mercuryworkshop-mirror/epoxy-tls
1
0
Fork 0
mirror of https://github.com/MercuryWorkshop/epoxy-tls.git synced 2025-05-12 14:00:01 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

switch to rustls

Browse source
This commit is contained in:
r58Playz 2024-09-16 13:13:45 -07:00
parent ee0ad89f3e
commit d6f1a8da43
3 changed files with 41 additions and 172 deletions
Download patch file Download diff file Expand all files Collapse all files

164
Cargo.lock generated
View file

@ -435,22 +435,6 @@ version = "0.9.6"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
[[package]]
name = "core-foundation"
version = "0.9.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f"
dependencies = [
"core-foundation-sys",
"libc",
]
[[package]]
name = "core-foundation-sys"
version = "0.8.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
[[package]] [[package]]
name = "cpufeatures" name = "cpufeatures"
version = "0.2.13" version = "0.2.13"
@ -764,6 +748,7 @@ dependencies = [
"nix", "nix",
"pty-process", "pty-process",
"regex", "regex",
"rustls-pemfile",
"serde", "serde",
"serde_json", "serde_json",
"serde_yaml", "serde_yaml",
@ -772,7 +757,7 @@ dependencies = [
"tikv-jemalloc-ctl", "tikv-jemalloc-ctl",
"tikv-jemallocator", "tikv-jemallocator",
"tokio", "tokio",
"tokio-native-tls", "tokio-rustls",
"tokio-util", "tokio-util",
"toml", "toml",
"uuid", "uuid",
@ -807,12 +792,6 @@ dependencies = [
"pin-project-lite", "pin-project-lite",
] ]
[[package]]
name = "fastrand"
version = "2.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e8c02a5121d4ea3eb16a80748c74f5549a5665e4c21333c6098f283870fbdea6"
[[package]] [[package]]
name = "fastwebsockets" name = "fastwebsockets"
version = "0.8.0" version = "0.8.0"
@ -866,21 +845,6 @@ version = "1.0.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
[[package]]
name = "foreign-types"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
dependencies = [
"foreign-types-shared",
]
[[package]]
name = "foreign-types-shared"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
[[package]] [[package]]
name = "form_urlencoded" name = "form_urlencoded"
version = "1.2.1" version = "1.2.1"
@ -1541,23 +1505,6 @@ dependencies = [
"getrandom", "getrandom",
] ]
[[package]]
name = "native-tls"
version = "0.2.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a8614eb2c83d59d1c8cc974dd3f920198647674a0a035e1af1fa58707e317466"
dependencies = [
"libc",
"log",
"openssl",
"openssl-probe",
"openssl-sys",
"schannel",
"security-framework",
"security-framework-sys",
"tempfile",
]
[[package]] [[package]]
name = "nix" name = "nix"
version = "0.29.0" version = "0.29.0"
@ -1625,50 +1572,6 @@ version = "1.19.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92"
[[package]]
name = "openssl"
version = "0.10.66"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9529f4786b70a3e8c61e11179af17ab6188ad8d0ded78c5529441ed39d4bd9c1"
dependencies = [
"bitflags",
"cfg-if",
"foreign-types",
"libc",
"once_cell",
"openssl-macros",
"openssl-sys",
]
[[package]]
name = "openssl-macros"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "openssl-probe"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
[[package]]
name = "openssl-sys"
version = "0.9.103"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7f9e8deee91df40a943c71b917e5874b951d32a802526c85721ce3b776c929d6"
dependencies = [
"cc",
"libc",
"pkg-config",
"vcpkg",
]
[[package]] [[package]]
name = "parking" name = "parking"
version = "2.2.0" version = "2.2.0"
@ -2064,44 +1967,12 @@ version = "1.0.18"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f"
[[package]]
name = "schannel"
version = "0.1.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e9aaafd5a2b6e3d657ff009d82fbd630b6bd54dd4eb06f21693925cdf80f9b8b"
dependencies = [
"windows-sys 0.59.0",
]
[[package]] [[package]]
name = "scopeguard" name = "scopeguard"
version = "1.2.0" version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
[[package]]
name = "security-framework"
version = "2.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02"
dependencies = [
"bitflags",
"core-foundation",
"core-foundation-sys",
"libc",
"security-framework-sys",
]
[[package]]
name = "security-framework-sys"
version = "2.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "75da29fe9b9b08fe9d6b22b5b4bcbc75d8db3aa31e639aa56bb62e9d46bfceaf"
dependencies = [
"core-foundation-sys",
"libc",
]
[[package]] [[package]]
name = "semver" name = "semver"
version = "1.0.23" version = "1.0.23"
@ -2347,19 +2218,6 @@ version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a7065abeca94b6a8a577f9bd45aa0867a2238b74e8eb67cf10d492bc39351394" checksum = "a7065abeca94b6a8a577f9bd45aa0867a2238b74e8eb67cf10d492bc39351394"
[[package]]
name = "tempfile"
version = "3.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "04cbcdd0c794ebb0d4cf35e88edd2f7d2c4c3e9a5a6dab322839b321c6a87a64"
dependencies = [
"cfg-if",
"fastrand",
"once_cell",
"rustix",
"windows-sys 0.59.0",
]
[[package]] [[package]]
name = "thiserror" name = "thiserror"
version = "1.0.63" version = "1.0.63"
@ -2500,12 +2358,13 @@ dependencies = [
] ]
[[package]] [[package]]
name = "tokio-native-tls" name = "tokio-rustls"
version = "0.3.1" version = "0.26.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" checksum = "0c7bc40d0e5a97695bb96e27995cd3a08538541b0a846f65bba7a359f36700d4"
dependencies = [ dependencies = [
"native-tls", "rustls",
"rustls-pki-types",
"tokio", "tokio",
] ]
@ -2996,15 +2855,6 @@ dependencies = [
"windows-targets 0.52.6", "windows-targets 0.52.6",
] ]
[[package]]
name = "windows-sys"
version = "0.59.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b"
dependencies = [
"windows-targets 0.52.6",
]
[[package]] [[package]]
name = "windows-targets" name = "windows-targets"
version = "0.48.5" version = "0.48.5"

3
server/Cargo.toml
View file

@ -25,6 +25,7 @@ log = { version = "0.4.22", features = ["serde", "std"] }
nix = { version = "0.29.0", features = ["term"] } nix = { version = "0.29.0", features = ["term"] }
pty-process = { version = "0.4.0", features = ["async", "tokio"], optional = true } pty-process = { version = "0.4.0", features = ["async", "tokio"], optional = true }
regex = "1.10.6" regex = "1.10.6"
rustls-pemfile = "2.1.3"
serde = { version = "1.0.208", features = ["derive"] } serde = { version = "1.0.208", features = ["derive"] }
serde_json = { version = "1.0.125", optional = true } serde_json = { version = "1.0.125", optional = true }
serde_yaml = { version = "0.9.34", optional = true } serde_yaml = { version = "0.9.34", optional = true }
@ -33,7 +34,7 @@ shell-words = { version = "1.1.0", optional = true }
tikv-jemalloc-ctl = { version = "0.6.0", features = ["stats", "use_std"] } tikv-jemalloc-ctl = { version = "0.6.0", features = ["stats", "use_std"] }
tikv-jemallocator = "0.6.0" tikv-jemallocator = "0.6.0"
tokio = { version = "1.39.3", features = ["full"] } tokio = { version = "1.39.3", features = ["full"] }
tokio-native-tls = "0.3.1" tokio-rustls = { version = "0.26.0", features = ["ring", "tls12"], default-features = false }
tokio-util = { version = "0.7.11", features = ["codec", "compat", "io-util", "net"] } tokio-util = { version = "0.7.11", features = ["codec", "compat", "io-util", "net"] }
toml = { version = "0.8.19", optional = true } toml = { version = "0.8.19", optional = true }
uuid = { version = "1.10.0", features = ["v4"] } uuid = { version = "1.10.0", features = ["v4"] }

46
server/src/listener.rs
View file

@ -1,15 +1,19 @@
use std::{os::fd::AsFd, path::PathBuf, pin::Pin}; use std::{
io::{BufReader, Cursor},
os::fd::AsFd,
path::PathBuf,
pin::Pin,
sync::Arc,
};
use anyhow::Context; use anyhow::Context;
use rustls_pemfile::{certs, private_key};
use tokio::{ use tokio::{
fs::{remove_file, try_exists, File}, fs::{remove_file, try_exists, File},
io::{AsyncBufRead, AsyncRead, AsyncWrite, ReadHalf, WriteHalf}, io::{AsyncBufRead, AsyncRead, AsyncWrite, ReadHalf, WriteHalf},
net::{tcp, unix, TcpListener, TcpStream, UnixListener, UnixStream}, net::{tcp, unix, TcpListener, TcpStream, UnixListener, UnixStream},
}; };
use tokio_native_tls::{ use tokio_rustls::{rustls, server::TlsStream, TlsAcceptor};
native_tls::{self, Identity},
TlsAcceptor, TlsStream,
};
use uuid::Uuid; use uuid::Uuid;
use crate::{config::SocketType, CONFIG}; use crate::{config::SocketType, CONFIG};
@ -299,17 +303,31 @@ impl ServerListener {
.as_ref() .as_ref()
.context("no tls keypair provided")?; .context("no tls keypair provided")?;
let public = tokio::fs::read(&tls_keypair[0]) let mut public = BufReader::new(Cursor::new(
.await tokio::fs::read(&tls_keypair[0])
.context("failed to read public key")?; .await
let private = tokio::fs::read(&tls_keypair[1]) .context("failed to read public key")?,
.await ));
.context("failed to read private key")?; let public = certs(&mut public)
.collect::<Result<Vec<_>, _>>()
.context("failed to parse public key")?;
let mut private = BufReader::new(Cursor::new(
tokio::fs::read(&tls_keypair[1])
.await
.context("failed to read private key")?,
));
let private = private_key(&mut private)
.context("failed to parse private key")?
.context("no private key found")?;
let identity = let cfg = Arc::new(
Identity::from_pkcs8(&public, &private).context("failed to create tls identity")?; rustls::ServerConfig::builder()
.with_no_client_auth()
.with_single_cert(public, private)
.context("failed to create server config")?,
);
Ok(TlsAcceptor::from(native_tls::TlsAcceptor::new(identity)?)) Ok(TlsAcceptor::from(cfg))
} }
pub async fn new() -> anyhow::Result<Self> { pub async fn new() -> anyhow::Result<Self> {