Managed to update rustls to version 0.21
This commit is contained in:
parent
5609708848
commit
e534deefae
52
Cargo.lock
generated
52
Cargo.lock
generated
@ -56,7 +56,7 @@ dependencies = [
|
|||||||
"actix-tls",
|
"actix-tls",
|
||||||
"actix-utils",
|
"actix-utils",
|
||||||
"ahash",
|
"ahash",
|
||||||
"base64 0.21.7",
|
"base64",
|
||||||
"bitflags 2.4.2",
|
"bitflags 2.4.2",
|
||||||
"brotli",
|
"brotli",
|
||||||
"bytes",
|
"bytes",
|
||||||
@ -158,10 +158,10 @@ dependencies = [
|
|||||||
"impl-more",
|
"impl-more",
|
||||||
"pin-project-lite",
|
"pin-project-lite",
|
||||||
"tokio",
|
"tokio",
|
||||||
"tokio-rustls 0.23.4",
|
"tokio-rustls 0.24.1",
|
||||||
"tokio-util",
|
"tokio-util",
|
||||||
"tracing",
|
"tracing",
|
||||||
"webpki-roots 0.22.6",
|
"webpki-roots",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
@ -416,12 +416,6 @@ dependencies = [
|
|||||||
"rustc-demangle",
|
"rustc-demangle",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "base64"
|
|
||||||
version = "0.13.1"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "base64"
|
name = "base64"
|
||||||
version = "0.21.7"
|
version = "0.21.7"
|
||||||
@ -1294,7 +1288,7 @@ version = "3.0.3"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "1b8fcc794035347fb64beda2d3b462595dd2753e3f268d89c5aae77e8cf2c310"
|
checksum = "1b8fcc794035347fb64beda2d3b462595dd2753e3f268d89c5aae77e8cf2c310"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"base64 0.21.7",
|
"base64",
|
||||||
"serde",
|
"serde",
|
||||||
]
|
]
|
||||||
|
|
||||||
@ -1426,7 +1420,7 @@ version = "0.11.23"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "37b1ae8d9ac08420c66222fb9096fc5de435c3c48542bc5336c51892cffafb41"
|
checksum = "37b1ae8d9ac08420c66222fb9096fc5de435c3c48542bc5336c51892cffafb41"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"base64 0.21.7",
|
"base64",
|
||||||
"bytes",
|
"bytes",
|
||||||
"encoding_rs",
|
"encoding_rs",
|
||||||
"futures-core",
|
"futures-core",
|
||||||
@ -1456,7 +1450,7 @@ dependencies = [
|
|||||||
"wasm-bindgen",
|
"wasm-bindgen",
|
||||||
"wasm-bindgen-futures",
|
"wasm-bindgen-futures",
|
||||||
"web-sys",
|
"web-sys",
|
||||||
"webpki-roots 0.25.3",
|
"webpki-roots",
|
||||||
"winreg",
|
"winreg",
|
||||||
]
|
]
|
||||||
|
|
||||||
@ -1568,7 +1562,7 @@ version = "1.0.4"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c"
|
checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"base64 0.21.7",
|
"base64",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
@ -1577,7 +1571,7 @@ version = "2.0.0"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "35e4980fa29e4c4b212ffb3db068a564cbf560e51d3944b7c88bd8bf5bec64f4"
|
checksum = "35e4980fa29e4c4b212ffb3db068a564cbf560e51d3944b7c88bd8bf5bec64f4"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"base64 0.21.7",
|
"base64",
|
||||||
"rustls-pki-types",
|
"rustls-pki-types",
|
||||||
]
|
]
|
||||||
|
|
||||||
@ -1836,7 +1830,8 @@ dependencies = [
|
|||||||
"pem",
|
"pem",
|
||||||
"rand",
|
"rand",
|
||||||
"reqwest",
|
"reqwest",
|
||||||
"rustls 0.20.9",
|
"rustls 0.21.10",
|
||||||
|
"rustls-native-certs",
|
||||||
"rustls-pemfile 2.0.0",
|
"rustls-pemfile 2.0.0",
|
||||||
"serde",
|
"serde",
|
||||||
"tokio",
|
"tokio",
|
||||||
@ -1972,18 +1967,17 @@ dependencies = [
|
|||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "tokio-tungstenite"
|
name = "tokio-tungstenite"
|
||||||
version = "0.18.0"
|
version = "0.20.1"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "54319c93411147bced34cb5609a80e0a8e44c5999c93903a81cd866630ec0bfd"
|
checksum = "212d5dcb2a1ce06d81107c3d0ffa3121fe974b73f068c8282cb1c32328113b6c"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"futures-util",
|
"futures-util",
|
||||||
"log",
|
"log",
|
||||||
"rustls 0.20.9",
|
"rustls 0.21.10",
|
||||||
"rustls-native-certs",
|
"rustls-native-certs",
|
||||||
"tokio",
|
"tokio",
|
||||||
"tokio-rustls 0.23.4",
|
"tokio-rustls 0.24.1",
|
||||||
"tungstenite",
|
"tungstenite",
|
||||||
"webpki",
|
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
@ -2034,23 +2028,22 @@ checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
|
|||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "tungstenite"
|
name = "tungstenite"
|
||||||
version = "0.18.0"
|
version = "0.20.1"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "30ee6ab729cd4cf0fd55218530c4522ed30b7b6081752839b68fcec8d0960788"
|
checksum = "9e3dac10fd62eaf6617d3a904ae222845979aec67c615d1c842b4002c7666fb9"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"base64 0.13.1",
|
|
||||||
"byteorder",
|
"byteorder",
|
||||||
"bytes",
|
"bytes",
|
||||||
|
"data-encoding",
|
||||||
"http",
|
"http",
|
||||||
"httparse",
|
"httparse",
|
||||||
"log",
|
"log",
|
||||||
"rand",
|
"rand",
|
||||||
"rustls 0.20.9",
|
"rustls 0.21.10",
|
||||||
"sha1",
|
"sha1",
|
||||||
"thiserror",
|
"thiserror",
|
||||||
"url",
|
"url",
|
||||||
"utf-8",
|
"utf-8",
|
||||||
"webpki",
|
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
@ -2243,15 +2236,6 @@ dependencies = [
|
|||||||
"untrusted 0.9.0",
|
"untrusted 0.9.0",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "webpki-roots"
|
|
||||||
version = "0.22.6"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "b6c71e40d7d2c34a5106301fb632274ca37242cd0c9d3e64dbece371a40a2d87"
|
|
||||||
dependencies = [
|
|
||||||
"webpki",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "webpki-roots"
|
name = "webpki-roots"
|
||||||
version = "0.25.3"
|
version = "0.25.3"
|
||||||
|
@ -9,7 +9,7 @@ clap = { version = "4.4.18", features = ["derive", "env"] }
|
|||||||
log = "0.4.20"
|
log = "0.4.20"
|
||||||
env_logger = "0.10.1"
|
env_logger = "0.10.1"
|
||||||
actix = "0.13.1"
|
actix = "0.13.1"
|
||||||
actix-web = { version = "4", features = ["rustls"] }
|
actix-web = { version = "4", features = ["rustls-0_21"] }
|
||||||
actix-web-actors = "4.2.0"
|
actix-web-actors = "4.2.0"
|
||||||
actix-tls = "3.1.1"
|
actix-tls = "3.1.1"
|
||||||
serde = { version = "1.0.195", features = ["derive"] }
|
serde = { version = "1.0.195", features = ["derive"] }
|
||||||
@ -19,12 +19,13 @@ webpki = "0.22.4"
|
|||||||
x509-parser = "0.15.1"
|
x509-parser = "0.15.1"
|
||||||
pem = "3.0.3"
|
pem = "3.0.3"
|
||||||
reqwest = { version = "0.11.23", features = ["json", "rustls-tls"], default-features = false }
|
reqwest = { version = "0.11.23", features = ["json", "rustls-tls"], default-features = false }
|
||||||
tokio-tungstenite = { version = "0.18.0", features = ["__rustls-tls", "rustls-tls-native-roots"] }
|
tokio-tungstenite = { version = "0.20.0", features = ["__rustls-tls", "rustls-tls-native-roots"] }
|
||||||
urlencoding = "2.1.3"
|
urlencoding = "2.1.3"
|
||||||
hyper-rustls = { version = "0.23.2", features = ["rustls-native-certs"] }
|
hyper-rustls = { version = "0.23.2", features = ["rustls-native-certs"] }
|
||||||
bytes = "1.5.0"
|
bytes = "1.5.0"
|
||||||
rustls-pemfile = "2.0.0"
|
rustls-pemfile = "2.0.0"
|
||||||
rustls = { version = "0.20.7", features = ["dangerous_configuration"] }
|
rustls = { version = "0.21.0", features = ["dangerous_configuration"] }
|
||||||
|
rustls-native-certs = "0.6.3"
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
rand = "0.8.5"
|
rand = "0.8.5"
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
use std::sync::Arc;
|
use std::sync::Arc;
|
||||||
|
|
||||||
use futures::{SinkExt, StreamExt};
|
use futures::{SinkExt, StreamExt};
|
||||||
use hyper_rustls::ConfigBuilderExt;
|
|
||||||
use rustls::RootCertStore;
|
use rustls::RootCertStore;
|
||||||
use tokio::io::{AsyncReadExt, AsyncWriteExt};
|
use tokio::io::{AsyncReadExt, AsyncWriteExt};
|
||||||
use tokio::net::{TcpListener, TcpStream};
|
use tokio::net::{TcpListener, TcpStream};
|
||||||
@ -42,7 +41,17 @@ async fn relay_connection(ws_url: String, socket: TcpStream, conf: Arc<ClientCon
|
|||||||
let config = rustls::ClientConfig::builder().with_safe_defaults();
|
let config = rustls::ClientConfig::builder().with_safe_defaults();
|
||||||
|
|
||||||
let config = match conf.get_root_certificate() {
|
let config = match conf.get_root_certificate() {
|
||||||
None => config.with_native_roots(),
|
None => {
|
||||||
|
// Perform a connection over TLS
|
||||||
|
let mut roots = RootCertStore::empty();
|
||||||
|
for cert in rustls_native_certs::load_native_certs()
|
||||||
|
.expect("Failed to load native certificates")
|
||||||
|
{
|
||||||
|
roots.add(&rustls::Certificate(cert.0)).unwrap();
|
||||||
|
}
|
||||||
|
|
||||||
|
config.with_root_certificates(roots)
|
||||||
|
}
|
||||||
Some(cert) => {
|
Some(cert) => {
|
||||||
log::debug!("Using custom root certificates");
|
log::debug!("Using custom root certificates");
|
||||||
let mut store = RootCertStore::empty();
|
let mut store = RootCertStore::empty();
|
||||||
@ -72,7 +81,7 @@ async fn relay_connection(ws_url: String, socket: TcpStream, conf: Arc<ClientCon
|
|||||||
let connector = tokio_tungstenite::Connector::Rustls(Arc::new(config));
|
let connector = tokio_tungstenite::Connector::Rustls(Arc::new(config));
|
||||||
|
|
||||||
let (ws_stream, _) =
|
let (ws_stream, _) =
|
||||||
tokio_tungstenite::connect_async_tls_with_config(ws_url, None, Some(connector))
|
tokio_tungstenite::connect_async_tls_with_config(ws_url, None, false, Some(connector))
|
||||||
.await
|
.await
|
||||||
.expect("Failed to connect to server relay!");
|
.expect("Failed to connect to server relay!");
|
||||||
|
|
||||||
|
@ -121,7 +121,7 @@ pub async fn run_app(mut config: ServerConfig) -> std::io::Result<()> {
|
|||||||
});
|
});
|
||||||
|
|
||||||
if let Some(tls_conf) = tls_config {
|
if let Some(tls_conf) = tls_config {
|
||||||
server.bind_rustls(&args.listen_address, tls_conf)?
|
server.bind_rustls_021(&args.listen_address, tls_conf)?
|
||||||
} else {
|
} else {
|
||||||
server.bind(&args.listen_address)?
|
server.bind(&args.listen_address)?
|
||||||
}
|
}
|
||||||
|
@ -1,9 +1,8 @@
|
|||||||
use std::sync::Arc;
|
use std::sync::Arc;
|
||||||
use std::time::SystemTime;
|
use std::time::SystemTime;
|
||||||
|
|
||||||
use rustls::internal::msgs::enums::AlertDescription;
|
|
||||||
use rustls::server::{AllowAnyAuthenticatedClient, ClientCertVerified, ClientCertVerifier};
|
use rustls::server::{AllowAnyAuthenticatedClient, ClientCertVerified, ClientCertVerifier};
|
||||||
use rustls::{Certificate, DistinguishedNames, Error, RootCertStore};
|
use rustls::{AlertDescription, Certificate, DistinguishedName, Error, RootCertStore};
|
||||||
use x509_parser::prelude::{CertificateRevocationList, FromDer, X509Certificate};
|
use x509_parser::prelude::{CertificateRevocationList, FromDer, X509Certificate};
|
||||||
|
|
||||||
use crate::base::cert_utils::parse_pem_certificates;
|
use crate::base::cert_utils::parse_pem_certificates;
|
||||||
@ -61,7 +60,7 @@ impl CustomCertClientVerifier {
|
|||||||
};
|
};
|
||||||
|
|
||||||
Ok(Self {
|
Ok(Self {
|
||||||
upstream_cert_verifier: Box::new(AllowAnyAuthenticatedClient::new(store)),
|
upstream_cert_verifier: Box::new(Arc::new(AllowAnyAuthenticatedClient::new(store))),
|
||||||
crl,
|
crl,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
@ -72,12 +71,12 @@ impl ClientCertVerifier for CustomCertClientVerifier {
|
|||||||
true
|
true
|
||||||
}
|
}
|
||||||
|
|
||||||
fn client_auth_mandatory(&self) -> Option<bool> {
|
fn client_auth_mandatory(&self) -> bool {
|
||||||
Some(true)
|
true
|
||||||
}
|
}
|
||||||
|
|
||||||
fn client_auth_root_subjects(&self) -> Option<DistinguishedNames> {
|
fn client_auth_root_subjects(&self) -> &[DistinguishedName] {
|
||||||
Some(vec![])
|
&[]
|
||||||
}
|
}
|
||||||
|
|
||||||
fn verify_client_cert(
|
fn verify_client_cert(
|
||||||
|
Loading…
Reference in New Issue
Block a user