use std::convert::TryFrom; use std::io; use std::net::ToSocketAddrs; use std::sync::Arc; use tokio::io::{AsyncReadExt, AsyncWriteExt}; use tokio::net::TcpStream; use tokio_rustls::{ client::TlsStream, rustls::{self, ClientConfig, OwnedTrustAnchor}, TlsConnector, }; async fn get( config: Arc, domain: &str, port: u16, ) -> io::Result<(TlsStream, String)> { let connector = TlsConnector::from(config); let input = format!("GET / HTTP/1.0\r\nHost: {}\r\n\r\n", domain); let addr = (domain, port).to_socket_addrs()?.next().unwrap(); let domain = rustls::ServerName::try_from(domain).unwrap(); let mut buf = Vec::new(); let stream = TcpStream::connect(&addr).await?; let mut stream = connector.connect(domain, stream).await?; stream.write_all(input.as_bytes()).await?; stream.flush().await?; stream.read_to_end(&mut buf).await?; Ok((stream, String::from_utf8(buf).unwrap())) } #[tokio::test] async fn test_tls12() -> io::Result<()> { let mut root_store = rustls::RootCertStore::empty(); root_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| { OwnedTrustAnchor::from_subject_spki_name_constraints( ta.subject, ta.spki, ta.name_constraints, ) })); let config = rustls::ClientConfig::builder() .with_safe_default_cipher_suites() .with_safe_default_kx_groups() .with_protocol_versions(&[&rustls::version::TLS12]) .unwrap() .with_root_certificates(root_store) .with_no_client_auth(); let config = Arc::new(config); let domain = "tls-v1-2.badssl.com"; let (_, output) = get(config.clone(), domain, 1012).await?; assert!( output.contains("tls-v1-2.badssl.com"), "failed badssl test, output: {}", output ); Ok(()) } #[ignore] #[should_panic] #[test] fn test_tls13() { unimplemented!("todo https://github.com/chromium/badssl.com/pull/373"); } #[tokio::test] async fn test_modern() -> io::Result<()> { let mut root_store = rustls::RootCertStore::empty(); root_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| { OwnedTrustAnchor::from_subject_spki_name_constraints( ta.subject, ta.spki, ta.name_constraints, ) })); let config = rustls::ClientConfig::builder() .with_safe_defaults() .with_root_certificates(root_store) .with_no_client_auth(); let config = Arc::new(config); let domain = "mozilla-modern.badssl.com"; let (_, output) = get(config.clone(), domain, 443).await?; assert!( output.contains("mozilla-modern.badssl.com"), "failed badssl test, output: {}", output ); Ok(()) }