diff --git a/Cargo.lock b/Cargo.lock index 0797b8d..2c4b906 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -435,22 +435,6 @@ version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" -[[package]] -name = "core-foundation" -version = "0.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" -dependencies = [ - "core-foundation-sys", - "libc", -] - -[[package]] -name = "core-foundation-sys" -version = "0.8.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" - [[package]] name = "cpufeatures" version = "0.2.13" @@ -764,6 +748,7 @@ dependencies = [ "nix", "pty-process", "regex", + "rustls-pemfile", "serde", "serde_json", "serde_yaml", @@ -772,7 +757,7 @@ dependencies = [ "tikv-jemalloc-ctl", "tikv-jemallocator", "tokio", - "tokio-native-tls", + "tokio-rustls", "tokio-util", "toml", "uuid", @@ -807,12 +792,6 @@ dependencies = [ "pin-project-lite", ] -[[package]] -name = "fastrand" -version = "2.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e8c02a5121d4ea3eb16a80748c74f5549a5665e4c21333c6098f283870fbdea6" - [[package]] name = "fastwebsockets" version = "0.8.0" @@ -866,21 +845,6 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" -[[package]] -name = "foreign-types" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" -dependencies = [ - "foreign-types-shared", -] - -[[package]] -name = "foreign-types-shared" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" - [[package]] name = "form_urlencoded" version = "1.2.1" @@ -1541,23 +1505,6 @@ dependencies = [ "getrandom", ] -[[package]] -name = "native-tls" -version = "0.2.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8614eb2c83d59d1c8cc974dd3f920198647674a0a035e1af1fa58707e317466" -dependencies = [ - "libc", - "log", - "openssl", - "openssl-probe", - "openssl-sys", - "schannel", - "security-framework", - "security-framework-sys", - "tempfile", -] - [[package]] name = "nix" version = "0.29.0" @@ -1625,50 +1572,6 @@ version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" -[[package]] -name = "openssl" -version = "0.10.66" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9529f4786b70a3e8c61e11179af17ab6188ad8d0ded78c5529441ed39d4bd9c1" -dependencies = [ - "bitflags", - "cfg-if", - "foreign-types", - "libc", - "once_cell", - "openssl-macros", - "openssl-sys", -] - -[[package]] -name = "openssl-macros" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "openssl-probe" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" - -[[package]] -name = "openssl-sys" -version = "0.9.103" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f9e8deee91df40a943c71b917e5874b951d32a802526c85721ce3b776c929d6" -dependencies = [ - "cc", - "libc", - "pkg-config", - "vcpkg", -] - [[package]] name = "parking" version = "2.2.0" @@ -2064,44 +1967,12 @@ version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" -[[package]] -name = "schannel" -version = "0.1.24" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e9aaafd5a2b6e3d657ff009d82fbd630b6bd54dd4eb06f21693925cdf80f9b8b" -dependencies = [ - "windows-sys 0.59.0", -] - [[package]] name = "scopeguard" version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" -[[package]] -name = "security-framework" -version = "2.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" -dependencies = [ - "bitflags", - "core-foundation", - "core-foundation-sys", - "libc", - "security-framework-sys", -] - -[[package]] -name = "security-framework-sys" -version = "2.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75da29fe9b9b08fe9d6b22b5b4bcbc75d8db3aa31e639aa56bb62e9d46bfceaf" -dependencies = [ - "core-foundation-sys", - "libc", -] - [[package]] name = "semver" version = "1.0.23" @@ -2347,19 +2218,6 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a7065abeca94b6a8a577f9bd45aa0867a2238b74e8eb67cf10d492bc39351394" -[[package]] -name = "tempfile" -version = "3.12.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04cbcdd0c794ebb0d4cf35e88edd2f7d2c4c3e9a5a6dab322839b321c6a87a64" -dependencies = [ - "cfg-if", - "fastrand", - "once_cell", - "rustix", - "windows-sys 0.59.0", -] - [[package]] name = "thiserror" version = "1.0.63" @@ -2500,12 +2358,13 @@ dependencies = [ ] [[package]] -name = "tokio-native-tls" -version = "0.3.1" +name = "tokio-rustls" +version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" +checksum = "0c7bc40d0e5a97695bb96e27995cd3a08538541b0a846f65bba7a359f36700d4" dependencies = [ - "native-tls", + "rustls", + "rustls-pki-types", "tokio", ] @@ -2996,15 +2855,6 @@ dependencies = [ "windows-targets 0.52.6", ] -[[package]] -name = "windows-sys" -version = "0.59.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" -dependencies = [ - "windows-targets 0.52.6", -] - [[package]] name = "windows-targets" version = "0.48.5" diff --git a/server/Cargo.toml b/server/Cargo.toml index 6eca21e..5ef80d5 100644 --- a/server/Cargo.toml +++ b/server/Cargo.toml @@ -25,6 +25,7 @@ log = { version = "0.4.22", features = ["serde", "std"] } nix = { version = "0.29.0", features = ["term"] } pty-process = { version = "0.4.0", features = ["async", "tokio"], optional = true } regex = "1.10.6" +rustls-pemfile = "2.1.3" serde = { version = "1.0.208", features = ["derive"] } serde_json = { version = "1.0.125", optional = true } serde_yaml = { version = "0.9.34", optional = true } @@ -33,7 +34,7 @@ shell-words = { version = "1.1.0", optional = true } tikv-jemalloc-ctl = { version = "0.6.0", features = ["stats", "use_std"] } tikv-jemallocator = "0.6.0" tokio = { version = "1.39.3", features = ["full"] } -tokio-native-tls = "0.3.1" +tokio-rustls = { version = "0.26.0", features = ["ring", "tls12"], default-features = false } tokio-util = { version = "0.7.11", features = ["codec", "compat", "io-util", "net"] } toml = { version = "0.8.19", optional = true } uuid = { version = "1.10.0", features = ["v4"] } diff --git a/server/src/listener.rs b/server/src/listener.rs index fe7ecd3..73506d0 100644 --- a/server/src/listener.rs +++ b/server/src/listener.rs @@ -1,15 +1,19 @@ -use std::{os::fd::AsFd, path::PathBuf, pin::Pin}; +use std::{ + io::{BufReader, Cursor}, + os::fd::AsFd, + path::PathBuf, + pin::Pin, + sync::Arc, +}; use anyhow::Context; +use rustls_pemfile::{certs, private_key}; use tokio::{ fs::{remove_file, try_exists, File}, io::{AsyncBufRead, AsyncRead, AsyncWrite, ReadHalf, WriteHalf}, net::{tcp, unix, TcpListener, TcpStream, UnixListener, UnixStream}, }; -use tokio_native_tls::{ - native_tls::{self, Identity}, - TlsAcceptor, TlsStream, -}; +use tokio_rustls::{rustls, server::TlsStream, TlsAcceptor}; use uuid::Uuid; use crate::{config::SocketType, CONFIG}; @@ -299,17 +303,31 @@ impl ServerListener { .as_ref() .context("no tls keypair provided")?; - let public = tokio::fs::read(&tls_keypair[0]) - .await - .context("failed to read public key")?; - let private = tokio::fs::read(&tls_keypair[1]) - .await - .context("failed to read private key")?; + let mut public = BufReader::new(Cursor::new( + tokio::fs::read(&tls_keypair[0]) + .await + .context("failed to read public key")?, + )); + let public = certs(&mut public) + .collect::, _>>() + .context("failed to parse public key")?; + let mut private = BufReader::new(Cursor::new( + tokio::fs::read(&tls_keypair[1]) + .await + .context("failed to read private key")?, + )); + let private = private_key(&mut private) + .context("failed to parse private key")? + .context("no private key found")?; - let identity = - Identity::from_pkcs8(&public, &private).context("failed to create tls identity")?; + let cfg = Arc::new( + rustls::ServerConfig::builder() + .with_no_client_auth() + .with_single_cert(public, private) + .context("failed to create server config")?, + ); - Ok(TlsAcceptor::from(native_tls::TlsAcceptor::new(identity)?)) + Ok(TlsAcceptor::from(cfg)) } pub async fn new() -> anyhow::Result {