Compare commits
9 Commits
391d0facd2
...
220905
| Author | SHA1 | Date | |
|---|---|---|---|
| d5f1f2c925 | |||
| 4ce1988e4c | |||
| edb88bb8c8 | |||
| dcb00ccc6e | |||
| eaddcc699b | |||
| 72f9e00b80 | |||
| 55da596587 | |||
| 1321cf79c6 | |||
| ce1237a13b |
13
.drone.yml
Normal file
13
.drone.yml
Normal file
@@ -0,0 +1,13 @@
|
||||
---
|
||||
kind: pipeline
|
||||
type: docker
|
||||
name: default
|
||||
|
||||
steps:
|
||||
- name: cargo_check
|
||||
image: rust
|
||||
commands:
|
||||
- rustup component add clippy
|
||||
- cargo clippy -- -D warnings
|
||||
- cargo test
|
||||
|
||||
@@ -1,4 +1,6 @@
|
||||
# TCP over HTTP
|
||||
[](https://drone.communiquons.org/pierre/tcp-over-http)
|
||||
|
||||
This project aims to provide an easy-to-setup TCP forwarding solution:
|
||||
|
||||
```
|
||||
|
||||
3
renovate.json
Normal file
3
renovate.json
Normal file
@@ -0,0 +1,3 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json"
|
||||
}
|
||||
@@ -8,7 +8,7 @@ use tcp_over_http::tcp_relay_server::server_config::ServerConfig;
|
||||
author,
|
||||
version,
|
||||
about,
|
||||
long_about = "Encapsulate TCP sockets inside HTTP WebSockets"
|
||||
long_about = "Encapsulate TCP sockets inside HTTP WebSockets\nSource code: https://gitea.communiquons.org/pierre/tcp-over-http"
|
||||
)]
|
||||
struct CliArgs {
|
||||
#[clap(subcommand)]
|
||||
|
||||
@@ -108,9 +108,7 @@ impl StreamHandler<Result<ws::Message, ws::ProtocolError>> for RelayWS {
|
||||
Ok(ws::Message::Text(text)) => ctx.text(text),
|
||||
Ok(ws::Message::Close(_reason)) => ctx.stop(),
|
||||
Ok(ws::Message::Binary(data)) => {
|
||||
if let Err(e) =
|
||||
futures::executor::block_on(self.tcp_write.write_all(&data.to_vec()))
|
||||
{
|
||||
if let Err(e) = futures::executor::block_on(self.tcp_write.write_all(&data)) {
|
||||
log::error!("Failed to forward some data, closing connection! {:?}", e);
|
||||
ctx.stop();
|
||||
}
|
||||
@@ -196,11 +194,16 @@ pub async fn relay_ws(
|
||||
tcp_write,
|
||||
hb: Instant::now(),
|
||||
};
|
||||
|
||||
let resp = ws::start(relay, &req, stream);
|
||||
log::info!(
|
||||
"Opening new WS connection for {:?} to {}",
|
||||
"Opening new WS connection:\
|
||||
* for {:?}\
|
||||
* to {}\
|
||||
* token {:?}",
|
||||
req.peer_addr(),
|
||||
upstream_addr
|
||||
upstream_addr,
|
||||
query.token
|
||||
);
|
||||
resp
|
||||
}
|
||||
|
||||
@@ -86,14 +86,14 @@ impl ClientCertVerifier for CustomCertClientVerifier {
|
||||
intermediates: &[Certificate],
|
||||
now: SystemTime,
|
||||
) -> Result<ClientCertVerified, Error> {
|
||||
let (_rem, cert) =
|
||||
X509Certificate::from_der(&end_entity.0).expect("Failed to read certificate!");
|
||||
|
||||
// Check the certificates sent by the client has been revoked
|
||||
if let Some(crl) = &self.crl {
|
||||
let (_rem, crl) =
|
||||
CertificateRevocationList::from_der(crl).expect("Failed to read CRL!");
|
||||
|
||||
let (_rem, cert) =
|
||||
X509Certificate::from_der(&end_entity.0).expect("Failed to read certificate!");
|
||||
|
||||
for revoked in crl.iter_revoked_certificates() {
|
||||
if revoked.user_certificate == cert.serial {
|
||||
log::error!(
|
||||
@@ -106,7 +106,24 @@ impl ClientCertVerifier for CustomCertClientVerifier {
|
||||
}
|
||||
}
|
||||
|
||||
self.upstream_cert_verifier
|
||||
.verify_client_cert(end_entity, intermediates, now)
|
||||
let result = self
|
||||
.upstream_cert_verifier
|
||||
.verify_client_cert(end_entity, intermediates, now);
|
||||
|
||||
match result.as_ref() {
|
||||
Err(e) => log::error!(
|
||||
"FAILED authentication attempt from Serial={} / Subject={} : {}",
|
||||
cert.serial,
|
||||
cert.subject,
|
||||
e
|
||||
),
|
||||
Ok(_) => log::info!(
|
||||
"SUCCESSFUL authentication attempt from Serial={} / Subject={}",
|
||||
cert.serial,
|
||||
cert.subject
|
||||
),
|
||||
}
|
||||
|
||||
result
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,10 +2,10 @@ use tokio::task;
|
||||
|
||||
use crate::tcp_relay_client::client_config::ClientConfig;
|
||||
use crate::tcp_relay_server::server_config::ServerConfig;
|
||||
use crate::test::{BAD_PATH, get_port_number, LOCALHOST_IP, PortsAllocation};
|
||||
use crate::test::dummy_tcp_sockets::wait_for_port;
|
||||
use crate::test::pki::Pki;
|
||||
use crate::test::test_files_utils::create_temp_file_with_random_content;
|
||||
use crate::test::{get_port_number, PortsAllocation, BAD_PATH, LOCALHOST_IP};
|
||||
|
||||
fn port(index: u16) -> u16 {
|
||||
get_port_number(PortsAllocation::ClientInvalidTlsConfiguration, index)
|
||||
@@ -155,5 +155,6 @@ async fn unmatched_key_cert_pair() {
|
||||
})
|
||||
.await
|
||||
.unwrap_err();
|
||||
}).await;
|
||||
})
|
||||
.await;
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
use crate::tcp_relay_client::client_config::ClientConfig;
|
||||
use crate::test::{BAD_PATH, get_port_number, LOCALHOST_IP, PortsAllocation};
|
||||
use crate::test::pki::Pki;
|
||||
use crate::test::test_files_utils::create_temp_file_with_random_content;
|
||||
use crate::test::{get_port_number, PortsAllocation, BAD_PATH, LOCALHOST_IP};
|
||||
|
||||
const VALID_TOKEN: &str = "AvalidTOKEN";
|
||||
|
||||
|
||||
@@ -30,9 +30,9 @@ mod dummy_tcp_sockets;
|
||||
mod pki;
|
||||
mod test_files_utils;
|
||||
|
||||
mod client_invalid_tls_configuration;
|
||||
mod client_invalid_tls_root_certificate_file;
|
||||
mod client_try_tls_while_there_is_no_tls;
|
||||
mod client_invalid_tls_configuration;
|
||||
mod invalid_with_token_auth;
|
||||
mod server_invalid_tls_config_invalid_cert;
|
||||
mod server_invalid_tls_config_invalid_client_crl;
|
||||
|
||||
Reference in New Issue
Block a user