rwf2
/
Rocket
mirror of https://github.com/rwf2/Rocket.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Rocket/core/lib/src/mtls.rs

26 lines
925 B
Rust
Raw Normal View History

Complete mTLS implementation. Resolves #254.
2021-07-09 06:59:47 +00:00
//! Support for mutual TLS client certificates.
//!
//! For details on how to configure mutual TLS, see
//! [`MutualTls`](crate::config::MutualTls) and the [TLS
//! guide](https://rocket.rs/v0.5-rc/guide/configuration/#tls). See
//! [`Certificate`] for a request guard that validated, verifies, and retrieves
//! client certificates.
#[doc(inline)]
pub use crate::http::tls::mtls::*;
use crate::request::{Request, FromRequest, Outcome};
use crate::outcome::{try_outcome, IntoOutcome};
use crate::http::Status;
#[crate::async_trait]
impl<'r> FromRequest<'r> for Certificate<'r> {
type Error = Error;
async fn from_request(req: &'r Request<'_>) -> Outcome<Self, Self::Error> {
let certs = try_outcome!(req.connection.client_certificates.as_ref().or_forward(()));
Rework TLS listener/connection implementations. The previous implementation allowed a trivial DoS attack in which the client need simply maintain open connections with incomplete handshakes. This commit resolves that by allowing a server worker to progress as soon as a TCP connection has been established. This comes at the expense of a more complex implementation necessitated by deficiencies in Hyper. Potentially resolves #2118.
2022-05-03 15:27:39 +00:00
let data = try_outcome!(certs.chain_data().or_forward(()));
Certificate::parse(data).into_outcome(Status::Unauthorized)
Complete mTLS implementation. Resolves #254.
2021-07-09 06:59:47 +00:00
}
}