mirror of https://github.com/rwf2/Rocket.git
Use 's2n-quic' TLS server builder.
This commit is contained in:
parent
a742d3da4f
commit
07e4170b72
|
@ -37,7 +37,7 @@ use futures::Stream;
|
||||||
use tokio::sync::Mutex;
|
use tokio::sync::Mutex;
|
||||||
use tokio_stream::StreamExt;
|
use tokio_stream::StreamExt;
|
||||||
|
|
||||||
use crate::tls::TlsConfig;
|
use crate::tls::{TlsConfig, Error};
|
||||||
use crate::listener::{Listener, Connection, Endpoint};
|
use crate::listener::{Listener, Connection, Endpoint};
|
||||||
|
|
||||||
type H3Conn = h3::server::Connection<quic_h3::Connection, bytes::Bytes>;
|
type H3Conn = h3::server::Connection<quic_h3::Connection, bytes::Bytes>;
|
||||||
|
@ -62,43 +62,29 @@ pub struct QuicRx(h3::server::RequestStream<quic_h3::RecvStream, Bytes>);
|
||||||
pub struct QuicTx(h3::server::RequestStream<quic_h3::SendStream<Bytes>, Bytes>);
|
pub struct QuicTx(h3::server::RequestStream<quic_h3::SendStream<Bytes>, Bytes>);
|
||||||
|
|
||||||
impl QuicListener {
|
impl QuicListener {
|
||||||
pub async fn bind(address: SocketAddr, tls: TlsConfig) -> Result<Self, io::Error> {
|
pub async fn bind(address: SocketAddr, tls: TlsConfig) -> Result<Self, Error> {
|
||||||
use quic::provider::tls::rustls::{rustls, DEFAULT_CIPHERSUITES, Server as H3TlsServer};
|
use quic::provider::tls::rustls::Server as H3TlsServer;
|
||||||
|
|
||||||
// FIXME: Remove this as soon as `s2n_quic` is on rustls >= 0.22.
|
let cert_chain = tls.load_certs()?
|
||||||
let cert_chain = tls.load_certs()
|
|
||||||
.map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))?
|
|
||||||
.into_iter()
|
.into_iter()
|
||||||
.map(|v| v.to_vec())
|
.map(|v| v.to_vec())
|
||||||
.map(rustls::Certificate)
|
|
||||||
.collect::<Vec<_>>();
|
.collect::<Vec<_>>();
|
||||||
|
|
||||||
let key = tls.load_key()
|
let h3tls = H3TlsServer::builder()
|
||||||
.map_err(|e| io::Error::new(io::ErrorKind::Other, e.to_string()))?
|
.with_application_protocols(["h3"].into_iter())
|
||||||
.secret_der()
|
.map_err(|e| Error::Bind(e))?
|
||||||
.to_vec();
|
.with_certificate(cert_chain, tls.load_key()?.secret_der())
|
||||||
|
.map_err(|e| Error::Bind(e))?
|
||||||
let mut h3tls = rustls::server::ServerConfig::builder()
|
.with_prefer_server_cipher_suite_order(tls.prefer_server_cipher_order)
|
||||||
.with_cipher_suites(DEFAULT_CIPHERSUITES)
|
.map_err(|e| Error::Bind(e))?
|
||||||
.with_safe_default_kx_groups()
|
.build()
|
||||||
.with_safe_default_protocol_versions()
|
.map_err(|e| Error::Bind(e))?;
|
||||||
.map_err(|e| io::Error::new(io::ErrorKind::Other, format!("bad TLS config: {}", e)))?
|
|
||||||
.with_client_cert_verifier(rustls::server::NoClientAuth::boxed())
|
|
||||||
.with_single_cert(cert_chain, rustls::PrivateKey(key))
|
|
||||||
.map_err(|e| io::Error::new(io::ErrorKind::Other, format!("bad TLS config: {}", e)))?;
|
|
||||||
|
|
||||||
h3tls.alpn_protocols = vec![b"h3".to_vec()];
|
|
||||||
h3tls.ignore_client_order = tls.prefer_server_cipher_order;
|
|
||||||
h3tls.session_storage = rustls::server::ServerSessionMemoryCache::new(1024);
|
|
||||||
h3tls.ticketer = rustls::Ticketer::new()
|
|
||||||
.map_err(|e| io::Error::new(io::ErrorKind::Other, format!("bad TLS ticketer: {}", e)))?;
|
|
||||||
|
|
||||||
let listener = quic::Server::builder()
|
let listener = quic::Server::builder()
|
||||||
.with_tls(H3TlsServer::new(h3tls))
|
.with_tls(h3tls)?
|
||||||
.unwrap_or_else(|e| match e { })
|
|
||||||
.with_io(address)?
|
.with_io(address)?
|
||||||
.start()
|
.start()
|
||||||
.map_err(io::Error::other)?;
|
.map_err(|e| Error::Bind(Box::new(e)))?;
|
||||||
|
|
||||||
Ok(QuicListener {
|
Ok(QuicListener {
|
||||||
tls,
|
tls,
|
||||||
|
|
|
@ -108,7 +108,10 @@ impl Rocket<Ignite> {
|
||||||
let endpoint = h12listener.endpoint()?;
|
let endpoint = h12listener.endpoint()?;
|
||||||
#[cfg(feature = "http3-preview")]
|
#[cfg(feature = "http3-preview")]
|
||||||
if let (Some(addr), Some(tls)) = (endpoint.tcp(), endpoint.tls_config()) {
|
if let (Some(addr), Some(tls)) = (endpoint.tcp(), endpoint.tls_config()) {
|
||||||
let h3listener = crate::listener::quic::QuicListener::bind(addr, tls.clone()).await?;
|
let h3listener = crate::listener::quic::QuicListener::bind(addr, tls.clone())
|
||||||
|
.map_err(|e| ErrorKind::Bind(Some(endpoint.clone()), Box::new(e)))
|
||||||
|
.await?;
|
||||||
|
|
||||||
let rocket = self.into_orbit(vec![h3listener.endpoint()?, endpoint]);
|
let rocket = self.into_orbit(vec![h3listener.endpoint()?, endpoint]);
|
||||||
let rocket = post_bind_callback(rocket).await?;
|
let rocket = post_bind_callback(rocket).await?;
|
||||||
|
|
||||||
|
|
|
@ -96,3 +96,9 @@ impl From<KeyError> for Error {
|
||||||
Error::PrivKey(value)
|
Error::PrivKey(value)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl From<std::convert::Infallible> for Error {
|
||||||
|
fn from(v: std::convert::Infallible) -> Self {
|
||||||
|
v.into()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue