From d4f37809c78c673dbe94f1a25dc9d311457325a1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Oct 2021 17:13:10 +0000 Subject: [PATCH] Update tokio-rustls requirement from 0.22 to 0.23 (#573) Updates the requirements on [tokio-rustls](https://github.com/tokio-rs/tls) to permit the latest version. - [Release notes](https://github.com/tokio-rs/tls/releases) - [Commits](https://github.com/tokio-rs/tls/commits) --- updated-dependencies: - dependency-name: tokio-rustls dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dominic --- examples/hello_world_tls/Cargo.toml | 1 + examples/hello_world_tls/src/main.rs | 23 ++++++----- gotham/Cargo.toml | 5 ++- gotham/src/tls/build_pki.sh | 11 ------ gotham/src/tls/ca.cfg | 23 ----------- gotham/src/tls/ca_cert.pem | 25 ------------ gotham/src/tls/cert.pem | 26 ------------- gotham/src/tls/key.pem | 28 -------------- gotham/src/tls/srv.cfg | 29 -------------- gotham/src/tls/test.rs | 55 ++++++++++++++------------- gotham/src/tls/tls_ca_cert.der | Bin 0 -> 395 bytes gotham/src/tls/tls_cert.der | Bin 0 -> 384 bytes gotham/src/tls/tls_key.der | Bin 0 -> 138 bytes gotham/src/tls/tls_new_cert.sh | 35 +++++++++++++++++ 14 files changed, 81 insertions(+), 180 deletions(-) delete mode 100755 gotham/src/tls/build_pki.sh delete mode 100644 gotham/src/tls/ca.cfg delete mode 100644 gotham/src/tls/ca_cert.pem delete mode 100644 gotham/src/tls/cert.pem delete mode 100644 gotham/src/tls/key.pem delete mode 100644 gotham/src/tls/srv.cfg create mode 100644 gotham/src/tls/tls_ca_cert.der create mode 100644 gotham/src/tls/tls_cert.der create mode 100644 gotham/src/tls/tls_key.der create mode 100755 gotham/src/tls/tls_new_cert.sh diff --git a/examples/hello_world_tls/Cargo.toml b/examples/hello_world_tls/Cargo.toml index d54b390b3..3ad3ab89f 100644 --- a/examples/hello_world_tls/Cargo.toml +++ b/examples/hello_world_tls/Cargo.toml @@ -7,3 +7,4 @@ edition = "2018" [dependencies] gotham = { path = "../../gotham", features = ["rustls"] } +rustls-pemfile = "0.2.1" diff --git a/examples/hello_world_tls/src/main.rs b/examples/hello_world_tls/src/main.rs index c4d7b4010..e7678f409 100644 --- a/examples/hello_world_tls/src/main.rs +++ b/examples/hello_world_tls/src/main.rs @@ -1,8 +1,8 @@ //! A Hello World example application for working with Gotham. use gotham::anyhow; -use gotham::rustls::internal::pemfile::{certs, pkcs8_private_keys}; -use gotham::rustls::{self, NoClientAuth}; +use gotham::rustls::{self, Certificate, PrivateKey, ServerConfig}; use gotham::state::State; +use rustls_pemfile::{certs, pkcs8_private_keys}; use std::io::BufReader; const HELLO_WORLD: &str = "Hello World!"; @@ -19,19 +19,24 @@ pub fn say_hello(state: State) -> (State, &'static str) { /// Start a server and call the `Handler` we've defined above for each `Request` we receive. pub fn main() -> anyhow::Result<()> { let addr = "127.0.0.1:7878"; - println!("Listening for requests at http://{}", addr); + println!("Listening for requests at https://{}", addr); gotham::start_with_tls(addr, || Ok(say_hello), build_config()?)?; Ok(()) } -fn build_config() -> Result { - let mut cfg = rustls::ServerConfig::new(NoClientAuth::new()); +fn build_config() -> Result { let mut cert_file = BufReader::new(&include_bytes!("cert.pem")[..]); let mut key_file = BufReader::new(&include_bytes!("key.pem")[..]); - let certs = certs(&mut cert_file).unwrap(); + let certs = certs(&mut cert_file) + .unwrap() + .into_iter() + .map(Certificate) + .collect(); let mut keys = pkcs8_private_keys(&mut key_file).unwrap(); - cfg.set_single_cert(certs, keys.remove(0))?; - Ok(cfg) + ServerConfig::builder() + .with_safe_defaults() + .with_no_client_auth() + .with_single_cert(certs, PrivateKey(keys.remove(0))) } #[cfg(test)] @@ -45,7 +50,7 @@ mod tests { let test_server = TestServer::new(|| Ok(say_hello)).unwrap(); let response = test_server .client() - .get("http://localhost") + .get("https://localhost") .perform() .unwrap(); diff --git a/gotham/Cargo.toml b/gotham/Cargo.toml index b75c3e90b..981446a91 100644 --- a/gotham/Cargo.toml +++ b/gotham/Cargo.toml @@ -3,7 +3,7 @@ name = "gotham" version = "0.6.0" # Alter html_root_url in lib.rs also authors = ["Shaun Mangelsdorf ", "Colin Bankier ", - "Dominic Meiser ", + "Dominic Meiser ", "Isaac Whitfield ", "Judson Lester ", "Bradley Beddoes "] @@ -15,6 +15,7 @@ readme = "README.md" categories = ["web-programming::http-server"] keywords = ["http", "async", "web", "framework", "server"] edition = "2018" +exclude = ["src/tls/tls_new_cert.sh"] [features] default = ["derive", "http2", "session", "testing"] @@ -49,7 +50,7 @@ rand_chacha = "0.3" regex = "1.0" serde = { version = "1.0", features = ["derive"] } tokio = { version = "1.11.0", features = ["net", "rt-multi-thread", "time", "fs", "io-util"] } -tokio-rustls = { version = "0.22", optional = true } +tokio-rustls = { version = "0.23", optional = true } uuid = { version = "0.8", features = ["v4"] } [dev-dependencies] diff --git a/gotham/src/tls/build_pki.sh b/gotham/src/tls/build_pki.sh deleted file mode 100755 index ab4464532..000000000 --- a/gotham/src/tls/build_pki.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env bash - -openssl req -x509 -newkey rsa -config ca.cfg -days 3650 -out ca_cert.pem -openssl req -newkey rsa -config srv.cfg -days 3650 | - openssl x509 -days 3650 -req -CA ca_cert.pem -CAkey ca_key.pem -extfile srv.cfg -extensions v3_server -set_serial 1 -out cert.pem -rm ca_key.pem -echo "CA certificate:" -openssl x509 -noout -text < ca_cert.pem -echo -echo "Server certificate:" -openssl x509 -noout -text < cert.pem diff --git a/gotham/src/tls/ca.cfg b/gotham/src/tls/ca.cfg deleted file mode 100644 index 6cc3384de..000000000 --- a/gotham/src/tls/ca.cfg +++ /dev/null @@ -1,23 +0,0 @@ -[ req ] -default_bits = 2048 -default_keyfile = ca_key.pem -encrypt_key = no -default_md = sha256 -prompt=no -distinguished_name=CA -x509_extensions=v3_ca - - -[ CA ] -C = US -ST = New York -L = Gotham -O = Gotham -OU = WWW -CN = Gotham Test CA - -[ v3_ca ] - -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always -basicConstraints = CA:true diff --git a/gotham/src/tls/ca_cert.pem b/gotham/src/tls/ca_cert.pem deleted file mode 100644 index d6dd65b4f..000000000 --- a/gotham/src/tls/ca_cert.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEJDCCAwygAwIBAgIJAI59xOwipFKSMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNV -BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEPMA0GA1UEBwwGR290aGFtMQ8wDQYD -VQQKDAZHb3RoYW0xDDAKBgNVBAsMA1dXVzEXMBUGA1UEAwwOR290aGFtIFRlc3Qg -Q0EwHhcNMTkwMzMwMTk1NDAyWhcNMjkwMzI3MTk1NDAyWjBpMQswCQYDVQQGEwJV -UzERMA8GA1UECAwITmV3IFlvcmsxDzANBgNVBAcMBkdvdGhhbTEPMA0GA1UECgwG -R290aGFtMQwwCgYDVQQLDANXV1cxFzAVBgNVBAMMDkdvdGhhbSBUZXN0IENBMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMIMjSq5ozlOgffdxWVjff7k -S1nouC9KlGGv5h0BDKNXPtD/O3EkGe6IzW8ZqVcRqUpc0vCy3cfG4dA4nFK4grVM -gu4BJ85u53Z7Lo25wb66T7B/43Wqg6KS3ep/ERoWwJEQRtUIrcWO3Tx5UrwdOnHz -0G/IlK3+bfdahZv42WVCGf2BmLqIhcXa9dUGliagqKHsBvlRHEnI+IBA/QzoVMbx -pZ87RIjEdBeuGgcZGyiSZ68WmJ+Srcte+2e9DCqB+hZefkSt7zaYfgEcDT2DTdRi -gnwRe9dCyi7FSNDru3aY6UoUfULKRxT7rtRkbrBPam/o7TvOSQ5bng6RW9uqEQID -AQABo4HOMIHLMB0GA1UdDgQWBBTVBtn/ewTuDBQ4RpzSITWQDAumZzCBmwYDVR0j -BIGTMIGQgBTVBtn/ewTuDBQ4RpzSITWQDAumZ6FtpGswaTELMAkGA1UEBhMCVVMx -ETAPBgNVBAgMCE5ldyBZb3JrMQ8wDQYDVQQHDAZHb3RoYW0xDzANBgNVBAoMBkdv -dGhhbTEMMAoGA1UECwwDV1dXMRcwFQYDVQQDDA5Hb3RoYW0gVGVzdCBDQYIJAI59 -xOwipFKSMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAD2Dp0oYH6i2 -r9ir+rBoDIfk0JXQVEaJGleW9/G/FgVUiQq1koxd+Yl9uRp66Dm2lqZWPSv2QNkg -Fa/+793MpzOxe2nFknI+VhpU8qRA0OZ/UNKB/xzJPGXp1VLeMIeCwLodTU7ub/13 -jpyJ/2B2utzB337oneDY0QcdaHx2zK0yK4pno9G71fY7dUUd7zbgkdHWL/gjCYIq -I+Xw4Jz+1LQwLWlQvFGP4JsphyI0oBI5AAkIK3GZvI3fX6A0uO923yamSPvE1031 -Zo+BS/I4INK85zicb+lxwC7D9ggSRZH08KaA3Yf1tW7eGZy69qef5FQvzckAXkYb -O+9n1YX7S8k= ------END CERTIFICATE----- diff --git a/gotham/src/tls/cert.pem b/gotham/src/tls/cert.pem deleted file mode 100644 index b99724fff..000000000 --- a/gotham/src/tls/cert.pem +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzER -MA8GA1UECAwITmV3IFlvcmsxDzANBgNVBAcMBkdvdGhhbTEPMA0GA1UECgwGR290 -aGFtMQwwCgYDVQQLDANXV1cxFzAVBgNVBAMMDkdvdGhhbSBUZXN0IENBMB4XDTE5 -MDMzMDE5NTQwMloXDTI5MDMyNzE5NTQwMlowbjELMAkGA1UEBhMCVVMxETAPBgNV -BAgMCE5ldyBZb3JrMQ8wDQYDVQQHDAZHb3RoYW0xDzANBgNVBAoMBkdvdGhhbTEU -MBIGA1UECwwLV1dXLXRlc3RpbmcxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLGXhDZnunBekBvSU1VH9dY+4lvY -vztvlfCJxKQ6l17iQ37haevsFb38RxHe5y5RexN3ORdwfbZcAfXDlcCXocFUmpdl -+5ZHxpoGsGkzz3mYZ6IZWWqbVV4UQXWhnSa3YC3wzM5BJivkfoQ4eC9N6L6m4N8O -Uayww3durDYlXD5eqc5SqORSrUkMY8b140r13iZzcr1boOFR6ie/3iVLgVbbDOhF -mv8fw0dSxhSSWbmUuua2OBjDCX2g4jx6jyUhcdiXBbCTaNUlG/dKrBHoT0sJi1Na -2Yi/YZzuPAsGw8VvbnsRjNaErEY3HWh3OELcwHUh7mxmFniDPDlv9YpnXwIDAQAB -o4IBFDCCARAwHQYDVR0OBBYEFHyLnsJ4KuWHcnuek3P7UmjOgiaSMIGbBgNVHSME -gZMwgZCAFNUG2f97BO4MFDhGnNIhNZAMC6ZnoW2kazBpMQswCQYDVQQGEwJVUzER -MA8GA1UECAwITmV3IFlvcmsxDzANBgNVBAcMBkdvdGhhbTEPMA0GA1UECgwGR290 -aGFtMQwwCgYDVQQLDANXV1cxFzAVBgNVBAMMDkdvdGhhbSBUZXN0IENBggkAjn3E -7CKkUpIwCwYDVR0PBAQDAgTwMAkGA1UdEwQCMAAwOQYDVR0RBDIwMIILZXhhbXBs -ZS5jb22CCWxvY2FsaG9zdIcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAATANBgkqhkiG -9w0BAQsFAAOCAQEAQiXswyfu2KYSZrU+bRNPP062gBvFfUu9+1Lc1v60W+vkXpT6 -iIxQVOqINygE7hjetpejdiAgibPKTSJJ+uGpjqAL764XWutmNcRXfwndxZ7kdCsU -dT6IIlNtx0nw5ZLkgrRSr2RrwcptNkhCfSTF4dxcGwdwHEZO3bB1wtrtNYzko7PA -Tg0PydkMZUOdYY41oMREKStD2nrL7b5f+jZ2Gv+oCF+0gUQxJpblferNFMMxLJ1X -Y9O+3pelsgeVskIiQYMmRPbALZOuX+dofelG3NB3v/eyxEI9BAOPEdG/yJcuDNge -lKU0o3Q33nlH8ifogcXFi0Oe1yTeDMxWmrwJOg== ------END CERTIFICATE----- diff --git a/gotham/src/tls/key.pem b/gotham/src/tls/key.pem deleted file mode 100644 index 6a17f6923..000000000 --- a/gotham/src/tls/key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCUsZeENme6cF6Q -G9JTVUf11j7iW9i/O2+V8InEpDqXXuJDfuFp6+wVvfxHEd7nLlF7E3c5F3B9tlwB -9cOVwJehwVSal2X7lkfGmgawaTPPeZhnohlZaptVXhRBdaGdJrdgLfDMzkEmK+R+ -hDh4L03ovqbg3w5RrLDDd26sNiVcPl6pzlKo5FKtSQxjxvXjSvXeJnNyvVug4VHq -J7/eJUuBVtsM6EWa/x/DR1LGFJJZuZS65rY4GMMJfaDiPHqPJSFx2JcFsJNo1SUb -90qsEehPSwmLU1rZiL9hnO48CwbDxW9uexGM1oSsRjcdaHc4QtzAdSHubGYWeIM8 -OW/1imdfAgMBAAECggEAaNm18vf+Ovyj4dCMhlC7loHGBA4qD+cUb1GXhD8eRcEV -oeylfPBsoIRAkcjrOm9x62y1hF+f5jWiOYuYqE+PXPOb+grKUhcNc+EG2HzGmQWw -T1uBroi7Ef5uIB6XoN49LqgWhgTm8ci/resEetM4h+dwe18ulK9GUf803mCsBZeu -MpdLH24Jk9gMJv8IWBxPCmQTjx4fUt8bbSflOKjRlGL2/671REM+vXy2RWZRalAx -kax6on6lVW02a1ihyk0dR6VUFHedUZJKLS1MAiSMFzKCTssOZLJmVtnM0cmEg0oz -q8JnK9U2wmmC9TBMD0LPhKePwtTYwf5WXsYSqWiesQKBgQDFObgUFqPaL+lBPWnr -alLrXxkSiR3FdmWF5j2oOODn/NNXe4VWv385jmAm2cpopPiblSyXf/8Erc3T1nq8 -LZNAX3NcGcZi7JZT7YO6W0mX4Up1KlU7J6dFVToei7UtLY1SwfJ5PYMA08sVoNVg -VKX5m2BxOc5Pfmn8GHdBULm0RwKBgQDBAWXpF36AsF+fMXJ0ehWTvwtwo2qrkiSi -v+XY0uV2HkzXgWCZ5VcwXzHyLCKu9l9EWm+M2ItT66bIjNyWcPQosboDxrq41zq5 -iqH6jnT5w7wdAUzYdoJDMbdiu71MuOMrI1LZuEKWnw0AjjjjJBPW8bNuBgpOVBSH -4DZORDs4KQKBgA8q0S06UH+HD7kkr/CazKWtOpBiWxfEcypI+pTlSuaMWvRvW2HA -eFhEysAyH47MoRHV9wfvn/0MILgZ1naCSsC4lnaOxOL2rtjleyvpuU8k1EUObF+Q -PRzn4QBYXiaLSkMDB1KrmFeH8iZHqCEwYVNAz7nlaChU4HGyr/kl7CIhAoGARgOZ -0orBSzGwHnGzkWlQNn6RSdUeNwsW2ys91//5WXX4bhzyzCEUFeoSlkVId6vMN2GP -IcrUECdmI05mHvTuvWxrjD8lMTRyiygtRlUzPf+xV9xG4idrbbC1U83DB/fyAI4Z -2f0rurQL5W2yWUOXJtwbOQhb6Lo7kGbXjGDYErECgYAPVVmXGJzf8xuBplqGKNxb -wshBMdGA27Jv0CBW1+/Lud/vUe3eHkThAOs49QwgvqxaUT4WZJQqKmiF+4ZUjhI/ -VF9Oawa2pEYpQvN1Vc5H3gfkEp1ezegS/Ve6fnBkwWk+dXHc0jiMCrRbC6yR9iiK -Kd4lTbquZpP2vYdjzsz5gw== ------END PRIVATE KEY----- diff --git a/gotham/src/tls/srv.cfg b/gotham/src/tls/srv.cfg deleted file mode 100644 index 18eb2990f..000000000 --- a/gotham/src/tls/srv.cfg +++ /dev/null @@ -1,29 +0,0 @@ -[ req ] -default_bits = 2048 -default_keyfile = key.pem -encrypt_key = no -default_md = sha256 -prompt=no -distinguished_name=server - -[ server ] -C = US -ST = New York -L = Gotham -O = Gotham -OU = WWW-testing -CN = example.com - -[ v3_server ] - -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -basicConstraints = CA:false -subjectAltName=@altname - -[ altname ] -DNS.1=example.com -DNS.2=localhost -IP.1=127.0.0.1 -IP.2=::1 diff --git a/gotham/src/tls/test.rs b/gotham/src/tls/test.rs index f282655ca..6be0f1ea0 100644 --- a/gotham/src/tls/test.rs +++ b/gotham/src/tls/test.rs @@ -2,12 +2,14 @@ //! //! See the [`TestServer`] and [`AsyncTestServer`] types for example usage. +use std::convert::TryFrom; use std::future::Future; -use std::io::{self, BufReader}; +use std::io; use std::net::SocketAddr; use std::pin::Pin; use std::sync::Arc; use std::task::{Context, Poll}; +use std::time::Duration; use futures_util::future::{BoxFuture, FutureExt}; use hyper::client::connect::{Connected, Connection}; @@ -15,21 +17,29 @@ use hyper::service::Service; use hyper::Uri; use log::info; use pin_project::pin_project; -use rustls::Session; use tokio::io::{AsyncRead, AsyncWrite, ReadBuf}; use tokio::net::TcpStream; use tokio::time::Sleep; use tokio_rustls::client::TlsStream; -use tokio_rustls::rustls::internal::pemfile::{certs, pkcs8_private_keys}; -use tokio_rustls::rustls::{self, NoClientAuth}; -use tokio_rustls::webpki::DNSNameRef; +use tokio_rustls::rustls::{ + self, Certificate, ClientConfig, PrivateKey, RootCertStore, ServerConfig, ServerName, +}; use tokio_rustls::TlsConnector; use crate::handler::NewHandler; use crate::test::async_test::{AsyncTestClient, AsyncTestServerInner}; use crate::test::{self, TestClient, TestServerData}; use crate::tls::rustls_wrap; -use std::time::Duration; + +fn server_config() -> ServerConfig { + let cert = Certificate(include_bytes!("tls_cert.der").to_vec()); + let key = PrivateKey(include_bytes!("tls_key.der").to_vec()); + ServerConfig::builder() + .with_safe_defaults() + .with_no_client_auth() + .with_single_cert(vec![cert], key) + .expect("Unable to create TLS server config") +} /// The `TestServer` type, which is used as a harness when writing test cases for Hyper services /// (which Gotham's `Router` is). An instance of `TestServer` is run asynchronously within the @@ -90,15 +100,8 @@ impl TestServer { new_handler: NH, timeout: u64, ) -> anyhow::Result { - let mut cfg = rustls::ServerConfig::new(NoClientAuth::new()); - let mut cert_file = BufReader::new(&include_bytes!("cert.pem")[..]); - let mut key_file = BufReader::new(&include_bytes!("key.pem")[..]); - let certs = certs(&mut cert_file).unwrap(); - let mut keys = pkcs8_private_keys(&mut key_file).unwrap(); - cfg.set_single_cert(certs, keys.remove(0))?; - + let cfg = server_config(); let data = TestServerData::new(new_handler, timeout, rustls_wrap(cfg))?; - Ok(TestServer { data: Arc::new(data), }) @@ -167,13 +170,7 @@ impl AsyncTestServer { new_handler: NH, timeout: Duration, ) -> anyhow::Result { - let mut cfg = rustls::ServerConfig::new(NoClientAuth::new()); - let mut cert_file = BufReader::new(&include_bytes!("cert.pem")[..]); - let mut key_file = BufReader::new(&include_bytes!("key.pem")[..]); - let certs = certs(&mut cert_file).unwrap(); - let mut keys = pkcs8_private_keys(&mut key_file).unwrap(); - cfg.set_single_cert(certs, keys.remove(0))?; - + let cfg = server_config(); let inner = AsyncTestServerInner::new(new_handler, timeout, rustls_wrap(cfg)).await?; Ok(AsyncTestServer { inner: Arc::new(inner), @@ -194,7 +191,7 @@ pub struct TlsConnectionStream(#[pin] TlsStream); impl Connection for TlsConnectionStream { fn connected(&self) -> Connected { let (tcp, tls) = self.0.get_ref(); - if tls.get_alpn_protocol() == Some(b"h2") { + if tls.alpn_protocol() == Some(b"h2") { tcp.connected().negotiated_h2() } else { tcp.connected() @@ -261,7 +258,7 @@ impl Service for TestConnect { async move { match TcpStream::connect(address).await { Ok(stream) => { - let domain = DNSNameRef::try_from_ascii_str(req.host().unwrap()).unwrap(); + let domain = ServerName::try_from(req.host().unwrap()).unwrap(); match tls.connect(domain, stream).await { Ok(tls_stream) => { info!("Client TcpStream connected: {:?}", tls_stream); @@ -282,13 +279,17 @@ impl Service for TestConnect { impl From for TestConnect { fn from(addr: SocketAddr) -> Self { - let mut config = rustls::ClientConfig::new(); - let mut cert_file = BufReader::new(&include_bytes!("ca_cert.pem")[..]); - config.root_store.add_pem_file(&mut cert_file).unwrap(); + let mut root_store = RootCertStore::empty(); + let ca_cert = include_bytes!("tls_ca_cert.der").to_vec(); + root_store.add(&Certificate(ca_cert)).unwrap(); + let cfg = ClientConfig::builder() + .with_safe_defaults() + .with_root_certificates(root_store) + .with_no_client_auth(); Self { addr, - config: Arc::new(config), + config: Arc::new(cfg), } } } diff --git a/gotham/src/tls/tls_ca_cert.der b/gotham/src/tls/tls_ca_cert.der new file mode 100644 index 0000000000000000000000000000000000000000..eae033520f0c22f034daf8074fe6ce8e6ccaed76 GIT binary patch literal 395 zcmXqLVr(~PV$@y0%*4pVB$EB^i}mk?XJtO~S3Ky_c`=d2YJZ{u7aNCGo5wj@7G@>` zNkef1Q8wmK7G@qk_xzHK#9W1t)Z!8aXGa4$ab6=sLjyxgLo;JDLxU)BUSkl~9LmL~ zHPS$sjU8+U6C>0zW=3{qCk7T)rSh_`0{SYG-fh2mqpG0C{>rm7?wV^=R`NFZBdn;Eoxk)~BsWq>96D2jfD&*gamGz5*4FU~hfex1CV-aH!x#B*p zCVKT-mQC literal 0 HcmV?d00001 diff --git a/gotham/src/tls/tls_cert.der b/gotham/src/tls/tls_cert.der new file mode 100644 index 0000000000000000000000000000000000000000..f55847688a7d11cb1855228c35128bc805bc67c1 GIT binary patch literal 384 zcmXqLVyrP}VpLkd%*4pVB+79Aru}AP+imlIO?lS7H)Zq5({pRC8*s64XtjBqvt?ms zGLSSBHxOlG4rO8H;d9R~$wQDOpH*Qm>Jobofud|CrG?yQ+JE+vz2iA zSkkrb_xs)1P4Q9}%|Aby^8Tz=m+jS_eRj?z*IhHFNSGBCRb75{XtOkuNv6zw z;;T$kc#_ig?CF;J>m|J0Y@rLY69bFr1c|q7>TdCUwh~SsOS;zme!n}rDPHQL`R7Md q-k;U#vc1}~&(68zx@*Q13A4hYs>`n~?F&qe>ihlq_L>Lk60ZPxn>Y6W literal 0 HcmV?d00001 diff --git a/gotham/src/tls/tls_new_cert.sh b/gotham/src/tls/tls_new_cert.sh new file mode 100755 index 000000000..c29b4934d --- /dev/null +++ b/gotham/src/tls/tls_new_cert.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash +set -euo pipefail + +# certificate authority +openssl ecparam -genkey -name prime256v1 -out tls_ca_key.pem +openssl req -batch -new -x509 -days 3650 -subj '/CN=Gotham Test CA' -extensions v3_ca -key tls_ca_key.pem -outform DER -out tls_ca_cert.der + +# server certificate +openssl ecparam -genkey -name prime256v1 -outform DER | \ + openssl pkcs8 -topk8 -inform DER -nocrypt -outform DER -out tls_key.der +serial=$(calc 0x`openssl rand -hex 20`) +cat >tls_req.cnf <