mirror of https://github.com/ctz/rustls
rustfmt tlsclient.rs and tlsserver.rs
Requires rustfmt v2.0 or later, for chain_width support.
This commit is contained in:
Joseph Birr-Pixton
parent
dda4ca7628
commit
b3115897d1
|
|
@ -0,0 +1 @@
|
||||||
|
chain_width=40
|
||||||
|
|
@ -1,15 +1,15 @@
|
||||||
use std::sync::{Arc, Mutex};
|
|
||||||
use std::process;
|
use std::process;
|
||||||
|
use std::sync::{Arc, Mutex};
|
||||||
|
|
||||||
use mio;
|
use mio;
|
||||||
use mio::net::TcpStream;
|
use mio::net::TcpStream;
|
||||||
|
|
||||||
|
use std::collections;
|
||||||
|
use std::fs;
|
||||||
|
use std::io;
|
||||||
|
use std::io::{BufReader, Read, Write};
|
||||||
use std::net::SocketAddr;
|
use std::net::SocketAddr;
|
||||||
use std::str;
|
use std::str;
|
||||||
use std::io;
|
|
||||||
use std::fs;
|
|
||||||
use std::collections;
|
|
||||||
use std::io::{Read, Write, BufReader};
|
|
||||||
|
|
||||||
use env_logger;
|
use env_logger;
|
||||||
|
|
||||||
|
|
@ -18,10 +18,10 @@ extern crate serde_derive;
|
||||||
|
|
||||||
use docopt::Docopt;
|
use docopt::Docopt;
|
||||||
|
|
||||||
|
use ct_logs;
|
||||||
use rustls;
|
use rustls;
|
||||||
use webpki;
|
use webpki;
|
||||||
use webpki_roots;
|
use webpki_roots;
|
||||||
use ct_logs;
|
|
||||||
|
|
||||||
use rustls::Session;
|
use rustls::Session;
|
||||||
|
|
||||||
|
|
@ -37,7 +37,11 @@ struct TlsClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl TlsClient {
|
impl TlsClient {
|
||||||
fn new(sock: TcpStream, hostname: webpki::DNSNameRef<'_>, cfg: Arc<rustls::ClientConfig>) -> TlsClient {
|
fn new(
|
||||||
|
sock: TcpStream,
|
||||||
|
hostname: webpki::DNSNameRef<'_>,
|
||||||
|
cfg: Arc<rustls::ClientConfig>,
|
||||||
|
) -> TlsClient {
|
||||||
TlsClient {
|
TlsClient {
|
||||||
socket: sock,
|
socket: sock,
|
||||||
closing: false,
|
closing: false,
|
||||||
|
|
@ -67,7 +71,9 @@ impl TlsClient {
|
||||||
fn read_source_to_end(&mut self, rd: &mut dyn io::Read) -> io::Result<usize> {
|
fn read_source_to_end(&mut self, rd: &mut dyn io::Read) -> io::Result<usize> {
|
||||||
let mut buf = Vec::new();
|
let mut buf = Vec::new();
|
||||||
let len = rd.read_to_end(&mut buf)?;
|
let len = rd.read_to_end(&mut buf)?;
|
||||||
self.tls_session.write_all(&buf).unwrap();
|
self.tls_session
|
||||||
|
.write_all(&buf)
|
||||||
|
.unwrap();
|
||||||
Ok(len)
|
Ok(len)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -75,7 +81,9 @@ impl TlsClient {
|
||||||
fn do_read(&mut self) {
|
fn do_read(&mut self) {
|
||||||
// Read TLS data. This fails if the underlying TCP connection
|
// Read TLS data. This fails if the underlying TCP connection
|
||||||
// is broken.
|
// is broken.
|
||||||
let rc = self.tls_session.read_tls(&mut self.socket);
|
let rc = self
|
||||||
|
.tls_session
|
||||||
|
.read_tls(&mut self.socket);
|
||||||
if rc.is_err() {
|
if rc.is_err() {
|
||||||
let error = rc.unwrap_err();
|
let error = rc.unwrap_err();
|
||||||
if error.kind() == io::ErrorKind::WouldBlock {
|
if error.kind() == io::ErrorKind::WouldBlock {
|
||||||
|
|
@ -109,9 +117,13 @@ impl TlsClient {
|
||||||
//
|
//
|
||||||
// Read it and then write it to stdout.
|
// Read it and then write it to stdout.
|
||||||
let mut plaintext = Vec::new();
|
let mut plaintext = Vec::new();
|
||||||
let rc = self.tls_session.read_to_end(&mut plaintext);
|
let rc = self
|
||||||
|
.tls_session
|
||||||
|
.read_to_end(&mut plaintext);
|
||||||
if !plaintext.is_empty() {
|
if !plaintext.is_empty() {
|
||||||
io::stdout().write_all(&plaintext).unwrap();
|
io::stdout()
|
||||||
|
.write_all(&plaintext)
|
||||||
|
.unwrap();
|
||||||
}
|
}
|
||||||
|
|
||||||
// If that fails, the peer might have started a clean TLS-level
|
// If that fails, the peer might have started a clean TLS-level
|
||||||
|
|
@ -126,19 +138,25 @@ impl TlsClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
fn do_write(&mut self) {
|
fn do_write(&mut self) {
|
||||||
self.tls_session.write_tls(&mut self.socket).unwrap();
|
self.tls_session
|
||||||
|
.write_tls(&mut self.socket)
|
||||||
|
.unwrap();
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Registers self as a 'listener' in mio::Registry
|
/// Registers self as a 'listener' in mio::Registry
|
||||||
fn register(&mut self, registry: &mio::Registry) {
|
fn register(&mut self, registry: &mio::Registry) {
|
||||||
let interest = self.event_set();
|
let interest = self.event_set();
|
||||||
registry.register(&mut self.socket, CLIENT, interest).unwrap();
|
registry
|
||||||
|
.register(&mut self.socket, CLIENT, interest)
|
||||||
|
.unwrap();
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Reregisters self as a 'listener' in mio::Registry.
|
/// Reregisters self as a 'listener' in mio::Registry.
|
||||||
fn reregister(&mut self, registry: &mio::Registry) {
|
fn reregister(&mut self, registry: &mio::Registry) {
|
||||||
let interest = self.event_set();
|
let interest = self.event_set();
|
||||||
registry.reregister(&mut self.socket, CLIENT, interest).unwrap();
|
registry
|
||||||
|
.reregister(&mut self.socket, CLIENT, interest)
|
||||||
|
.unwrap();
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Use wants_read/wants_write to register for different mio-level
|
/// Use wants_read/wants_write to register for different mio-level
|
||||||
|
|
@ -203,15 +221,15 @@ impl PersistCache {
|
||||||
|
|
||||||
/// If we have a filename, save the cache contents to it.
|
/// If we have a filename, save the cache contents to it.
|
||||||
fn save(&self) {
|
fn save(&self) {
|
||||||
use rustls::internal::msgs::codec::Codec;
|
|
||||||
use rustls::internal::msgs::base::PayloadU16;
|
use rustls::internal::msgs::base::PayloadU16;
|
||||||
|
use rustls::internal::msgs::codec::Codec;
|
||||||
|
|
||||||
if self.filename.is_none() {
|
if self.filename.is_none() {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut file = fs::File::create(self.filename.as_ref().unwrap())
|
let mut file =
|
||||||
.expect("cannot open cache file");
|
fs::File::create(self.filename.as_ref().unwrap()).expect("cannot open cache file");
|
||||||
|
|
||||||
for (key, val) in self.cache.lock().unwrap().iter() {
|
for (key, val) in self.cache.lock().unwrap().iter() {
|
||||||
let mut item = Vec::new();
|
let mut item = Vec::new();
|
||||||
|
|
@ -225,8 +243,8 @@ impl PersistCache {
|
||||||
|
|
||||||
/// We have a filename, so replace the cache contents from it.
|
/// We have a filename, so replace the cache contents from it.
|
||||||
fn load(&self) {
|
fn load(&self) {
|
||||||
use rustls::internal::msgs::codec::{Codec, Reader};
|
|
||||||
use rustls::internal::msgs::base::PayloadU16;
|
use rustls::internal::msgs::base::PayloadU16;
|
||||||
|
use rustls::internal::msgs::codec::{Codec, Reader};
|
||||||
|
|
||||||
let mut file = match fs::File::open(self.filename.as_ref().unwrap()) {
|
let mut file = match fs::File::open(self.filename.as_ref().unwrap()) {
|
||||||
Ok(f) => f,
|
Ok(f) => f,
|
||||||
|
|
@ -235,8 +253,7 @@ impl PersistCache {
|
||||||
let mut data = Vec::new();
|
let mut data = Vec::new();
|
||||||
file.read_to_end(&mut data).unwrap();
|
file.read_to_end(&mut data).unwrap();
|
||||||
|
|
||||||
let mut cache = self.cache.lock()
|
let mut cache = self.cache.lock().unwrap();
|
||||||
.unwrap();
|
|
||||||
cache.clear();
|
cache.clear();
|
||||||
let mut rd = Reader::init(&data);
|
let mut rd = Reader::init(&data);
|
||||||
|
|
||||||
|
|
@ -251,7 +268,8 @@ impl PersistCache {
|
||||||
impl rustls::StoresClientSessions for PersistCache {
|
impl rustls::StoresClientSessions for PersistCache {
|
||||||
/// put: insert into in-memory cache, and perhaps persist to disk.
|
/// put: insert into in-memory cache, and perhaps persist to disk.
|
||||||
fn put(&self, key: Vec<u8>, value: Vec<u8>) -> bool {
|
fn put(&self, key: Vec<u8>, value: Vec<u8>) -> bool {
|
||||||
self.cache.lock()
|
self.cache
|
||||||
|
.lock()
|
||||||
.unwrap()
|
.unwrap()
|
||||||
.insert(key, value);
|
.insert(key, value);
|
||||||
self.save();
|
self.save();
|
||||||
|
|
@ -260,9 +278,11 @@ impl rustls::StoresClientSessions for PersistCache {
|
||||||
|
|
||||||
/// get: from in-memory cache
|
/// get: from in-memory cache
|
||||||
fn get(&self, key: &[u8]) -> Option<Vec<u8>> {
|
fn get(&self, key: &[u8]) -> Option<Vec<u8>> {
|
||||||
self.cache.lock()
|
self.cache
|
||||||
|
.lock()
|
||||||
.unwrap()
|
.unwrap()
|
||||||
.get(key).cloned()
|
.get(key)
|
||||||
|
.cloned()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -374,7 +394,10 @@ fn lookup_versions(versions: &[String]) -> Vec<rustls::ProtocolVersion> {
|
||||||
let version = match vname.as_ref() {
|
let version = match vname.as_ref() {
|
||||||
"1.2" => rustls::ProtocolVersion::TLSv1_2,
|
"1.2" => rustls::ProtocolVersion::TLSv1_2,
|
||||||
"1.3" => rustls::ProtocolVersion::TLSv1_3,
|
"1.3" => rustls::ProtocolVersion::TLSv1_3,
|
||||||
_ => panic!("cannot look up version '{}', valid are '1.2' and '1.3'", vname),
|
_ => panic!(
|
||||||
|
"cannot look up version '{}', valid are '1.2' and '1.3'",
|
||||||
|
vname
|
||||||
|
),
|
||||||
};
|
};
|
||||||
out.push(version);
|
out.push(version);
|
||||||
}
|
}
|
||||||
|
|
@ -400,7 +423,8 @@ fn load_key_and_cert(config: &mut rustls::ClientConfig, keyfile: &str, certsfile
|
||||||
let certs = load_certs(certsfile);
|
let certs = load_certs(certsfile);
|
||||||
let privkey = load_private_key(keyfile);
|
let privkey = load_private_key(keyfile);
|
||||||
|
|
||||||
config.set_single_client_cert(certs, privkey)
|
config
|
||||||
|
.set_single_client_cert(certs, privkey)
|
||||||
.expect("invalid certificate or private key");
|
.expect("invalid certificate or private key");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -412,11 +436,13 @@ mod danger {
|
||||||
pub struct NoCertificateVerification {}
|
pub struct NoCertificateVerification {}
|
||||||
|
|
||||||
impl rustls::ServerCertVerifier for NoCertificateVerification {
|
impl rustls::ServerCertVerifier for NoCertificateVerification {
|
||||||
fn verify_server_cert(&self,
|
fn verify_server_cert(
|
||||||
_roots: &rustls::RootCertStore,
|
&self,
|
||||||
_presented_certs: &[rustls::Certificate],
|
_roots: &rustls::RootCertStore,
|
||||||
_dns_name: webpki::DNSNameRef<'_>,
|
_presented_certs: &[rustls::Certificate],
|
||||||
_ocsp: &[u8]) -> Result<rustls::ServerCertVerified, rustls::TLSError> {
|
_dns_name: webpki::DNSNameRef<'_>,
|
||||||
|
_ocsp: &[u8],
|
||||||
|
) -> Result<rustls::ServerCertVerified, rustls::TLSError> {
|
||||||
Ok(rustls::ServerCertVerified::assertion())
|
Ok(rustls::ServerCertVerified::assertion())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -425,8 +451,7 @@ mod danger {
|
||||||
#[cfg(feature = "dangerous_configuration")]
|
#[cfg(feature = "dangerous_configuration")]
|
||||||
fn apply_dangerous_options(args: &Args, cfg: &mut rustls::ClientConfig) {
|
fn apply_dangerous_options(args: &Args, cfg: &mut rustls::ClientConfig) {
|
||||||
if args.flag_insecure {
|
if args.flag_insecure {
|
||||||
cfg
|
cfg.dangerous()
|
||||||
.dangerous()
|
|
||||||
.set_certificate_verifier(Arc::new(danger::NoCertificateVerification {}));
|
.set_certificate_verifier(Arc::new(danger::NoCertificateVerification {}));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -456,11 +481,14 @@ fn make_config(args: &Args) -> Arc<rustls::ClientConfig> {
|
||||||
|
|
||||||
let certfile = fs::File::open(&cafile).expect("Cannot open CA file");
|
let certfile = fs::File::open(&cafile).expect("Cannot open CA file");
|
||||||
let mut reader = BufReader::new(certfile);
|
let mut reader = BufReader::new(certfile);
|
||||||
config.root_store
|
config
|
||||||
|
.root_store
|
||||||
.add_pem_file(&mut reader)
|
.add_pem_file(&mut reader)
|
||||||
.unwrap();
|
.unwrap();
|
||||||
} else {
|
} else {
|
||||||
config.root_store.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
|
config
|
||||||
|
.root_store
|
||||||
|
.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
|
||||||
config.ct_logs = Some(&ct_logs::LOGS);
|
config.ct_logs = Some(&ct_logs::LOGS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -474,23 +502,28 @@ fn make_config(args: &Args) -> Arc<rustls::ClientConfig> {
|
||||||
|
|
||||||
let persist = Arc::new(PersistCache::new(&args.flag_cache));
|
let persist = Arc::new(PersistCache::new(&args.flag_cache));
|
||||||
|
|
||||||
config.set_protocols(&args.flag_proto
|
config.set_protocols(
|
||||||
.iter()
|
&args
|
||||||
.map(|proto| proto.as_bytes().to_vec())
|
.flag_proto
|
||||||
.collect::<Vec<_>>()[..]);
|
.iter()
|
||||||
|
.map(|proto| proto.as_bytes().to_vec())
|
||||||
|
.collect::<Vec<_>>()[..],
|
||||||
|
);
|
||||||
config.set_persistence(persist);
|
config.set_persistence(persist);
|
||||||
config.set_mtu(&args.flag_mtu);
|
config.set_mtu(&args.flag_mtu);
|
||||||
|
|
||||||
apply_dangerous_options(args, &mut config);
|
apply_dangerous_options(args, &mut config);
|
||||||
|
|
||||||
if args.flag_auth_key.is_some() || args.flag_auth_certs.is_some() {
|
if args.flag_auth_key.is_some() || args.flag_auth_certs.is_some() {
|
||||||
load_key_and_cert(&mut config,
|
load_key_and_cert(
|
||||||
args.flag_auth_key
|
&mut config,
|
||||||
.as_ref()
|
args.flag_auth_key
|
||||||
.expect("must provide --auth-key with --auth-certs"),
|
.as_ref()
|
||||||
args.flag_auth_certs
|
.expect("must provide --auth-key with --auth-certs"),
|
||||||
.as_ref()
|
args.flag_auth_certs
|
||||||
.expect("must provide --auth-certs with --auth-key"));
|
.as_ref()
|
||||||
|
.expect("must provide --auth-certs with --auth-key"),
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
Arc::new(config)
|
Arc::new(config)
|
||||||
|
|
@ -523,23 +556,27 @@ fn main() {
|
||||||
let mut tlsclient = TlsClient::new(sock, dns_name, config);
|
let mut tlsclient = TlsClient::new(sock, dns_name, config);
|
||||||
|
|
||||||
if args.flag_http {
|
if args.flag_http {
|
||||||
let httpreq = format!("GET / HTTP/1.0\r\nHost: {}\r\nConnection: \
|
let httpreq = format!(
|
||||||
|
"GET / HTTP/1.0\r\nHost: {}\r\nConnection: \
|
||||||
close\r\nAccept-Encoding: identity\r\n\r\n",
|
close\r\nAccept-Encoding: identity\r\n\r\n",
|
||||||
args.arg_hostname);
|
args.arg_hostname
|
||||||
tlsclient.write_all(httpreq.as_bytes()).unwrap();
|
);
|
||||||
|
tlsclient
|
||||||
|
.write_all(httpreq.as_bytes())
|
||||||
|
.unwrap();
|
||||||
} else {
|
} else {
|
||||||
let mut stdin = io::stdin();
|
let mut stdin = io::stdin();
|
||||||
tlsclient.read_source_to_end(&mut stdin).unwrap();
|
tlsclient
|
||||||
|
.read_source_to_end(&mut stdin)
|
||||||
|
.unwrap();
|
||||||
}
|
}
|
||||||
|
|
||||||
let mut poll = mio::Poll::new()
|
let mut poll = mio::Poll::new().unwrap();
|
||||||
.unwrap();
|
|
||||||
let mut events = mio::Events::with_capacity(32);
|
let mut events = mio::Events::with_capacity(32);
|
||||||
tlsclient.register(poll.registry());
|
tlsclient.register(poll.registry());
|
||||||
|
|
||||||
loop {
|
loop {
|
||||||
poll.poll(&mut events, None)
|
poll.poll(&mut events, None).unwrap();
|
||||||
.unwrap();
|
|
||||||
|
|
||||||
for ev in events.iter() {
|
for ev in events.iter() {
|
||||||
tlsclient.ready(&ev);
|
tlsclient.ready(&ev);
|
||||||
|
|
|
||||||
|
|
@ -6,11 +6,11 @@ use mio::net::{TcpListener, TcpStream};
|
||||||
#[macro_use]
|
#[macro_use]
|
||||||
extern crate log;
|
extern crate log;
|
||||||
|
|
||||||
|
use std::collections::HashMap;
|
||||||
use std::fs;
|
use std::fs;
|
||||||
use std::io;
|
use std::io;
|
||||||
|
use std::io::{BufReader, Read, Write};
|
||||||
use std::net;
|
use std::net;
|
||||||
use std::io::{Write, Read, BufReader};
|
|
||||||
use std::collections::HashMap;
|
|
||||||
|
|
||||||
#[macro_use]
|
#[macro_use]
|
||||||
extern crate serde_derive;
|
extern crate serde_derive;
|
||||||
|
|
@ -21,8 +21,10 @@ use env_logger;
|
||||||
|
|
||||||
use rustls;
|
use rustls;
|
||||||
|
|
||||||
use rustls::{RootCertStore, Session, NoClientAuth, AllowAnyAuthenticatedClient,
|
use rustls::{
|
||||||
AllowAnyAnonymousOrAuthenticatedClient};
|
AllowAnyAnonymousOrAuthenticatedClient, AllowAnyAuthenticatedClient, NoClientAuth,
|
||||||
|
RootCertStore, Session,
|
||||||
|
};
|
||||||
|
|
||||||
// Token for our listening socket.
|
// Token for our listening socket.
|
||||||
const LISTENER: mio::Token = mio::Token(0);
|
const LISTENER: mio::Token = mio::Token(0);
|
||||||
|
|
@ -76,11 +78,15 @@ impl TlsServer {
|
||||||
|
|
||||||
let mut connection = Connection::new(socket, token, mode, tls_session);
|
let mut connection = Connection::new(socket, token, mode, tls_session);
|
||||||
connection.register(registry);
|
connection.register(registry);
|
||||||
self.connections.insert(token, connection);
|
self.connections
|
||||||
|
.insert(token, connection);
|
||||||
}
|
}
|
||||||
Err(ref err) if err.kind() == io::ErrorKind::WouldBlock => return Ok(()),
|
Err(ref err) if err.kind() == io::ErrorKind::WouldBlock => return Ok(()),
|
||||||
Err(err) => {
|
Err(err) => {
|
||||||
println!("encountered error while accepting connection; err={:?}", err);
|
println!(
|
||||||
|
"encountered error while accepting connection; err={:?}",
|
||||||
|
err
|
||||||
|
);
|
||||||
return Err(err);
|
return Err(err);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -147,11 +153,12 @@ fn try_read(r: io::Result<usize>) -> io::Result<Option<usize>> {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Connection {
|
impl Connection {
|
||||||
fn new(socket: TcpStream,
|
fn new(
|
||||||
token: mio::Token,
|
socket: TcpStream,
|
||||||
mode: ServerMode,
|
token: mio::Token,
|
||||||
tls_session: rustls::ServerSession)
|
mode: ServerMode,
|
||||||
-> Connection {
|
tls_session: rustls::ServerSession,
|
||||||
|
) -> Connection {
|
||||||
let back = open_back(&mode);
|
let back = open_back(&mode);
|
||||||
Connection {
|
Connection {
|
||||||
socket,
|
socket,
|
||||||
|
|
@ -181,7 +188,9 @@ impl Connection {
|
||||||
}
|
}
|
||||||
|
|
||||||
if self.closing {
|
if self.closing {
|
||||||
let _ = self.socket.shutdown(net::Shutdown::Both);
|
let _ = self
|
||||||
|
.socket
|
||||||
|
.shutdown(net::Shutdown::Both);
|
||||||
self.close_back();
|
self.close_back();
|
||||||
self.closed = true;
|
self.closed = true;
|
||||||
self.deregister(registry);
|
self.deregister(registry);
|
||||||
|
|
@ -194,14 +203,17 @@ impl Connection {
|
||||||
fn close_back(&mut self) {
|
fn close_back(&mut self) {
|
||||||
if self.back.is_some() {
|
if self.back.is_some() {
|
||||||
let back = self.back.as_mut().unwrap();
|
let back = self.back.as_mut().unwrap();
|
||||||
back.shutdown(net::Shutdown::Both).unwrap();
|
back.shutdown(net::Shutdown::Both)
|
||||||
|
.unwrap();
|
||||||
}
|
}
|
||||||
self.back = None;
|
self.back = None;
|
||||||
}
|
}
|
||||||
|
|
||||||
fn do_tls_read(&mut self) {
|
fn do_tls_read(&mut self) {
|
||||||
// Read some TLS data.
|
// Read some TLS data.
|
||||||
let rc = self.tls_session.read_tls(&mut self.socket);
|
let rc = self
|
||||||
|
.tls_session
|
||||||
|
.read_tls(&mut self.socket);
|
||||||
if rc.is_err() {
|
if rc.is_err() {
|
||||||
let err = rc.unwrap_err();
|
let err = rc.unwrap_err();
|
||||||
|
|
||||||
|
|
@ -276,7 +288,9 @@ impl Connection {
|
||||||
self.closing = true;
|
self.closing = true;
|
||||||
}
|
}
|
||||||
Some(len) => {
|
Some(len) => {
|
||||||
self.tls_session.write_all(&buf[..len]).unwrap();
|
self.tls_session
|
||||||
|
.write_all(&buf[..len])
|
||||||
|
.unwrap();
|
||||||
}
|
}
|
||||||
None => {}
|
None => {}
|
||||||
};
|
};
|
||||||
|
|
@ -292,13 +306,18 @@ impl Connection {
|
||||||
self.send_http_response_once();
|
self.send_http_response_once();
|
||||||
}
|
}
|
||||||
ServerMode::Forward(_) => {
|
ServerMode::Forward(_) => {
|
||||||
self.back.as_mut().unwrap().write_all(buf).unwrap();
|
self.back
|
||||||
|
.as_mut()
|
||||||
|
.unwrap()
|
||||||
|
.write_all(buf)
|
||||||
|
.unwrap();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn send_http_response_once(&mut self) {
|
fn send_http_response_once(&mut self) {
|
||||||
let response = b"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\nHello world from rustls tlsserver\r\n";
|
let response =
|
||||||
|
b"HTTP/1.0 200 OK\r\nConnection: close\r\n\r\nHello world from rustls tlsserver\r\n";
|
||||||
if !self.sent_http_response {
|
if !self.sent_http_response {
|
||||||
self.tls_session
|
self.tls_session
|
||||||
.write_all(response)
|
.write_all(response)
|
||||||
|
|
@ -309,7 +328,8 @@ impl Connection {
|
||||||
}
|
}
|
||||||
|
|
||||||
fn tls_write(&mut self) -> io::Result<usize> {
|
fn tls_write(&mut self) -> io::Result<usize> {
|
||||||
self.tls_session.write_tls(&mut self.socket)
|
self.tls_session
|
||||||
|
.write_tls(&mut self.socket)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn do_tls_write_and_handle_error(&mut self) {
|
fn do_tls_write_and_handle_error(&mut self) {
|
||||||
|
|
@ -323,33 +343,36 @@ impl Connection {
|
||||||
|
|
||||||
fn register(&mut self, registry: &mio::Registry) {
|
fn register(&mut self, registry: &mio::Registry) {
|
||||||
let event_set = self.event_set();
|
let event_set = self.event_set();
|
||||||
registry.register(&mut self.socket,
|
registry
|
||||||
self.token,
|
.register(&mut self.socket, self.token, event_set)
|
||||||
event_set)
|
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
||||||
if self.back.is_some() {
|
if self.back.is_some() {
|
||||||
registry.register(self.back.as_mut().unwrap(),
|
registry
|
||||||
self.token,
|
.register(
|
||||||
mio::Interest::READABLE)
|
self.back.as_mut().unwrap(),
|
||||||
|
self.token,
|
||||||
|
mio::Interest::READABLE,
|
||||||
|
)
|
||||||
.unwrap();
|
.unwrap();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn reregister(&mut self, registry: &mio::Registry) {
|
fn reregister(&mut self, registry: &mio::Registry) {
|
||||||
let event_set = self.event_set();
|
let event_set = self.event_set();
|
||||||
registry.reregister(&mut self.socket,
|
registry
|
||||||
self.token,
|
.reregister(&mut self.socket, self.token, event_set)
|
||||||
event_set)
|
|
||||||
.unwrap();
|
.unwrap();
|
||||||
}
|
}
|
||||||
|
|
||||||
fn deregister(&mut self, registry: &mio::Registry) {
|
fn deregister(&mut self, registry: &mio::Registry) {
|
||||||
registry.deregister(&mut self.socket)
|
registry
|
||||||
|
.deregister(&mut self.socket)
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
||||||
if self.back.is_some() {
|
if self.back.is_some() {
|
||||||
registry.deregister(self.back.as_mut().unwrap())
|
registry
|
||||||
|
.deregister(self.back.as_mut().unwrap())
|
||||||
.unwrap();
|
.unwrap();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -374,8 +397,7 @@ impl Connection {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
const USAGE: &'static str =
|
const USAGE: &'static str = "
|
||||||
"
|
|
||||||
Runs a TLS server on :PORT. The default PORT is 443.
|
Runs a TLS server on :PORT. The default PORT is 443.
|
||||||
|
|
||||||
`echo' mode means the server echoes received data on each connection.
|
`echo' mode means the server echoes received data on each connection.
|
||||||
|
|
@ -480,7 +502,10 @@ fn lookup_versions(versions: &[String]) -> Vec<rustls::ProtocolVersion> {
|
||||||
let version = match vname.as_ref() {
|
let version = match vname.as_ref() {
|
||||||
"1.2" => rustls::ProtocolVersion::TLSv1_2,
|
"1.2" => rustls::ProtocolVersion::TLSv1_2,
|
||||||
"1.3" => rustls::ProtocolVersion::TLSv1_3,
|
"1.3" => rustls::ProtocolVersion::TLSv1_3,
|
||||||
_ => panic!("cannot look up version '{}', valid are '1.2' and '1.3'", vname),
|
_ => panic!(
|
||||||
|
"cannot look up version '{}', valid are '1.2' and '1.3'",
|
||||||
|
vname
|
||||||
|
),
|
||||||
};
|
};
|
||||||
out.push(version);
|
out.push(version);
|
||||||
}
|
}
|
||||||
|
|
@ -496,16 +521,14 @@ fn load_certs(filename: &str) -> Vec<rustls::Certificate> {
|
||||||
|
|
||||||
fn load_private_key(filename: &str) -> rustls::PrivateKey {
|
fn load_private_key(filename: &str) -> rustls::PrivateKey {
|
||||||
let rsa_keys = {
|
let rsa_keys = {
|
||||||
let keyfile = fs::File::open(filename)
|
let keyfile = fs::File::open(filename).expect("cannot open private key file");
|
||||||
.expect("cannot open private key file");
|
|
||||||
let mut reader = BufReader::new(keyfile);
|
let mut reader = BufReader::new(keyfile);
|
||||||
rustls::internal::pemfile::rsa_private_keys(&mut reader)
|
rustls::internal::pemfile::rsa_private_keys(&mut reader)
|
||||||
.expect("file contains invalid rsa private key")
|
.expect("file contains invalid rsa private key")
|
||||||
};
|
};
|
||||||
|
|
||||||
let pkcs8_keys = {
|
let pkcs8_keys = {
|
||||||
let keyfile = fs::File::open(filename)
|
let keyfile = fs::File::open(filename).expect("cannot open private key file");
|
||||||
.expect("cannot open private key file");
|
|
||||||
let mut reader = BufReader::new(keyfile);
|
let mut reader = BufReader::new(keyfile);
|
||||||
rustls::internal::pemfile::pkcs8_private_keys(&mut reader)
|
rustls::internal::pemfile::pkcs8_private_keys(&mut reader)
|
||||||
.expect("file contains invalid pkcs8 private key (encrypted keys not supported)")
|
.expect("file contains invalid pkcs8 private key (encrypted keys not supported)")
|
||||||
|
|
@ -552,10 +575,19 @@ fn make_config(args: &Args) -> Arc<rustls::ServerConfig> {
|
||||||
let mut config = rustls::ServerConfig::new(client_auth);
|
let mut config = rustls::ServerConfig::new(client_auth);
|
||||||
config.key_log = Arc::new(rustls::KeyLogFile::new());
|
config.key_log = Arc::new(rustls::KeyLogFile::new());
|
||||||
|
|
||||||
let certs = load_certs(args.flag_certs.as_ref().expect("--certs option missing"));
|
let certs = load_certs(
|
||||||
let privkey = load_private_key(args.flag_key.as_ref().expect("--key option missing"));
|
args.flag_certs
|
||||||
|
.as_ref()
|
||||||
|
.expect("--certs option missing"),
|
||||||
|
);
|
||||||
|
let privkey = load_private_key(
|
||||||
|
args.flag_key
|
||||||
|
.as_ref()
|
||||||
|
.expect("--key option missing"),
|
||||||
|
);
|
||||||
let ocsp = load_ocsp(&args.flag_ocsp);
|
let ocsp = load_ocsp(&args.flag_ocsp);
|
||||||
config.set_single_cert_with_ocsp_and_sct(certs, privkey, ocsp, vec![])
|
config
|
||||||
|
.set_single_cert_with_ocsp_and_sct(certs, privkey, ocsp, vec![])
|
||||||
.expect("bad certificates/private key");
|
.expect("bad certificates/private key");
|
||||||
|
|
||||||
if !args.flag_suite.is_empty() {
|
if !args.flag_suite.is_empty() {
|
||||||
|
|
@ -574,10 +606,13 @@ fn make_config(args: &Args) -> Arc<rustls::ServerConfig> {
|
||||||
config.ticketer = rustls::Ticketer::new();
|
config.ticketer = rustls::Ticketer::new();
|
||||||
}
|
}
|
||||||
|
|
||||||
config.set_protocols(&args.flag_proto
|
config.set_protocols(
|
||||||
.iter()
|
&args
|
||||||
.map(|proto| proto.as_bytes().to_vec())
|
.flag_proto
|
||||||
.collect::<Vec<_>>()[..]);
|
.iter()
|
||||||
|
.map(|proto| proto.as_bytes().to_vec())
|
||||||
|
.collect::<Vec<_>>()[..],
|
||||||
|
);
|
||||||
|
|
||||||
Arc::new(config)
|
Arc::new(config)
|
||||||
}
|
}
|
||||||
|
|
@ -603,11 +638,9 @@ fn main() {
|
||||||
let config = make_config(&args);
|
let config = make_config(&args);
|
||||||
|
|
||||||
let mut listener = TcpListener::bind(addr).expect("cannot listen on port");
|
let mut listener = TcpListener::bind(addr).expect("cannot listen on port");
|
||||||
let mut poll = mio::Poll::new()
|
let mut poll = mio::Poll::new().unwrap();
|
||||||
.unwrap();
|
poll.registry()
|
||||||
poll.registry().register(&mut listener,
|
.register(&mut listener, LISTENER, mio::Interest::READABLE)
|
||||||
LISTENER,
|
|
||||||
mio::Interest::READABLE)
|
|
||||||
.unwrap();
|
.unwrap();
|
||||||
|
|
||||||
let mode = if args.cmd_echo {
|
let mode = if args.cmd_echo {
|
||||||
|
|
@ -622,16 +655,16 @@ fn main() {
|
||||||
|
|
||||||
let mut events = mio::Events::with_capacity(256);
|
let mut events = mio::Events::with_capacity(256);
|
||||||
loop {
|
loop {
|
||||||
poll.poll(&mut events, None)
|
poll.poll(&mut events, None).unwrap();
|
||||||
.unwrap();
|
|
||||||
|
|
||||||
for event in events.iter() {
|
for event in events.iter() {
|
||||||
match event.token() {
|
match event.token() {
|
||||||
LISTENER => {
|
LISTENER => {
|
||||||
tlsserv.accept(poll.registry())
|
tlsserv
|
||||||
|
.accept(poll.registry())
|
||||||
.expect("error accepting socket");
|
.expect("error accepting socket");
|
||||||
}
|
}
|
||||||
_ => tlsserv.conn_event(poll.registry(), &event)
|
_ => tlsserv.conn_event(poll.registry(), &event),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue