mirror of
https://github.com/ntex-rs/ntex.git
synced 2025-04-03 21:07:39 +03:00
Update rustls to 0.23.x (#311)
* ntex-tls: update rustls * ntex-connect: update rustls to 0.23.x * ntex: update rustls to 0.23.x --------- Co-authored-by: Andrey Voronkov <andrey.voronkov@sbermarket.ru>
This commit is contained in:
Andrey Voronkov
GitHub
parent
b71cad76bf
commit
5414e2096a
14 changed files with 114 additions and 137 deletions
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "ntex-tls"
|
||||
version = "1.0.0"
|
||||
version = "1.1.0"
|
||||
authors = ["ntex contributors <team@ntex.rs>"]
|
||||
description = "An implementation of SSL streams for ntex backed by OpenSSL"
|
||||
keywords = ["network", "framework", "async", "futures"]
|
||||
|
|
@ -35,10 +35,10 @@ log = "0.4"
|
|||
tls_openssl = { version = "0.10", package = "openssl", optional = true }
|
||||
|
||||
# rustls
|
||||
tls_rust = { version = "0.21", package = "rustls", optional = true }
|
||||
tls_rust = { version = "0.23", package = "rustls", optional = true }
|
||||
|
||||
[dev-dependencies]
|
||||
ntex = { version = "1", features = ["openssl", "rustls", "tokio"] }
|
||||
env_logger = "0.11"
|
||||
rustls-pemfile = "1.0"
|
||||
webpki-roots = "0.25"
|
||||
rustls-pemfile = "2"
|
||||
webpki-roots = "0.26"
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
use std::io;
|
||||
|
||||
use ntex::{codec, connect, io::types::PeerAddr, util::Bytes, util::Either};
|
||||
use tls_rust::{ClientConfig, OwnedTrustAnchor, RootCertStore};
|
||||
use tls_rust::{ClientConfig, RootCertStore};
|
||||
|
||||
#[ntex::main]
|
||||
async fn main() -> io::Result<()> {
|
||||
|
|
@ -9,16 +9,8 @@ async fn main() -> io::Result<()> {
|
|||
env_logger::init();
|
||||
|
||||
// rustls config
|
||||
let mut cert_store = RootCertStore::empty();
|
||||
cert_store.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| {
|
||||
OwnedTrustAnchor::from_subject_spki_name_constraints(
|
||||
ta.subject,
|
||||
ta.spki,
|
||||
ta.name_constraints,
|
||||
)
|
||||
}));
|
||||
let cert_store = RootCertStore::from_iter(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
|
||||
let config = ClientConfig::builder()
|
||||
.with_safe_defaults()
|
||||
.with_root_certificates(cert_store)
|
||||
.with_no_client_auth();
|
||||
|
||||
|
|
|
|||
|
|
@ -3,8 +3,7 @@ use std::{fs::File, io, io::BufReader, sync::Arc};
|
|||
use ntex::service::{chain_factory, fn_service};
|
||||
use ntex::{codec, io::Io, server, util::Either};
|
||||
use ntex_tls::rustls::TlsAcceptor;
|
||||
use rustls_pemfile::{certs, rsa_private_keys};
|
||||
use tls_rust::{Certificate, PrivateKey, ServerConfig};
|
||||
use tls_rust::ServerConfig;
|
||||
|
||||
#[ntex::main]
|
||||
async fn main() -> io::Result<()> {
|
||||
|
|
@ -17,15 +16,10 @@ async fn main() -> io::Result<()> {
|
|||
let cert_file =
|
||||
&mut BufReader::new(File::open("../ntex-tls/examples/cert.pem").unwrap());
|
||||
let key_file = &mut BufReader::new(File::open("../ntex-tls/examples/key.pem").unwrap());
|
||||
let keys = PrivateKey(rsa_private_keys(key_file).unwrap().remove(0));
|
||||
let cert_chain = certs(cert_file)
|
||||
.unwrap()
|
||||
.iter()
|
||||
.map(|c| Certificate(c.to_vec()))
|
||||
.collect();
|
||||
let keys = rustls_pemfile::private_key(key_file).unwrap().unwrap();
|
||||
let cert_chain = rustls_pemfile::certs(cert_file).collect::<Result<Vec<_>, _>>().unwrap();
|
||||
let tls_config = Arc::new(
|
||||
ServerConfig::builder()
|
||||
.with_safe_defaults()
|
||||
.with_no_client_auth()
|
||||
.with_single_cert(cert_chain, keys)
|
||||
.unwrap(),
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ use std::{any, cell::RefCell, future::poll_fn, sync::Arc, task::Poll};
|
|||
use ntex_bytes::BufMut;
|
||||
use ntex_io::{types, Filter, FilterLayer, Io, Layer, ReadBuf, WriteBuf};
|
||||
use ntex_util::ready;
|
||||
use tls_rust::{ClientConfig, ClientConnection, ServerName};
|
||||
use tls_rust::{pki_types::ServerName, ClientConfig, ClientConnection};
|
||||
|
||||
use super::{PeerCert, PeerCertChain, Wrapper};
|
||||
|
||||
|
|
@ -33,7 +33,7 @@ impl FilterLayer for TlsClientFilter {
|
|||
types::HttpProtocol::Http1
|
||||
};
|
||||
Some(Box::new(proto))
|
||||
} else if id == any::TypeId::of::<PeerCert>() {
|
||||
} else if id == any::TypeId::of::<PeerCert<'_>>() {
|
||||
if let Some(cert_chain) = self.session.borrow().peer_certificates() {
|
||||
if let Some(cert) = cert_chain.first() {
|
||||
Some(Box::new(PeerCert(cert.to_owned())))
|
||||
|
|
@ -43,7 +43,7 @@ impl FilterLayer for TlsClientFilter {
|
|||
} else {
|
||||
None
|
||||
}
|
||||
} else if id == any::TypeId::of::<PeerCertChain>() {
|
||||
} else if id == any::TypeId::of::<PeerCertChain<'_>>() {
|
||||
if let Some(cert_chain) = self.session.borrow().peer_certificates() {
|
||||
Some(Box::new(PeerCertChain(cert_chain.to_vec())))
|
||||
} else {
|
||||
|
|
@ -115,7 +115,7 @@ impl TlsClientFilter {
|
|||
pub async fn create<F: Filter>(
|
||||
io: Io<F>,
|
||||
cfg: Arc<ClientConfig>,
|
||||
domain: ServerName,
|
||||
domain: ServerName<'static>,
|
||||
) -> Result<Io<Layer<TlsClientFilter, F>>, io::Error> {
|
||||
let session = ClientConnection::new(cfg, domain)
|
||||
.map_err(|err| io::Error::new(io::ErrorKind::Other, err))?;
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
use std::{cmp, io};
|
||||
|
||||
use ntex_io::WriteBuf;
|
||||
use tls_rust::Certificate;
|
||||
use tls_rust::pki_types::CertificateDer;
|
||||
|
||||
mod accept;
|
||||
mod client;
|
||||
|
|
@ -14,11 +14,11 @@ pub use self::server::TlsServerFilter;
|
|||
|
||||
/// Connection's peer cert
|
||||
#[derive(Debug)]
|
||||
pub struct PeerCert(pub Certificate);
|
||||
pub struct PeerCert<'a>(pub CertificateDer<'a>);
|
||||
|
||||
/// Connection's peer cert chain
|
||||
#[derive(Debug)]
|
||||
pub struct PeerCertChain(pub Vec<Certificate>);
|
||||
pub struct PeerCertChain<'a>(pub Vec<CertificateDer<'a>>);
|
||||
|
||||
pub(crate) struct Wrapper<'a, 'b>(&'a WriteBuf<'b>);
|
||||
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ impl FilterLayer for TlsServerFilter {
|
|||
types::HttpProtocol::Http1
|
||||
};
|
||||
Some(Box::new(proto))
|
||||
} else if id == any::TypeId::of::<PeerCert>() {
|
||||
} else if id == any::TypeId::of::<PeerCert<'_>>() {
|
||||
if let Some(cert_chain) = self.session.borrow().peer_certificates() {
|
||||
if let Some(cert) = cert_chain.first() {
|
||||
Some(Box::new(PeerCert(cert.to_owned())))
|
||||
|
|
@ -45,7 +45,7 @@ impl FilterLayer for TlsServerFilter {
|
|||
} else {
|
||||
None
|
||||
}
|
||||
} else if id == any::TypeId::of::<PeerCertChain>() {
|
||||
} else if id == any::TypeId::of::<PeerCertChain<'_>>() {
|
||||
if let Some(cert_chain) = self.session.borrow().peer_certificates() {
|
||||
Some(Box::new(PeerCertChain(cert_chain.to_vec())))
|
||||
} else {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue