mirror of
https://github.com/cloudflare/pingora.git
synced 2024-09-20 02:31:35 +02:00
Refactor module into and relocate the no-op tls module
This commit is contained in:
parent
d8f3ffae77
commit
e465899aa6
19 changed files with 837 additions and 16 deletions
2
.bleep
2
.bleep
|
@ -1 +1 @@
|
|||
b01a9bc71ff892b2fdbb47f6bb3f9eac88907435
|
||||
aadd07a5b3064b0fbdf57c8c02a5ef7b65b5fc03
|
|
@ -79,6 +79,7 @@ jemallocator = "0.5"
|
|||
|
||||
[features]
|
||||
default = ["openssl"]
|
||||
openssl = ["pingora-openssl"]
|
||||
boringssl = ["pingora-boringssl"]
|
||||
patched_http1 = []
|
||||
openssl = ["pingora-openssl", "some_tls"]
|
||||
boringssl = ["pingora-boringssl", "some_tls"]
|
||||
patched_http1 = []
|
||||
some_tls = []
|
|
@ -95,6 +95,7 @@ impl Connector {
|
|||
}
|
||||
|
||||
#[cfg(test)]
|
||||
#[cfg(feature = "some_tls")]
|
||||
mod tests {
|
||||
use super::*;
|
||||
use crate::protocols::http::v1::client::HttpSession as Http1Session;
|
||||
|
|
|
@ -103,6 +103,7 @@ mod tests {
|
|||
}
|
||||
|
||||
#[tokio::test]
|
||||
#[cfg(feature = "some_tls")]
|
||||
async fn test_connect_tls() {
|
||||
let connector = Connector::new(None);
|
||||
let peer = HttpPeer::new(("1.1.1.1", 443), true, "one.one.one.one".into());
|
||||
|
|
|
@ -460,6 +460,7 @@ mod tests {
|
|||
use crate::upstreams::peer::HttpPeer;
|
||||
|
||||
#[tokio::test]
|
||||
#[cfg(feature = "some_tls")]
|
||||
async fn test_connect_h2() {
|
||||
let connector = Connector::new(None);
|
||||
let mut peer = HttpPeer::new(("1.1.1.1", 443), true, "one.one.one.one".into());
|
||||
|
@ -472,6 +473,7 @@ mod tests {
|
|||
}
|
||||
|
||||
#[tokio::test]
|
||||
#[cfg(feature = "some_tls")]
|
||||
async fn test_connect_h1() {
|
||||
let connector = Connector::new(None);
|
||||
let mut peer = HttpPeer::new(("1.1.1.1", 443), true, "one.one.one.one".into());
|
||||
|
@ -497,6 +499,7 @@ mod tests {
|
|||
}
|
||||
|
||||
#[tokio::test]
|
||||
#[cfg(feature = "some_tls")]
|
||||
async fn test_h2_single_stream() {
|
||||
let connector = Connector::new(None);
|
||||
let mut peer = HttpPeer::new(("1.1.1.1", 443), true, "one.one.one.one".into());
|
||||
|
@ -528,6 +531,7 @@ mod tests {
|
|||
}
|
||||
|
||||
#[tokio::test]
|
||||
#[cfg(feature = "some_tls")]
|
||||
async fn test_h2_multiple_stream() {
|
||||
let connector = Connector::new(None);
|
||||
let mut peer = HttpPeer::new(("1.1.1.1", 443), true, "one.one.one.one".into());
|
||||
|
|
|
@ -365,6 +365,7 @@ fn test_reusable_stream(stream: &mut Stream) -> bool {
|
|||
}
|
||||
|
||||
#[cfg(test)]
|
||||
#[cfg(feature = "some_tls")]
|
||||
mod tests {
|
||||
use pingora_error::ErrorType;
|
||||
|
||||
|
|
|
@ -17,8 +17,8 @@ use pingora_error::{Error, ErrorType::*, OrErr, Result};
|
|||
use std::sync::{Arc, Once};
|
||||
|
||||
use super::ConnectorOptions;
|
||||
use crate::protocols::ssl::client::handshake;
|
||||
use crate::protocols::ssl::SslStream;
|
||||
use crate::protocols::tls::client::handshake;
|
||||
use crate::protocols::tls::SslStream;
|
||||
use crate::protocols::IO;
|
||||
use crate::tls::ext::{
|
||||
add_host, clear_error_stack, ssl_add_chain_cert, ssl_set_groups_list,
|
||||
|
|
|
@ -58,8 +58,8 @@ pub use pingora_boringssl as tls;
|
|||
#[cfg(all(not(feature = "boringssl"), feature = "openssl"))]
|
||||
pub use pingora_openssl as tls;
|
||||
|
||||
#[cfg(all(not(feature = "boringssl"), not(feature = "openssl")))]
|
||||
pub mod tls;
|
||||
#[cfg(not(feature = "some_tls"))]
|
||||
pub use protocols::tls::dummy_tls as tls;
|
||||
|
||||
pub mod prelude {
|
||||
pub use crate::server::configuration::Opt;
|
||||
|
|
|
@ -26,7 +26,7 @@ use std::{fs::Permissions, sync::Arc};
|
|||
use l4::{ListenerEndpoint, Stream as L4Stream};
|
||||
use tls::Acceptor;
|
||||
|
||||
pub use crate::protocols::ssl::server::TlsAccept;
|
||||
pub use crate::protocols::tls::server::TlsAccept;
|
||||
pub use l4::{ServerAddress, TcpSocketOptions};
|
||||
pub use tls::{TlsSettings, ALPN};
|
||||
|
||||
|
@ -213,6 +213,7 @@ mod test {
|
|||
}
|
||||
|
||||
#[tokio::test]
|
||||
#[cfg(feature = "some_tls")]
|
||||
async fn test_listen_tls() {
|
||||
use tokio::io::AsyncReadExt;
|
||||
|
||||
|
|
|
@ -16,14 +16,14 @@ use log::debug;
|
|||
use pingora_error::{ErrorType, OrErr, Result};
|
||||
use std::ops::{Deref, DerefMut};
|
||||
|
||||
use crate::protocols::ssl::{
|
||||
use crate::protocols::tls::{
|
||||
server::{handshake, handshake_with_callback, TlsAcceptCallbacks},
|
||||
SslStream,
|
||||
};
|
||||
use crate::protocols::IO;
|
||||
use crate::tls::ssl::{SslAcceptor, SslAcceptorBuilder, SslFiletype, SslMethod};
|
||||
|
||||
pub use crate::protocols::ssl::ALPN;
|
||||
pub use crate::protocols::tls::ALPN;
|
||||
|
||||
pub const TLS_CONF_ERR: ErrorType = ErrorType::Custom("TLSConfigError");
|
||||
|
||||
|
|
|
@ -22,7 +22,7 @@ use once_cell::sync::OnceCell;
|
|||
use super::l4::ext::{get_recv_buf, get_tcp_info, TCP_INFO};
|
||||
use super::l4::socket::SocketAddr;
|
||||
use super::raw_connect::ProxyDigest;
|
||||
use super::ssl::digest::SslDigest;
|
||||
use super::tls::digest::SslDigest;
|
||||
|
||||
/// The information can be extracted from a connection
|
||||
#[derive(Clone, Debug, Default)]
|
||||
|
|
|
@ -18,14 +18,14 @@ mod digest;
|
|||
pub mod http;
|
||||
pub mod l4;
|
||||
pub mod raw_connect;
|
||||
pub mod ssl;
|
||||
pub mod tls;
|
||||
|
||||
pub use digest::{
|
||||
Digest, GetProxyDigest, GetSocketDigest, GetTimingDigest, ProtoDigest, SocketDigest,
|
||||
TimingDigest,
|
||||
};
|
||||
pub use l4::ext::TcpKeepalive;
|
||||
pub use ssl::ALPN;
|
||||
pub use tls::ALPN;
|
||||
|
||||
use async_trait::async_trait;
|
||||
use std::fmt::Debug;
|
||||
|
@ -53,7 +53,7 @@ pub trait Ssl {
|
|||
}
|
||||
|
||||
/// Return the [`ssl::SslDigest`] for logging
|
||||
fn get_ssl_digest(&self) -> Option<Arc<ssl::SslDigest>> {
|
||||
fn get_ssl_digest(&self) -> Option<Arc<tls::SslDigest>> {
|
||||
None
|
||||
}
|
||||
|
||||
|
|
805
pingora-core/src/protocols/tls/dummy_tls/mod.rs
Normal file
805
pingora-core/src/protocols/tls/dummy_tls/mod.rs
Normal file
|
@ -0,0 +1,805 @@
|
|||
// Copyright 2024 Cloudflare, Inc.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
//! This module contains a dummy TLS implementation for the scenarios where real TLS
|
||||
//! implementations are unavailable.
|
||||
|
||||
macro_rules! impl_display {
|
||||
($ty:ty) => {
|
||||
impl std::fmt::Display for $ty {
|
||||
fn fmt(&self, _f: &mut std::fmt::Formatter<'_>) -> Result<(), std::fmt::Error> {
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
macro_rules! impl_deref {
|
||||
($from:ty => $to:ty) => {
|
||||
impl std::ops::Deref for $from {
|
||||
type Target = $to;
|
||||
fn deref(&self) -> &$to {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
impl std::ops::DerefMut for $from {
|
||||
fn deref_mut(&mut self) -> &mut $to {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
pub mod ssl {
|
||||
use super::error::ErrorStack;
|
||||
use super::x509::verify::X509VerifyParamRef;
|
||||
use super::x509::{X509VerifyResult, X509};
|
||||
|
||||
/// An error returned from an ALPN selection callback.
|
||||
pub struct AlpnError;
|
||||
impl AlpnError {
|
||||
/// Terminate the handshake with a fatal alert.
|
||||
pub const ALERT_FATAL: AlpnError = Self {};
|
||||
|
||||
/// Do not select a protocol, but continue the handshake.
|
||||
pub const NOACK: AlpnError = Self {};
|
||||
}
|
||||
|
||||
/// A type which allows for configuration of a client-side TLS session before connection.
|
||||
pub struct ConnectConfiguration;
|
||||
impl_deref! {ConnectConfiguration => SslRef}
|
||||
impl ConnectConfiguration {
|
||||
/// Configures the use of Server Name Indication (SNI) when connecting.
|
||||
pub fn set_use_server_name_indication(&mut self, _use_sni: bool) {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Configures the use of hostname verification when connecting.
|
||||
pub fn set_verify_hostname(&mut self, _verify_hostname: bool) {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Returns an `Ssl` configured to connect to the provided domain.
|
||||
pub fn into_ssl(self, _domain: &str) -> Result<Ssl, ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Like `SslContextBuilder::set_verify`.
|
||||
pub fn set_verify(&mut self, _mode: SslVerifyMode) {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Like `SslContextBuilder::set_alpn_protos`.
|
||||
pub fn set_alpn_protos(&mut self, _protocols: &[u8]) -> Result<(), ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Returns a mutable reference to the X509 verification configuration.
|
||||
pub fn param_mut(&mut self) -> &mut X509VerifyParamRef {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// An SSL error.
|
||||
#[derive(Debug)]
|
||||
pub struct Error;
|
||||
impl_display!(Error);
|
||||
impl Error {
|
||||
pub fn code(&self) -> ErrorCode {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// An error code returned from SSL functions.
|
||||
#[derive(PartialEq)]
|
||||
pub struct ErrorCode(i32);
|
||||
impl ErrorCode {
|
||||
/// An error occurred in the SSL library.
|
||||
pub const SSL: ErrorCode = Self(0);
|
||||
}
|
||||
|
||||
/// An identifier of a session name type.
|
||||
pub struct NameType;
|
||||
impl NameType {
|
||||
pub const HOST_NAME: NameType = Self {};
|
||||
}
|
||||
|
||||
/// The state of an SSL/TLS session.
|
||||
pub struct Ssl;
|
||||
impl Ssl {
|
||||
/// Creates a new `Ssl`.
|
||||
pub fn new(_ctx: &SslContextRef) -> Result<Ssl, ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
impl_deref! {Ssl => SslRef}
|
||||
|
||||
/// A type which wraps server-side streams in a TLS session.
|
||||
pub struct SslAcceptor;
|
||||
impl SslAcceptor {
|
||||
/// Creates a new builder configured to connect to non-legacy clients. This should
|
||||
/// generally be considered a reasonable default choice.
|
||||
pub fn mozilla_intermediate_v5(
|
||||
_method: SslMethod,
|
||||
) -> Result<SslAcceptorBuilder, ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// A builder for `SslAcceptor`s.
|
||||
pub struct SslAcceptorBuilder;
|
||||
impl SslAcceptorBuilder {
|
||||
/// Consumes the builder, returning a `SslAcceptor`.
|
||||
pub fn build(self) -> SslAcceptor {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Sets the callback used by a server to select a protocol for Application Layer Protocol
|
||||
/// Negotiation (ALPN).
|
||||
pub fn set_alpn_select_callback<F>(&mut self, _callback: F)
|
||||
where
|
||||
F: for<'a> Fn(&mut SslRef, &'a [u8]) -> Result<&'a [u8], AlpnError>
|
||||
+ 'static
|
||||
+ Sync
|
||||
+ Send,
|
||||
{
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Loads a certificate chain from a file.
|
||||
pub fn set_certificate_chain_file<P: AsRef<std::path::Path>>(
|
||||
&mut self,
|
||||
_file: P,
|
||||
) -> Result<(), ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Loads the private key from a file.
|
||||
pub fn set_private_key_file<P: AsRef<std::path::Path>>(
|
||||
&mut self,
|
||||
_file: P,
|
||||
_file_type: SslFiletype,
|
||||
) -> Result<(), ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Sets the maximum supported protocol version.
|
||||
pub fn set_max_proto_version(
|
||||
&mut self,
|
||||
_version: Option<SslVersion>,
|
||||
) -> Result<(), ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// Reference to an [`SslCipher`].
|
||||
pub struct SslCipherRef;
|
||||
impl SslCipherRef {
|
||||
/// Returns the name of the cipher.
|
||||
pub fn name(&self) -> &'static str {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// A type which wraps client-side streams in a TLS session.
|
||||
pub struct SslConnector;
|
||||
impl SslConnector {
|
||||
/// Creates a new builder for TLS connections.
|
||||
pub fn builder(_method: SslMethod) -> Result<SslConnectorBuilder, ErrorStack> {
|
||||
Ok(SslConnectorBuilder)
|
||||
}
|
||||
|
||||
/// Returns a structure allowing for configuration of a single TLS session before connection.
|
||||
pub fn configure(&self) -> Result<ConnectConfiguration, ErrorStack> {
|
||||
Ok(ConnectConfiguration)
|
||||
}
|
||||
|
||||
/// Returns a shared reference to the inner raw `SslContext`.
|
||||
pub fn context(&self) -> &SslContextRef {
|
||||
&SslContextRef
|
||||
}
|
||||
}
|
||||
|
||||
/// A builder for `SslConnector`s.
|
||||
pub struct SslConnectorBuilder;
|
||||
impl SslConnectorBuilder {
|
||||
/// Consumes the builder, returning an `SslConnector`.
|
||||
pub fn build(self) -> SslConnector {
|
||||
SslConnector
|
||||
}
|
||||
|
||||
/// Sets the list of supported ciphers for protocols before TLSv1.3.
|
||||
pub fn set_cipher_list(&mut self, _cipher_list: &str) -> Result<(), ErrorStack> {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Sets the context’s supported signature algorithms.
|
||||
pub fn set_sigalgs_list(&mut self, _sigalgs: &str) -> Result<(), ErrorStack> {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Sets the minimum supported protocol version.
|
||||
pub fn set_min_proto_version(
|
||||
&mut self,
|
||||
_version: Option<SslVersion>,
|
||||
) -> Result<(), ErrorStack> {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Sets the maximum supported protocol version.
|
||||
pub fn set_max_proto_version(
|
||||
&mut self,
|
||||
_version: Option<SslVersion>,
|
||||
) -> Result<(), ErrorStack> {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Use the default locations of trusted certificates for verification.
|
||||
pub fn set_default_verify_paths(&mut self) -> Result<(), ErrorStack> {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Loads trusted root certificates from a file.
|
||||
pub fn set_ca_file<P: AsRef<std::path::Path>>(
|
||||
&mut self,
|
||||
_file: P,
|
||||
) -> Result<(), ErrorStack> {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Loads a leaf certificate from a file.
|
||||
pub fn set_certificate_file<P: AsRef<std::path::Path>>(
|
||||
&mut self,
|
||||
_file: P,
|
||||
_file_type: SslFiletype,
|
||||
) -> Result<(), ErrorStack> {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Loads the private key from a file.
|
||||
pub fn set_private_key_file<P: AsRef<std::path::Path>>(
|
||||
&mut self,
|
||||
_file: P,
|
||||
_file_type: SslFiletype,
|
||||
) -> Result<(), ErrorStack> {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Sets the TLS key logging callback.
|
||||
pub fn set_keylog_callback<F>(&mut self, _callback: F)
|
||||
where
|
||||
F: Fn(&SslRef, &str) + 'static + Sync + Send,
|
||||
{
|
||||
}
|
||||
}
|
||||
|
||||
/// A context object for TLS streams.
|
||||
pub struct SslContext;
|
||||
impl SslContext {
|
||||
/// Creates a new builder object for an `SslContext`.
|
||||
pub fn builder(_method: SslMethod) -> Result<SslContextBuilder, ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
impl_deref! {SslContext => SslContextRef}
|
||||
|
||||
/// A builder for `SslContext`s.
|
||||
pub struct SslContextBuilder;
|
||||
impl SslContextBuilder {
|
||||
/// Consumes the builder, returning a new `SslContext`.
|
||||
pub fn build(self) -> SslContext {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// Reference to [`SslContext`]
|
||||
pub struct SslContextRef;
|
||||
|
||||
/// An identifier of the format of a certificate or key file.
|
||||
pub struct SslFiletype;
|
||||
impl SslFiletype {
|
||||
/// The PEM format.
|
||||
pub const PEM: SslFiletype = Self {};
|
||||
}
|
||||
|
||||
/// A type specifying the kind of protocol an `SslContext`` will speak.
|
||||
pub struct SslMethod;
|
||||
impl SslMethod {
|
||||
/// Support all versions of the TLS protocol.
|
||||
pub fn tls() -> SslMethod {
|
||||
Self
|
||||
}
|
||||
}
|
||||
|
||||
/// Reference to an [`Ssl`].
|
||||
pub struct SslRef;
|
||||
impl SslRef {
|
||||
/// Like [`SslContextBuilder::set_verify`].
|
||||
pub fn set_verify(&mut self, _mode: SslVerifyMode) {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Returns the current cipher if the session is active.
|
||||
pub fn current_cipher(&self) -> Option<&SslCipherRef> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Sets the host name to be sent to the server for Server Name Indication (SNI).
|
||||
pub fn set_hostname(&mut self, _hostname: &str) -> Result<(), ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Returns the peer’s certificate, if present.
|
||||
pub fn peer_certificate(&self) -> Option<X509> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Returns the certificate verification result.
|
||||
pub fn verify_result(&self) -> X509VerifyResult {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Returns a string describing the protocol version of the session.
|
||||
pub fn version_str(&self) -> &'static str {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Returns the protocol selected via Application Layer Protocol Negotiation (ALPN).
|
||||
pub fn selected_alpn_protocol(&self) -> Option<&[u8]> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Returns the servername sent by the client via Server Name Indication (SNI).
|
||||
pub fn servername(&self, _type_: NameType) -> Option<&str> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// Options controlling the behavior of certificate verification.
|
||||
pub struct SslVerifyMode;
|
||||
impl SslVerifyMode {
|
||||
/// Verifies that the peer’s certificate is trusted.
|
||||
pub const PEER: Self = Self {};
|
||||
|
||||
/// Disables verification of the peer’s certificate.
|
||||
pub const NONE: Self = Self {};
|
||||
}
|
||||
|
||||
/// An SSL/TLS protocol version.
|
||||
pub struct SslVersion;
|
||||
impl SslVersion {
|
||||
/// TLSv1.0
|
||||
pub const TLS1: SslVersion = Self {};
|
||||
|
||||
/// TLSv1.2
|
||||
pub const TLS1_2: SslVersion = Self {};
|
||||
|
||||
/// TLSv1.3
|
||||
pub const TLS1_3: SslVersion = Self {};
|
||||
}
|
||||
|
||||
/// A standard implementation of protocol selection for Application Layer Protocol Negotiation
|
||||
/// (ALPN).
|
||||
pub fn select_next_proto<'a>(_server: &[u8], _client: &'a [u8]) -> Option<&'a [u8]> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
pub mod ssl_sys {
|
||||
pub const X509_V_OK: i32 = 0;
|
||||
pub const X509_V_ERR_INVALID_CALL: i32 = 69;
|
||||
}
|
||||
|
||||
pub mod error {
|
||||
use super::ssl::Error;
|
||||
|
||||
/// Collection of [`Errors`] from OpenSSL.
|
||||
#[derive(Debug)]
|
||||
pub struct ErrorStack;
|
||||
impl_display!(ErrorStack);
|
||||
impl std::error::Error for ErrorStack {}
|
||||
impl ErrorStack {
|
||||
/// Returns the contents of the OpenSSL error stack.
|
||||
pub fn get() -> ErrorStack {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Returns the errors in the stack.
|
||||
pub fn errors(&self) -> &[Error] {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub mod x509 {
|
||||
use super::asn1::{Asn1IntegerRef, Asn1StringRef, Asn1TimeRef};
|
||||
use super::error::ErrorStack;
|
||||
use super::hash::{DigestBytes, MessageDigest};
|
||||
use super::nid::Nid;
|
||||
|
||||
/// An `X509` public key certificate.
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct X509;
|
||||
impl_deref! {X509 => X509Ref}
|
||||
impl X509 {
|
||||
/// Deserializes a PEM-encoded X509 structure.
|
||||
pub fn from_pem(_pem: &[u8]) -> Result<X509, ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// A type to destructure and examine an `X509Name`.
|
||||
pub struct X509NameEntries<'a> {
|
||||
marker: std::marker::PhantomData<&'a ()>,
|
||||
}
|
||||
impl<'a> Iterator for X509NameEntries<'a> {
|
||||
type Item = &'a X509NameEntryRef;
|
||||
fn next(&mut self) -> Option<&'a X509NameEntryRef> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// Reference to `X509NameEntry`.
|
||||
pub struct X509NameEntryRef;
|
||||
impl X509NameEntryRef {
|
||||
pub fn data(&self) -> &Asn1StringRef {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// Reference to `X509Name`.
|
||||
pub struct X509NameRef;
|
||||
impl X509NameRef {
|
||||
/// Returns the name entries by the nid.
|
||||
pub fn entries_by_nid(&self, _nid: Nid) -> X509NameEntries<'_> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// Reference to `X509`.
|
||||
pub struct X509Ref;
|
||||
impl X509Ref {
|
||||
/// Returns this certificate’s subject name.
|
||||
pub fn subject_name(&self) -> &X509NameRef {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Returns a digest of the DER representation of the certificate.
|
||||
pub fn digest(&self, _hash_type: MessageDigest) -> Result<DigestBytes, ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Returns the certificate’s Not After validity period.
|
||||
pub fn not_after(&self) -> &Asn1TimeRef {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Returns this certificate’s serial number.
|
||||
pub fn serial_number(&self) -> &Asn1IntegerRef {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// The result of peer certificate verification.
|
||||
pub struct X509VerifyResult;
|
||||
impl X509VerifyResult {
|
||||
/// Return the integer representation of an `X509VerifyResult`.
|
||||
pub fn as_raw(&self) -> i32 {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
pub mod store {
|
||||
use super::super::error::ErrorStack;
|
||||
use super::X509;
|
||||
|
||||
/// A builder type used to construct an `X509Store`.
|
||||
pub struct X509StoreBuilder;
|
||||
impl X509StoreBuilder {
|
||||
/// Returns a builder for a certificate store..
|
||||
pub fn new() -> Result<X509StoreBuilder, ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Constructs the `X509Store`.
|
||||
pub fn build(self) -> X509Store {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Adds a certificate to the certificate store.
|
||||
pub fn add_cert(&mut self, _cert: X509) -> Result<(), ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// A certificate store to hold trusted X509 certificates.
|
||||
pub struct X509Store;
|
||||
impl_deref! {X509Store => X509StoreRef}
|
||||
|
||||
/// Reference to an `X509Store`.
|
||||
pub struct X509StoreRef;
|
||||
}
|
||||
|
||||
pub mod verify {
|
||||
/// Reference to `X509VerifyParam`.
|
||||
pub struct X509VerifyParamRef;
|
||||
}
|
||||
}
|
||||
|
||||
pub mod nid {
|
||||
/// A numerical identifier for an OpenSSL object.
|
||||
pub struct Nid;
|
||||
impl Nid {
|
||||
pub const COMMONNAME: Nid = Self {};
|
||||
pub const ORGANIZATIONNAME: Nid = Self {};
|
||||
pub const ORGANIZATIONALUNITNAME: Nid = Self {};
|
||||
}
|
||||
}
|
||||
|
||||
pub mod pkey {
|
||||
use super::error::ErrorStack;
|
||||
|
||||
/// A public or private key.
|
||||
#[derive(Clone)]
|
||||
pub struct PKey<T> {
|
||||
marker: std::marker::PhantomData<T>,
|
||||
}
|
||||
impl<T> std::ops::Deref for PKey<T> {
|
||||
type Target = PKeyRef<T>;
|
||||
fn deref(&self) -> &PKeyRef<T> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
impl<T> std::ops::DerefMut for PKey<T> {
|
||||
fn deref_mut(&mut self) -> &mut PKeyRef<T> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
impl PKey<Private> {
|
||||
pub fn private_key_from_pem(_pem: &[u8]) -> Result<PKey<Private>, ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// Reference to `PKey`.
|
||||
pub struct PKeyRef<T> {
|
||||
marker: std::marker::PhantomData<T>,
|
||||
}
|
||||
|
||||
/// A tag type indicating that a key has private components.
|
||||
#[derive(Clone)]
|
||||
pub enum Private {}
|
||||
unsafe impl HasPrivate for Private {}
|
||||
|
||||
/// A trait indicating that a key has private components.
|
||||
pub unsafe trait HasPrivate {}
|
||||
}
|
||||
|
||||
pub mod hash {
|
||||
/// A message digest algorithm.
|
||||
pub struct MessageDigest;
|
||||
impl MessageDigest {
|
||||
pub fn sha256() -> MessageDigest {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// The resulting bytes of a digest.
|
||||
pub struct DigestBytes;
|
||||
impl AsRef<[u8]> for DigestBytes {
|
||||
fn as_ref(&self) -> &[u8] {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub mod asn1 {
|
||||
use super::bn::BigNum;
|
||||
use super::error::ErrorStack;
|
||||
|
||||
/// A reference to an `Asn1Integer`.
|
||||
pub struct Asn1IntegerRef;
|
||||
impl Asn1IntegerRef {
|
||||
/// Converts the integer to a `BigNum`.
|
||||
pub fn to_bn(&self) -> Result<BigNum, ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// A reference to an `Asn1String`.
|
||||
pub struct Asn1StringRef;
|
||||
impl Asn1StringRef {
|
||||
pub fn as_utf8(&self) -> Result<&str, ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
/// Reference to an `Asn1Time`
|
||||
pub struct Asn1TimeRef;
|
||||
impl_display! {Asn1TimeRef}
|
||||
}
|
||||
|
||||
pub mod bn {
|
||||
use super::error::ErrorStack;
|
||||
|
||||
/// Dynamically sized large number implementation
|
||||
pub struct BigNum;
|
||||
impl BigNum {
|
||||
/// Returns a hexadecimal string representation of `self`.
|
||||
pub fn to_hex_str(&self) -> Result<&str, ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub mod ext {
|
||||
use super::error::ErrorStack;
|
||||
use super::pkey::{HasPrivate, PKeyRef};
|
||||
use super::ssl::{Ssl, SslAcceptor, SslRef};
|
||||
use super::x509::store::X509StoreRef;
|
||||
use super::x509::verify::X509VerifyParamRef;
|
||||
use super::x509::X509Ref;
|
||||
|
||||
/// Add name as an additional reference identifier that can match the peer's certificate
|
||||
pub fn add_host(_verify_param: &mut X509VerifyParamRef, _host: &str) -> Result<(), ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Set the verify cert store of `_ssl`
|
||||
pub fn ssl_set_verify_cert_store(
|
||||
_ssl: &mut SslRef,
|
||||
_cert_store: &X509StoreRef,
|
||||
) -> Result<(), ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Load the certificate into `_ssl`
|
||||
pub fn ssl_use_certificate(_ssl: &mut SslRef, _cert: &X509Ref) -> Result<(), ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Load the private key into `_ssl`
|
||||
pub fn ssl_use_private_key<T>(_ssl: &mut SslRef, _key: &PKeyRef<T>) -> Result<(), ErrorStack>
|
||||
where
|
||||
T: HasPrivate,
|
||||
{
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Clear the error stack
|
||||
pub fn clear_error_stack() {}
|
||||
|
||||
/// Create a new [Ssl] from &[SslAcceptor]
|
||||
pub fn ssl_from_acceptor(_acceptor: &SslAcceptor) -> Result<Ssl, ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Suspend the TLS handshake when a certificate is needed.
|
||||
pub fn suspend_when_need_ssl_cert(_ssl: &mut SslRef) {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Unblock a TLS handshake after the certificate is set.
|
||||
pub fn unblock_ssl_cert(_ssl: &mut SslRef) {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Whether the TLS error is SSL_ERROR_WANT_X509_LOOKUP
|
||||
pub fn is_suspended_for_cert(_error: &super::ssl::Error) -> bool {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Add the certificate into the cert chain of `_ssl`
|
||||
pub fn ssl_add_chain_cert(_ssl: &mut SslRef, _cert: &X509Ref) -> Result<(), ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Set renegotiation
|
||||
pub fn ssl_set_renegotiate_mode_freely(_ssl: &mut SslRef) {}
|
||||
|
||||
/// Set the curves/groups of `_ssl`
|
||||
pub fn ssl_set_groups_list(_ssl: &mut SslRef, _groups: &str) -> Result<(), ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Sets whether a second keyshare to be sent in client hello when PQ is used.
|
||||
pub fn ssl_use_second_key_share(_ssl: &mut SslRef, _enabled: bool) {}
|
||||
|
||||
/// Get a mutable SslRef ouf of SslRef, which is a missing functionality even when holding &mut SslStream
|
||||
/// # Safety
|
||||
pub unsafe fn ssl_mut(_ssl: &SslRef) -> &mut SslRef {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
|
||||
pub mod tokio_ssl {
|
||||
use std::pin::Pin;
|
||||
use std::task::{Context, Poll};
|
||||
use tokio::io::{AsyncRead, AsyncWrite, ReadBuf};
|
||||
|
||||
use super::error::ErrorStack;
|
||||
use super::ssl::{Error, Ssl, SslRef};
|
||||
|
||||
/// A TLS session over a stream.
|
||||
#[derive(Debug)]
|
||||
pub struct SslStream<S> {
|
||||
marker: std::marker::PhantomData<S>,
|
||||
}
|
||||
impl<S> SslStream<S> {
|
||||
/// Creates a new `SslStream`.
|
||||
pub fn new(_ssl: Ssl, _stream: S) -> Result<Self, ErrorStack> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Initiates a client-side TLS handshake.
|
||||
pub async fn connect(self: Pin<&mut Self>) -> Result<(), Error> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Initiates a server-side TLS handshake.
|
||||
pub async fn accept(self: Pin<&mut Self>) -> Result<(), Error> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Returns a shared reference to the `Ssl` object associated with this stream.
|
||||
pub fn ssl(&self) -> &SslRef {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Returns a shared reference to the underlying stream.
|
||||
pub fn get_ref(&self) -> &S {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
/// Returns a mutable reference to the underlying stream.
|
||||
pub fn get_mut(&mut self) -> &mut S {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
impl<S> AsyncRead for SslStream<S>
|
||||
where
|
||||
S: AsyncRead + AsyncWrite,
|
||||
{
|
||||
fn poll_read(
|
||||
self: Pin<&mut Self>,
|
||||
_ctx: &mut Context<'_>,
|
||||
_buf: &mut ReadBuf<'_>,
|
||||
) -> Poll<std::io::Result<()>> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
impl<S> AsyncWrite for SslStream<S>
|
||||
where
|
||||
S: AsyncRead + AsyncWrite,
|
||||
{
|
||||
fn poll_write(
|
||||
self: Pin<&mut Self>,
|
||||
_ctx: &mut Context<'_>,
|
||||
_buf: &[u8],
|
||||
) -> Poll<std::io::Result<usize>> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
fn poll_flush(self: Pin<&mut Self>, _ctx: &mut Context<'_>) -> Poll<std::io::Result<()>> {
|
||||
unimplemented!();
|
||||
}
|
||||
|
||||
fn poll_shutdown(
|
||||
self: Pin<&mut Self>,
|
||||
_ctx: &mut Context<'_>,
|
||||
) -> Poll<std::io::Result<()>> {
|
||||
unimplemented!();
|
||||
}
|
||||
}
|
||||
}
|
|
@ -18,6 +18,9 @@ pub mod client;
|
|||
pub mod digest;
|
||||
pub mod server;
|
||||
|
||||
#[cfg(not(feature = "some_tls"))]
|
||||
pub mod dummy_tls;
|
||||
|
||||
use crate::protocols::digest::TimingDigest;
|
||||
use crate::protocols::{Ssl, UniqueID};
|
||||
use crate::tls::{self, ssl, tokio_ssl::SslStream as InnerSsl};
|
|
@ -143,6 +143,7 @@ impl<S: AsyncRead + AsyncWrite + Send + Unpin> ResumableAccept for SslStream<S>
|
|||
}
|
||||
|
||||
#[tokio::test]
|
||||
#[cfg(feature = "some_tls")]
|
||||
async fn test_async_cert() {
|
||||
use tokio::io::AsyncReadExt;
|
||||
let acceptor = ssl::SslAcceptor::mozilla_intermediate_v5(ssl::SslMethod::tls())
|
|
@ -36,7 +36,7 @@ use crate::protocols::TcpKeepalive;
|
|||
use crate::tls::x509::X509;
|
||||
use crate::utils::{get_organization_unit, CertKey};
|
||||
|
||||
pub use crate::protocols::ssl::ALPN;
|
||||
pub use crate::protocols::tls::ALPN;
|
||||
|
||||
/// The interface to trace the connection
|
||||
pub trait Tracing: Send + Sync + std::fmt::Debug {
|
||||
|
|
|
@ -18,6 +18,7 @@ use hyper::Client;
|
|||
use hyperlocal::{UnixClientExt, Uri};
|
||||
use utils::init;
|
||||
|
||||
#[cfg(feature = "some_tls")]
|
||||
#[tokio::test]
|
||||
async fn test_http() {
|
||||
init();
|
||||
|
@ -25,6 +26,7 @@ async fn test_http() {
|
|||
assert_eq!(res.status(), reqwest::StatusCode::OK);
|
||||
}
|
||||
|
||||
#[cfg(feature = "some_tls")]
|
||||
#[tokio::test]
|
||||
async fn test_https_http2() {
|
||||
init();
|
||||
|
@ -49,6 +51,7 @@ async fn test_https_http2() {
|
|||
assert_eq!(res.version(), reqwest::Version::HTTP_11);
|
||||
}
|
||||
|
||||
#[cfg(feature = "some_tls")]
|
||||
#[tokio::test]
|
||||
async fn test_uds() {
|
||||
init();
|
||||
|
|
Loading…
Reference in a new issue