mirror of https://github.com/ctz/rustls
impl Clone for ClientConfig
This commit is contained in:
Stepan Koltsov
Joseph Birr-Pixton
parent
10784deae2
commit
746dd9f6c8
|
|
@ -188,7 +188,7 @@ fn make_client_cfg(opts: &Options) -> Arc<rustls::ClientConfig> {
|
|||
}
|
||||
|
||||
cfg.dangerous()
|
||||
.set_certificate_verifier(Box::new(NoVerification {}));
|
||||
.set_certificate_verifier(Arc::new(NoVerification {}));
|
||||
|
||||
if !opts.protocols.is_empty() {
|
||||
cfg.set_protocols(&opts.protocols);
|
||||
|
|
|
|||
|
|
@ -400,7 +400,7 @@ fn apply_dangerous_options(args: &Args, cfg: &mut rustls::ClientConfig) {
|
|||
if args.flag_insecure {
|
||||
cfg
|
||||
.dangerous()
|
||||
.set_certificate_verifier(Box::new(danger::NoCertificateVerification {}));
|
||||
.set_certificate_verifier(Arc::new(danger::NoCertificateVerification {}));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ use std::io;
|
|||
/// This is like a `webpki::TrustAnchor`, except it owns
|
||||
/// rather than borrows its memory. That prevents lifetimes
|
||||
/// leaking up the object tree.
|
||||
#[derive(Debug)]
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct OwnedTrustAnchor {
|
||||
subject: Vec<u8>,
|
||||
spki: Vec<u8>,
|
||||
|
|
@ -37,7 +37,7 @@ impl OwnedTrustAnchor {
|
|||
|
||||
/// A container for root certificates able to provide a root-of-trust
|
||||
/// for connection authentication.
|
||||
#[derive(Debug)]
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct RootCertStore {
|
||||
/// The list of roots.
|
||||
pub roots: Vec<OwnedTrustAnchor>,
|
||||
|
|
|
|||
|
|
@ -162,6 +162,7 @@ impl ResolvesClientCert for AlwaysResolvesClientCert {
|
|||
///
|
||||
/// Making one of these can be expensive, and should be
|
||||
/// once per process rather than once per connection.
|
||||
#[derive(Clone)]
|
||||
pub struct ClientConfig {
|
||||
/// List of ciphersuites, in preference order.
|
||||
pub ciphersuites: Vec<&'static SupportedCipherSuite>,
|
||||
|
|
@ -174,13 +175,13 @@ pub struct ClientConfig {
|
|||
pub alpn_protocols: Vec<String>,
|
||||
|
||||
/// How we store session data or tickets.
|
||||
pub session_persistence: Mutex<Box<StoresClientSessions>>,
|
||||
pub session_persistence: Arc<Mutex<Box<StoresClientSessions>>>,
|
||||
|
||||
/// Our MTU. If None, we don't limit TLS message sizes.
|
||||
pub mtu: Option<usize>,
|
||||
|
||||
/// How to decide what client auth certificate/keys to use.
|
||||
pub client_auth_cert_resolver: Box<ResolvesClientCert>,
|
||||
pub client_auth_cert_resolver: Arc<ResolvesClientCert>,
|
||||
|
||||
/// Whether to support RFC5077 tickets. You must provide a working
|
||||
/// `session_persistence` member for this to have any meaningful
|
||||
|
|
@ -194,7 +195,7 @@ pub struct ClientConfig {
|
|||
pub versions: Vec<ProtocolVersion>,
|
||||
|
||||
/// How to verify the server certificate chain.
|
||||
verifier: Box<verify::ServerCertVerifier>,
|
||||
verifier: Arc<verify::ServerCertVerifier>,
|
||||
}
|
||||
|
||||
impl ClientConfig {
|
||||
|
|
@ -206,12 +207,12 @@ impl ClientConfig {
|
|||
ciphersuites: ALL_CIPHERSUITES.to_vec(),
|
||||
root_store: anchors::RootCertStore::empty(),
|
||||
alpn_protocols: Vec::new(),
|
||||
session_persistence: Mutex::new(Box::new(NoSessionStorage {})),
|
||||
session_persistence: Arc::new(Mutex::new(Box::new(NoSessionStorage {}))),
|
||||
mtu: None,
|
||||
client_auth_cert_resolver: Box::new(FailResolveClientCert {}),
|
||||
client_auth_cert_resolver: Arc::new(FailResolveClientCert {}),
|
||||
enable_tickets: true,
|
||||
versions: vec![ProtocolVersion::TLSv1_3, ProtocolVersion::TLSv1_2],
|
||||
verifier: Box::new(verify::WebPKIVerifier {})
|
||||
verifier: Arc::new(verify::WebPKIVerifier {})
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -231,7 +232,7 @@ impl ClientConfig {
|
|||
|
||||
/// Sets persistence layer to `persist`.
|
||||
pub fn set_persistence(&mut self, persist: Box<StoresClientSessions>) {
|
||||
self.session_persistence = Mutex::new(persist);
|
||||
self.session_persistence = Arc::new(Mutex::new(persist));
|
||||
}
|
||||
|
||||
/// Sets MTU to `mtu`. If None, the default is used.
|
||||
|
|
@ -259,7 +260,7 @@ impl ClientConfig {
|
|||
pub fn set_single_client_cert(&mut self,
|
||||
cert_chain: Vec<key::Certificate>,
|
||||
key_der: key::PrivateKey) {
|
||||
self.client_auth_cert_resolver = Box::new(AlwaysResolvesClientCert::new_rsa(cert_chain,
|
||||
self.client_auth_cert_resolver = Arc::new(AlwaysResolvesClientCert::new_rsa(cert_chain,
|
||||
&key_der));
|
||||
}
|
||||
|
||||
|
|
@ -274,6 +275,8 @@ impl ClientConfig {
|
|||
/// Container for unsafe APIs
|
||||
#[cfg(feature = "dangerous_configuration")]
|
||||
pub mod danger {
|
||||
use std::sync::Arc;
|
||||
|
||||
use super::ClientConfig;
|
||||
use super::verify::ServerCertVerifier;
|
||||
|
||||
|
|
@ -286,7 +289,7 @@ pub mod danger {
|
|||
impl<'a> DangerousClientConfig<'a> {
|
||||
/// Overrides the default `ServerCertVerifier` with something else.
|
||||
pub fn set_certificate_verifier(&mut self,
|
||||
verifier: Box<ServerCertVerifier>) {
|
||||
verifier: Arc<ServerCertVerifier>) {
|
||||
self.cfg.verifier = verifier;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -445,7 +445,7 @@ fn client_cert_resolve() {
|
|||
let mut client_config = make_client_config();
|
||||
let mut server_config = make_server_config();
|
||||
|
||||
client_config.client_auth_cert_resolver = Box::new(ClientCheckCertResolve::new(1));
|
||||
client_config.client_auth_cert_resolver = Arc::new(ClientCheckCertResolve::new(1));
|
||||
server_config.set_client_auth_roots(get_chain(), true);
|
||||
|
||||
let mut client = ClientSession::new(&Arc::new(client_config), "localhost");
|
||||
|
|
|
|||
Loading…
Reference in New Issue