Optimize root certificate management on client side

tcp_relay_server/src/lib.rs

@@ -1,2 +1,2 @@
-pub mod args;
+pub mod server_config;
 pub mod relay_ws;

tcp_relay_server/src/main.rs

@@ -5,18 +5,18 @@ use std::sync::Arc;
 use actix_web::{App, HttpRequest, HttpResponse, HttpServer, middleware, Responder, web};
 use actix_web::web::Data;
 use clap::Parser;
-use rustls::{Certificate, PrivateKey, ServerConfig};
+use rustls::{Certificate, PrivateKey};
 use rustls_pemfile::{certs, Item, read_one};
 
 use base::RelayedPort;
-use tcp_relay_server::args::ProgramArgs;
 use tcp_relay_server::relay_ws::relay_ws;
+use tcp_relay_server::server_config::ServerConfig;
 
 pub async fn hello_route() -> &'static str {
     "Hello world!"
 }
 
-pub async fn config_route(req: HttpRequest, data: Data<Arc<ProgramArgs>>) -> impl Responder {
+pub async fn config_route(req: HttpRequest, data: Data<Arc<ServerConfig>>) -> impl Responder {
     let token = req.headers().get("Authorization")
         .map(|t| t.to_str().unwrap_or_default())
         .unwrap_or_default()
@@ -39,7 +39,7 @@ pub async fn config_route(req: HttpRequest, data: Data<Arc<ProgramArgs>>) -> imp
 async fn main() -> std::io::Result<()> {
     env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));
 
-    let mut args: ProgramArgs = ProgramArgs::parse();
+    let mut args: ServerConfig = ServerConfig::parse();
 
     if args.ports.is_empty() {
         log::error!("No port to forward!");
@@ -73,7 +73,7 @@ async fn main() -> std::io::Result<()> {
             }
         };
 
-        let config = ServerConfig::builder()
+        let config = rustls::ServerConfig::builder()
             .with_safe_defaults()
             .with_no_client_auth()
             .with_single_cert(cert_chain, PrivateKey(key))

tcp_relay_server/src/relay_ws.rs

@@ -9,7 +9,7 @@ use tokio::io::{AsyncReadExt, AsyncWriteExt};
 use tokio::net::tcp::{OwnedReadHalf, OwnedWriteHalf};
 use tokio::net::TcpStream;
 
-use crate::args::ProgramArgs;
+use crate::server_config::ServerConfig;
 
 /// How often heartbeat pings are sent
 const HEARTBEAT_INTERVAL: Duration = Duration::from_secs(5);
@@ -153,7 +153,7 @@ pub struct WebSocketQuery {
 
 pub async fn relay_ws(req: HttpRequest, stream: web::Payload,
                       query: web::Query<WebSocketQuery>,
-                      conf: web::Data<Arc<ProgramArgs>>) -> Result<HttpResponse, Error> {
+                      conf: web::Data<Arc<ServerConfig>>) -> Result<HttpResponse, Error> {
     if !conf.tokens.contains(&query.token) {
         log::error!("Rejected WS request from {:?} due to invalid token!", req.peer_addr());
         return Ok(HttpResponse::Unauthorized().json("Invalid / missing token!"));

tcp_relay_server/src/server_config.rs

@@ -4,7 +4,7 @@ use clap::Parser;
 #[derive(Parser, Debug, Clone)]
 #[clap(author, version, about,
     long_about = "TCP-over-HTTP server. This program might be configured behind a reverse-proxy.")]
-pub struct ProgramArgs {
+pub struct ServerConfig {
     /// Access tokens
     #[clap(short, long)]
     pub tokens: Vec<String>,