b
Tokio 0.3 (#29)
* Remove futures-core

* Upgrade Tokio 0.3

* clean code

* Fix ci

* Fix lint
2020-10-16 18:26:32 +08:00
Cheng JIANG
c3bf063eb6
feat: re-export native-tls (#24)
Signed-off-by: Cheng JIANG <jiang.cheng@vip.163.com>
2020-08-31 11:16:29 -04:00
quininer
e8a8a59971
tokio-rustls: release 0.14.1 (#27)
* Support half-closed states #23
* Update examples
2020-08-31 22:22:46 +08:00
Smit
93d7c7590c
Fix the broken Guides link (#22) 2020-08-31 10:09:40 -04:00
Braden Ehrat
9487a157ab
Support half-closed states (#23)
After this commit, this crate will support using TLS streams in a
half-closed state. Note that the TLS 1.3 spec in RFC 8446
says this should be supported:

```
Each party MUST send a "close_notify" alert before closing its write
side of the connection, unless it has already sent some error alert.
This does not have any effect on its read side of the connection.  Note
that this is a change from versions of TLS prior to TLS 1.3 in which
implementations were required to react to a "close_notify" by discarding
pending writes and sending an immediate "close_notify" alert of their
own.  That previous requirement could cause truncation in the read side.
Both parties need not wait to receive a "close_notify" alert before
closing their read side of the connection, though doing so would
introduce the possibility of truncation.
```

https://tools.ietf.org/html/rfc8446#page-87

The `rustls` crate raises such a clean closure of a
[`ClientSession`](https://docs.rs/rustls/0.18.0/rustls/struct.ClientSession.html#impl-Read)
or
[`ServerSesson`](https://docs.rs/rustls/0.18.0/rustls/struct.ServerSession.html#impl-Read)
read-side with `ErrorKind::ConnectionAborted`.

This crate's `TlsState` struct already encodes support for the
half-closed states `TlsState::ReadShutdown` and
`TlsState::WriteShutdown`, in addition to `TlsState::FullyShutdown`.
However, the current behavior of the `AsyncRead` implementation is that
it unconditionally shuts-down the write-half of a connection after the
read-half closes cleanly with `ErrorKind::ConnectionAborted`.

This change removes the `stream.session.send_close_notify()` and
`this.state.shutdown_write()` calls from `poll_read()`. Note that
`stream.session.send_close_notify()` is still called in
`poll_shutdown()`, which the application calls to cleanly shutdown the
write-half.

I highly suspect the logic of this can be simplified and cleaned up
further. Minimally, the edited match statement now has two identical
branches which could be combined into one. Additionally, perhaps the
`Stream` implementation should simply return `Ok(0)` for this case in
its implementation of
[`tokio::io::AsyncRead`](https://docs.rs/tokio/0.2/tokio/io/trait.AsyncRead.html),
since that's the defined way to indicate clean closure with EOF from
`AsyncRead`. However, I want to make the minimal changes and have them
reviewed for logical correctness first.

Co-authored-by: Braden Ehrat <braden@cloudflare.com>
2020-08-16 23:25:49 +08:00