diff --git a/client/build.sh b/client/build.sh index 7ea4981..85d86a6 100755 --- a/client/build.sh +++ b/client/build.sh @@ -24,9 +24,9 @@ wasm-bindgen --target web --out-dir out/ ../target/wasm32-unknown-unknown/releas echo "[epx] wasm-bindgen finished" if ! [ "${RELEASE:-0}" = "1" ]; then - WASMOPTFLAGS="-g" + : "${WASMOPTFLAGS:=-g}" else - WASMOPTFLAGS="" + : "${WASMOPTFLAGS:=}" fi mv out/epoxy_client_bg.wasm out/epoxy_client_unoptimized.wasm @@ -35,6 +35,7 @@ wasm-opt $WASMOPTFLAGS --signext-lowering out/epoxy_client_unoptimized.wasm -o o if [ "${RELEASE:-0}" = "1" ]; then ( G="--generate-global-effects" + # shellcheck disable=SC2086 time wasm-opt $WASMOPTFLAGS \ out/epoxy_client_lowered.wasm -o out/epoxy_client_bg.wasm \ --converge \ diff --git a/client/src/lib.rs b/client/src/lib.rs index 91c3fc3..83cad8a 100644 --- a/client/src/lib.rs +++ b/client/src/lib.rs @@ -99,8 +99,8 @@ pub enum EpoxyError { InvalidDnsName(#[from] futures_rustls::rustls::pki_types::InvalidDnsNameError), #[error("Wisp: {0:?} ({0})")] Wisp(#[from] wisp_mux::WispError), - #[error("Wisp server closed: {0}")] - WispCloseReason(wisp_mux::CloseReason), + #[error("Wisp server closed: {0} (IO error: {1:?} ({1}))")] + WispCloseReason(CloseReason, std::io::Error), #[error("IO: {0:?} ({0})")] Io(#[from] std::io::Error), #[error("HTTP: {0:?} ({0})")] @@ -111,6 +111,8 @@ pub enum EpoxyError { Hyper(#[from] hyper::Error), #[error("HTTP ToStr: {0:?} ({0})")] ToStr(#[from] http::header::ToStrError), + #[error("Rustls: {0:?} ({0})")] + Rustls(#[from] futures_rustls::rustls::Error), #[cfg(feature = "full")] #[error("Pemfile: {0:?} ({0})")] Pemfile(std::io::Error), @@ -218,12 +220,6 @@ impl From for EpoxyError { } } -impl From for EpoxyError { - fn from(value: CloseReason) -> Self { - EpoxyError::WispCloseReason(value) - } -} - enum EpoxyResponse { Success(Response), Redirect((Response, http::Request)), diff --git a/client/src/stream_provider.rs b/client/src/stream_provider.rs index aefb4eb..8e256f7 100644 --- a/client/src/stream_provider.rs +++ b/client/src/stream_provider.rs @@ -2,7 +2,7 @@ use std::{io::ErrorKind, pin::Pin, sync::Arc, task::Poll}; use cfg_if::cfg_if; use futures_rustls::{ - rustls::{crypto::ring::default_provider, ClientConfig, RootCertStore}, + rustls::{ClientConfig, RootCertStore}, TlsConnector, }; use futures_util::{ @@ -31,7 +31,9 @@ pub type ProviderUnencryptedAsyncRW = MuxStreamAsyncRW; pub type ProviderTlsAsyncRW = IgnoreCloseNotify; pub type ProviderAsyncRW = Either; pub type ProviderWispTransportGenerator = Box< - dyn Fn(bool) -> Pin< + dyn Fn( + bool, + ) -> Pin< Box< dyn Future< Output = Result< @@ -65,11 +67,14 @@ impl StreamProvider { wisp_generator: ProviderWispTransportGenerator, options: &EpoxyClientOptions, ) -> Result { + let provider = Arc::new(futures_rustls::rustls::crypto::ring::default_provider()); + let client_config = ClientConfig::builder_with_provider(provider.clone()) + .with_safe_default_protocol_versions()?; let mut client_config = if options.disable_certificate_validation { - ClientConfig::builder() + client_config .dangerous() - .with_custom_certificate_verifier(Arc::new(NoCertificateVerification::new( - default_provider(), + .with_custom_certificate_verifier(Arc::new(NoCertificateVerification( + provider, ))) } else { cfg_if! { @@ -89,7 +94,7 @@ impl StreamProvider { let certstore = RootCertStore::from_iter(TLS_SERVER_ROOTS.iter().cloned()); } } - ClientConfig::builder().with_root_certificates(certstore) + client_config.with_root_certificates(certstore) } .with_no_client_auth(); let no_alpn_client_config = Arc::new(client_config.clone()); @@ -211,7 +216,7 @@ impl StreamProvider { if matches!(err.kind(), ErrorKind::UnexpectedEof) { // maybe actually a wisp error? if let Some(reason) = stream.get_close_reason() { - return Err(reason.into()); + return Err(EpoxyError::WispCloseReason(reason, err)); } } Err(err.into()) diff --git a/client/src/utils.rs b/client/src/utils.rs index d343fef..0d63aa4 100644 --- a/client/src/utils.rs +++ b/client/src/utils.rs @@ -1,7 +1,5 @@ use std::{ - io::ErrorKind, - pin::Pin, - task::{Context, Poll}, + io::ErrorKind, pin::Pin, sync::Arc, task::{Context, Poll} }; use async_trait::async_trait; @@ -306,13 +304,7 @@ impl AsyncWrite for IgnoreCloseNotify { } #[derive(Debug)] -pub struct NoCertificateVerification(CryptoProvider); - -impl NoCertificateVerification { - pub fn new(provider: CryptoProvider) -> Self { - Self(provider) - } -} +pub struct NoCertificateVerification(pub Arc); impl ServerCertVerifier for NoCertificateVerification { fn verify_server_cert(