Commit Graph

11 Commits

Author SHA1 Message Date
Sergio Benitez 7cc818cd85 Introduce dynamic TLS resolvers.
This commit introduces the ability to dynamically select a TLS
configuration based on the client's TLS hello via the new `Resolver`
trait. In support of this, it also makes the following changes:

  * Added `Authority::set_port()`.
  * `UdsListener` is now `UnixListener`.
  * `Bindable` removed in favor of new `Bind`.
  * All built-in listeners now implement `Bind<&Rocket>`.
  * `Connection` requires `AsyncRead + AsyncWrite`.
  * The `Debug` impl for `Endpoint` displays the underlying address.
  * `Listener` must be `Sized`.
  * The TLS listener was moved to `tls::TlsListener`.
  * The preview `quic` listener no longer implements `Listener`.
  * Added `TlsConfig::server_config()`.
  * Added `race` future helpers.
  * Added `Rocket::launch_with()`, `Rocket::bind_launch()`.
  * Added a default `client.pem` to the TLS example.
  * Various unnecessary listener `Config` structures removed.

In addition, the testbench was revamped to support more scenarios. This
resulted in the following issues being found and fixed:

  * Fix an issue where the logger would ignore color requests.
  * Clarified docs for `mtls::Certificate` guard.
  * Improved error messages on listener misconfiguration.

Resolves #2730.
Resolves #2363.
Closes #2748.
Closes #2683.
Closes #2577.
2024-04-16 23:50:28 -07:00
Sergio Benitez edce8bd656 Use default 'CryptoProvider' for all TLS ops.
Prior to this commit, some TLS related operations used 'ring' even when
a different default 'CryptoProvider' was installed. This commit fixes
that by refactoring 'TlsConfig' such that all utility methods are
required to use the default 'CryptoProvider'.

This commit also cleans up code related to the rustls 0.23 update.
2024-03-31 11:46:56 -07:00
Abdullah Alyan ce92c5dd76 Update rustls to 0.23. Support 'CryptoProvider's.
This commit updates rustls to 0.23 and adds support for custom
'CryptoProvider's installable via 'CryptoProvider::install_default()'.
In particular, this enables using `aws-lc-rs` for cryptography related
operation in TLS. The 'TLS' example was updated to test use of
'aws-lc-rs' on Unix.
2024-03-31 11:46:56 -07:00
Sergio Benitez 0a0f540988 Support TLS keys in SEC1 format. 2023-03-23 14:57:54 -07:00
Sergio Benitez daa157f872 Ignore data before TLS key encapsulation boundary.
Resolves #2281.

Co-authored-by: Julian Büttner <me@julianbuettner.dev>
2023-03-23 14:57:54 -07:00
Sergio Benitez 677790d639 Bring back generated TLS keys, used by tests. 2021-07-09 16:35:09 -07:00
Sergio Benitez 71823915db Don't store example keys and certs in repository. 2021-07-07 12:16:12 -07:00
Sergio Benitez b24e53454a Generate CA cert in 'gen_certs.sh'. 2021-03-17 18:25:06 -07:00
Abdullah Alyan af48d1f2e6 Support more TLS key types in PKCS format.
Closes #1449.
Resolves #1461.
2021-03-17 18:23:15 -07:00
Sergio Benitez 237370533c Update cert in 'tls' example for new 'rustls'.
The latest version of `rustls` acts on the SNI extension to TLS without
the apparent ability to disable the behavior. `rustls` requires that the
server's certificate match the client's requested server. The matching
is done by looking at DNS names in the `subjectAltName` extension and
checking if the requested server name is present. Since the certificate
in the `tls` example did not have the `subjectAltName` extension, this
check always failed, and the TLS connection was aborted. This commit
adds the extension to the certificate with a DNS name of `localhost`,
ensuring that TLS succeeds on `localhost`.
2017-09-01 03:16:36 -07:00
Sergio Benitez b8ba7b855f Remove Session in favor of private cookies. New testing API.
Sessions
--------

This commit removes the `Session` type in favor of methods on the
`Cookies` types that allow for adding, removing, and getting private
(signed and encrypted) cookies. These methods provide a superset of
the functionality of `Session` while also being a minimal addition to
the existing API. They can be used to implement the previous `Session`
type as well as other forms of session storage. The new methods are:

  * Cookie::add_private(&mut self, Cookie)
  * Cookie::remove_private(&mut self, Cookie)
  * Cookie::get_private(&self, &str)

Resolves #20

Testing
-------

This commit removes the `rocket::testing` module. It adds the
`rocket::local` module which provides a `Client` type for local
dispatching of requests against a `Rocket` instance. This `local`
package subsumes the previous `testing` package.

Rocket Examples
---------------

The `forms`, `optional_result`, and `hello_alt_methods` examples have
been removed. The following example have been renamed:

  * extended_validation -> form_validation
  * hello_ranks -> ranking
  * from_request -> request_guard
  * hello_tls -> tls

Other Changes
-------------

This commit also includes the following smaller changes:

  * Config::{development, staging, production} constructors have been
    added for easier creation of default `Config` structures.
  * The `Config` type is exported from the root.
  * `Request` implements `Clone` and `Debug`.
  * `Request::new` is no longer exported.
  * A `Response::body_bytes` method was added to easily retrieve a
    response's body as a `Vec<u8>`.
2017-06-08 17:34:50 -07:00