pierre/tcp-over-http
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

cargo fmt

Browse Source
This commit is contained in:
Pierre HUBERT
2022-08-31 14:36:07 +02:00
parent cd0f6fea94
commit 3cbbd72a14
10 changed files with 170 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
tcp_relay_server/src/tls_cert_client_verifier.rs
View File

@@ -3,8 +3,8 @@ use std::io::BufReader;
use std::sync::Arc;
use std::time::SystemTime;
use rustls::{Certificate, DistinguishedNames, Error, RootCertStore};
use rustls::server::{AllowAnyAuthenticatedClient, ClientCertVerified, ClientCertVerifier};
use rustls::{Certificate, DistinguishedNames, Error, RootCertStore};
use rustls_pemfile::certs;
use crate::server_config::ServerConfig;
@@ -15,12 +15,17 @@ pub struct CustomCertClientVerifier {
impl CustomCertClientVerifier {
pub fn new(conf: Arc<ServerConfig>) -> Self {
let cert_path = conf.tls_client_auth_root_cert.as_deref()
let cert_path = conf
.tls_client_auth_root_cert
.as_deref()
.expect("No root certificates for client authentication provided!");
let cert_file = &mut BufReader::new(File::open(cert_path)
.expect("Failed to read root certificates for client authentication!"));
let cert_file = &mut BufReader::new(
File::open(cert_path)
.expect("Failed to read root certificates for client authentication!"),
);
let root_certs = certs(cert_file).unwrap()
let root_certs = certs(cert_file)
.unwrap()
.into_iter()
.map(Certificate)
.collect::<Vec<_>>();
@@ -32,7 +37,9 @@ impl CustomCertClientVerifier {
let mut store = RootCertStore::empty();
for cert in root_certs {
store.add(&cert).expect("Failed to add certificate to root store");
store
.add(&cert)
.expect("Failed to add certificate to root store");
}
Self {
@@ -54,8 +61,13 @@ impl ClientCertVerifier for CustomCertClientVerifier {
Some(vec![])
}
fn verify_client_cert(&self, end_entity: &Certificate, intermediates: &[Certificate], now: SystemTime) -> Result<ClientCertVerified, Error> {
self.upstream_cert_verifier.verify_client_cert(end_entity, intermediates, now)
fn verify_client_cert(
&self,
end_entity: &Certificate,
intermediates: &[Certificate],
now: SystemTime,
) -> Result<ClientCertVerified, Error> {
self.upstream_cert_verifier
.verify_client_cert(end_entity, intermediates, now)
}
}