Upgrade to tokio-rustls 0.25
This commit is contained in:
parent
26c4bb4d4c
commit
e5ffac17b3
|
@ -9,17 +9,18 @@ repository = "https://github.com/InstantDomain/instant-epp"
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
default = ["rustls"]
|
default = ["rustls"]
|
||||||
rustls = ["tokio-rustls", "rustls-native-certs"]
|
rustls = ["tokio-rustls", "rustls-pki-types", "rustls-native-certs"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
async-trait = "0.1.52"
|
async-trait = "0.1.52"
|
||||||
celes = "2.1"
|
celes = "2.1"
|
||||||
chrono = { version = "0.4.23", features = ["serde"] }
|
chrono = { version = "0.4.23", features = ["serde"] }
|
||||||
instant-xml = { version = "0.4", features = ["chrono"] }
|
instant-xml = { version = "0.4", features = ["chrono"] }
|
||||||
rustls-native-certs = { version = "0.6.3", optional = true }
|
rustls-native-certs = { version = "0.7", optional = true }
|
||||||
|
rustls-pki-types = { version = "1", optional = true }
|
||||||
serde = { version = "1.0", features = ["derive"] }
|
serde = { version = "1.0", features = ["derive"] }
|
||||||
tokio = { version = "1.0", features = ["io-util", "net", "time"] }
|
tokio = { version = "1.0", features = ["io-util", "net", "time"] }
|
||||||
tokio-rustls = { version = "0.24", optional = true }
|
tokio-rustls = { version = "0.25", optional = true }
|
||||||
tracing = "0.1.29"
|
tracing = "0.1.29"
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
use std::time::Duration;
|
use std::time::Duration;
|
||||||
|
|
||||||
|
#[cfg(feature = "rustls")]
|
||||||
|
use rustls_pki_types::{CertificateDer, PrivateKeyDer};
|
||||||
use tracing::{debug, error};
|
use tracing::{debug, error};
|
||||||
|
|
||||||
use crate::common::NoExtension;
|
use crate::common::NoExtension;
|
||||||
#[cfg(feature = "rustls")]
|
|
||||||
use crate::common::{Certificate, PrivateKey};
|
|
||||||
pub use crate::connection::Connector;
|
pub use crate::connection::Connector;
|
||||||
use crate::connection::EppConnection;
|
use crate::connection::EppConnection;
|
||||||
use crate::error::Error;
|
use crate::error::Error;
|
||||||
|
@ -82,7 +82,7 @@ impl EppClient<RustlsConnector> {
|
||||||
pub async fn connect(
|
pub async fn connect(
|
||||||
registry: String,
|
registry: String,
|
||||||
server: (String, u16),
|
server: (String, u16),
|
||||||
identity: Option<(Vec<Certificate>, PrivateKey)>,
|
identity: Option<(Vec<CertificateDer<'static>>, PrivateKeyDer<'static>)>,
|
||||||
timeout: Duration,
|
timeout: Duration,
|
||||||
) -> Result<Self, Error> {
|
) -> Result<Self, Error> {
|
||||||
let connector = RustlsConnector::new(server, identity).await?;
|
let connector = RustlsConnector::new(server, identity).await?;
|
||||||
|
@ -215,60 +215,52 @@ mod rustls_connector {
|
||||||
use std::time::Duration;
|
use std::time::Duration;
|
||||||
|
|
||||||
use async_trait::async_trait;
|
use async_trait::async_trait;
|
||||||
|
use rustls_pki_types::{CertificateDer, PrivateKeyDer, ServerName};
|
||||||
use tokio::net::lookup_host;
|
use tokio::net::lookup_host;
|
||||||
use tokio::net::TcpStream;
|
use tokio::net::TcpStream;
|
||||||
use tokio_rustls::client::TlsStream;
|
use tokio_rustls::client::TlsStream;
|
||||||
use tokio_rustls::rustls::{ClientConfig, RootCertStore, ServerName};
|
use tokio_rustls::rustls::{ClientConfig, RootCertStore};
|
||||||
use tokio_rustls::TlsConnector;
|
use tokio_rustls::TlsConnector;
|
||||||
use tracing::info;
|
use tracing::info;
|
||||||
|
|
||||||
use crate::common::{Certificate, PrivateKey};
|
|
||||||
use crate::connection::{self, Connector};
|
use crate::connection::{self, Connector};
|
||||||
use crate::error::Error;
|
use crate::error::Error;
|
||||||
|
|
||||||
pub struct RustlsConnector {
|
pub struct RustlsConnector {
|
||||||
inner: TlsConnector,
|
inner: TlsConnector,
|
||||||
domain: ServerName,
|
domain: ServerName<'static>,
|
||||||
server: (String, u16),
|
server: (String, u16),
|
||||||
}
|
}
|
||||||
|
|
||||||
impl RustlsConnector {
|
impl RustlsConnector {
|
||||||
pub async fn new(
|
pub async fn new(
|
||||||
server: (String, u16),
|
server: (String, u16),
|
||||||
identity: Option<(Vec<Certificate>, PrivateKey)>,
|
identity: Option<(Vec<CertificateDer<'static>>, PrivateKeyDer<'static>)>,
|
||||||
) -> Result<Self, Error> {
|
) -> Result<Self, Error> {
|
||||||
let mut roots = RootCertStore::empty();
|
let mut roots = RootCertStore::empty();
|
||||||
for cert in rustls_native_certs::load_native_certs()? {
|
for cert in rustls_native_certs::load_native_certs()? {
|
||||||
roots
|
roots.add(cert).map_err(|err| {
|
||||||
.add(&tokio_rustls::rustls::Certificate(cert.0))
|
|
||||||
.map_err(|err| {
|
|
||||||
Box::new(err) as Box<dyn std::error::Error + Send + Sync + 'static>
|
Box::new(err) as Box<dyn std::error::Error + Send + Sync + 'static>
|
||||||
})?;
|
})?;
|
||||||
}
|
}
|
||||||
|
|
||||||
let builder = ClientConfig::builder()
|
let builder = ClientConfig::builder().with_root_certificates(roots);
|
||||||
.with_safe_defaults()
|
|
||||||
.with_root_certificates(roots);
|
|
||||||
|
|
||||||
let config = match identity {
|
let config = match identity {
|
||||||
Some((certs, key)) => {
|
Some((certs, key)) => builder
|
||||||
let certs = certs
|
.with_client_auth_cert(certs, key)
|
||||||
.into_iter()
|
.map_err(|e| Error::Other(e.into()))?,
|
||||||
.map(|cert| tokio_rustls::rustls::Certificate(cert.0))
|
|
||||||
.collect();
|
|
||||||
builder
|
|
||||||
.with_client_auth_cert(certs, tokio_rustls::rustls::PrivateKey(key.0))
|
|
||||||
.map_err(|e| Error::Other(e.into()))?
|
|
||||||
}
|
|
||||||
None => builder.with_no_client_auth(),
|
None => builder.with_no_client_auth(),
|
||||||
};
|
};
|
||||||
|
|
||||||
let domain = server.0.as_str().try_into().map_err(|_| {
|
let domain = ServerName::try_from(server.0.as_str())
|
||||||
|
.map_err(|_| {
|
||||||
io::Error::new(
|
io::Error::new(
|
||||||
io::ErrorKind::InvalidInput,
|
io::ErrorKind::InvalidInput,
|
||||||
format!("Invalid domain: {}", server.0),
|
format!("invalid domain: {}", server.0),
|
||||||
)
|
)
|
||||||
})?;
|
})?
|
||||||
|
.to_owned();
|
||||||
|
|
||||||
Ok(Self {
|
Ok(Self {
|
||||||
inner: TlsConnector::from(Arc::new(config)),
|
inner: TlsConnector::from(Arc::new(config)),
|
||||||
|
|
|
@ -72,13 +72,3 @@ pub struct Services<'a> {
|
||||||
#[xml(rename = "svcExtension")]
|
#[xml(rename = "svcExtension")]
|
||||||
pub svc_ext: Option<ServiceExtension<'a>>,
|
pub svc_ext: Option<ServiceExtension<'a>>,
|
||||||
}
|
}
|
||||||
|
|
||||||
/// This type contains a single DER-encoded X.509 certificate.
|
|
||||||
///
|
|
||||||
/// The rustls-pemfile crate can be used to parse a PEM file.
|
|
||||||
pub struct Certificate(pub Vec<u8>);
|
|
||||||
|
|
||||||
/// This type contains a DER-encoded ASN.1 private key in PKCS#8 or PKCS#1 format.
|
|
||||||
///
|
|
||||||
/// The rustls-pemfile crate can be used to parse a PEM file in these formats.
|
|
||||||
pub struct PrivateKey(pub Vec<u8>);
|
|
||||||
|
|
Loading…
Reference in New Issue