Upgrade to rustls 0.20
This commit is contained in:
parent
d06d404c12
commit
8c01d983fa
|
@ -19,13 +19,12 @@ env_logger = "0.9"
|
||||||
log = "0.4"
|
log = "0.4"
|
||||||
lazy_static = "1.4"
|
lazy_static = "1.4"
|
||||||
quick-xml = { version = "0.22", features = [ "serialize" ] }
|
quick-xml = { version = "0.22", features = [ "serialize" ] }
|
||||||
rustls = "0.19"
|
rustls = "0.20"
|
||||||
rustls-pemfile = "0.2"
|
rustls-pemfile = "0.2"
|
||||||
serde = { version = "1.0", features = ["derive"] }
|
serde = { version = "1.0", features = ["derive"] }
|
||||||
tokio = { version = "1.0", features = [ "full" ] }
|
tokio = { version = "1.0", features = [ "full" ] }
|
||||||
tokio-rustls = "0.22"
|
tokio-rustls = "0.23"
|
||||||
webpki = "0.22"
|
webpki-roots = "0.22.1"
|
||||||
webpki-roots = "0.21"
|
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
tokio-test = "0.4"
|
tokio-test = "0.4"
|
||||||
|
|
|
@ -6,8 +6,9 @@ use bytes::BytesMut;
|
||||||
use std::convert::TryInto;
|
use std::convert::TryInto;
|
||||||
use futures::executor::block_on;
|
use futures::executor::block_on;
|
||||||
use std::{error::Error, net::ToSocketAddrs, io as stdio};
|
use std::{error::Error, net::ToSocketAddrs, io as stdio};
|
||||||
use tokio_rustls::{TlsConnector, rustls::ClientConfig, webpki::DNSNameRef, client::TlsStream};
|
use tokio_rustls::{TlsConnector, rustls::ClientConfig, client::TlsStream};
|
||||||
use tokio::{net::TcpStream, io::AsyncWriteExt, io::AsyncReadExt, io::split, io::ReadHalf, io::WriteHalf};
|
use tokio::{net::TcpStream, io::AsyncWriteExt, io::AsyncReadExt, io::split, io::ReadHalf, io::WriteHalf};
|
||||||
|
use rustls::{RootCertStore, OwnedTrustAnchor};
|
||||||
|
|
||||||
use crate::config::{EppClientConnection};
|
use crate::config::{EppClientConnection};
|
||||||
use crate::error;
|
use crate::error;
|
||||||
|
@ -151,22 +152,31 @@ pub async fn epp_connect(registry_creds: &EppClientConnection) -> Result<Connect
|
||||||
.next()
|
.next()
|
||||||
.ok_or_else(|| stdio::ErrorKind::NotFound)?;
|
.ok_or_else(|| stdio::ErrorKind::NotFound)?;
|
||||||
|
|
||||||
let mut config = ClientConfig::new();
|
let mut roots = RootCertStore::empty();
|
||||||
|
roots.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
|
||||||
|
OwnedTrustAnchor::from_subject_spki_name_constraints(
|
||||||
|
ta.subject,
|
||||||
|
ta.spki,
|
||||||
|
ta.name_constraints,
|
||||||
|
)
|
||||||
|
}));
|
||||||
|
|
||||||
config
|
let builder = ClientConfig::builder()
|
||||||
.root_store
|
.with_safe_defaults()
|
||||||
.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
|
.with_root_certificates(roots);
|
||||||
|
|
||||||
if let Some(tls) = registry_creds.tls_files() {
|
let config = match registry_creds.tls_files() {
|
||||||
if let Err(e) = config.set_single_client_cert(tls.0, tls.1) {
|
Some((cert_chain, key)) => match builder.with_single_cert(cert_chain, key) {
|
||||||
return Err(format!("Failed to set client TLS credentials: {}", e).into())
|
Ok(config) => config,
|
||||||
|
Err(e) => return Err(format!("Failed to set client TLS credentials: {}", e).into()),
|
||||||
}
|
}
|
||||||
}
|
None => builder.with_no_client_auth(),
|
||||||
|
};
|
||||||
|
|
||||||
let connector = TlsConnector::from(Arc::new(config));
|
let connector = TlsConnector::from(Arc::new(config));
|
||||||
let stream = TcpStream::connect(&addr).await?;
|
let stream = TcpStream::connect(&addr).await?;
|
||||||
|
|
||||||
let domain = DNSNameRef::try_from_ascii_str(&host)
|
let domain = host.as_str().try_into()
|
||||||
.map_err(|_| stdio::Error::new(stdio::ErrorKind::InvalidInput, format!("Invalid domain: {}", host)))?;
|
.map_err(|_| stdio::Error::new(stdio::ErrorKind::InvalidInput, format!("Invalid domain: {}", host)))?;
|
||||||
|
|
||||||
let stream = connector.connect(domain, stream).await?;
|
let stream = connector.connect(domain, stream).await?;
|
||||||
|
|
Loading…
Reference in New Issue