From 8c01d983fa1f770f239340bdc2c3b822b2828321 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Thu, 28 Oct 2021 17:04:00 +0200 Subject: [PATCH] Upgrade to rustls 0.20 --- epp-client/Cargo.toml | 7 +++---- epp-client/src/connection/registry.rs | 30 ++++++++++++++++++--------- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/epp-client/Cargo.toml b/epp-client/Cargo.toml index 13cd19d..d9d44cc 100644 --- a/epp-client/Cargo.toml +++ b/epp-client/Cargo.toml @@ -19,13 +19,12 @@ env_logger = "0.9" log = "0.4" lazy_static = "1.4" quick-xml = { version = "0.22", features = [ "serialize" ] } -rustls = "0.19" +rustls = "0.20" rustls-pemfile = "0.2" serde = { version = "1.0", features = ["derive"] } tokio = { version = "1.0", features = [ "full" ] } -tokio-rustls = "0.22" -webpki = "0.22" -webpki-roots = "0.21" +tokio-rustls = "0.23" +webpki-roots = "0.22.1" [dev-dependencies] tokio-test = "0.4" diff --git a/epp-client/src/connection/registry.rs b/epp-client/src/connection/registry.rs index 92b8b97..2036107 100644 --- a/epp-client/src/connection/registry.rs +++ b/epp-client/src/connection/registry.rs @@ -6,8 +6,9 @@ use bytes::BytesMut; use std::convert::TryInto; use futures::executor::block_on; use std::{error::Error, net::ToSocketAddrs, io as stdio}; -use tokio_rustls::{TlsConnector, rustls::ClientConfig, webpki::DNSNameRef, client::TlsStream}; +use tokio_rustls::{TlsConnector, rustls::ClientConfig, client::TlsStream}; use tokio::{net::TcpStream, io::AsyncWriteExt, io::AsyncReadExt, io::split, io::ReadHalf, io::WriteHalf}; +use rustls::{RootCertStore, OwnedTrustAnchor}; use crate::config::{EppClientConnection}; use crate::error; @@ -151,22 +152,31 @@ pub async fn epp_connect(registry_creds: &EppClientConnection) -> Result match builder.with_single_cert(cert_chain, key) { + Ok(config) => config, + Err(e) => return Err(format!("Failed to set client TLS credentials: {}", e).into()), } - } + None => builder.with_no_client_auth(), + }; let connector = TlsConnector::from(Arc::new(config)); let stream = TcpStream::connect(&addr).await?; - let domain = DNSNameRef::try_from_ascii_str(&host) + let domain = host.as_str().try_into() .map_err(|_| stdio::Error::new(stdio::ErrorKind::InvalidInput, format!("Invalid domain: {}", host)))?; let stream = connector.connect(domain, stream).await?;