Skip to content

Commit 795cd4d

Browse files
jbgjbg
authored
Merge pull request #15 from ol-teuto/rustls-update
add support for rustls 0.22
2 parents 1d6c54c + a20038d commit 795cd4d

File tree

3 files changed

+48
-16
lines changed

3 files changed

+48
-16
lines changed

Cargo.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,14 +11,14 @@ readme = "README.md"
1111
[dependencies]
1212
futures = { version = "0.3", default-features = false }
1313
ring = { version = "0.16", default-features = false }
14-
rustls = { version = "0.21", default-features = false }
14+
rustls = { version = "0.22.1", default-features = false }
1515
tokio = { version = "1", default-features = false }
1616
tokio-postgres = { version = "0.7", default-features = false }
17-
tokio-rustls = { version = "0.24", default-features = false }
17+
tokio-rustls = { version = "0.25", default-features = false }
1818
x509-certificate = {version = "0.21.0", default-features = false }
1919

2020
[dev-dependencies]
2121
env_logger = { version = "0.8", default-features = false }
2222
tokio = { version = "1", features = ["macros", "rt"] }
2323
tokio-postgres = "0.7"
24-
rustls = { version = "0.21", features = ["dangerous_configuration"] }
24+
rustls = { version = "0.22" }

README.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@ and the [tokio-postgres asynchronous PostgreSQL client library](https://github.c
1010

1111
```
1212
let config = rustls::ClientConfig::builder()
13-
.with_safe_defaults()
1413
.with_root_certificates(rustls::RootCertStore::empty())
1514
.with_no_client_auth();
1615
let tls = tokio_postgres_rustls::MakeRustlsConnect::new(config);

src/lib.rs

Lines changed: 45 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,8 @@ use DigestAlgorithm::{Sha1, Sha256, Sha384, Sha512};
1010

1111
use futures::future::{FutureExt, TryFutureExt};
1212
use ring::digest;
13-
use rustls::{ClientConfig, ServerName};
13+
use rustls::ClientConfig;
14+
use rustls::pki_types::ServerName;
1415
use tokio::io::{AsyncRead, AsyncWrite, ReadBuf};
1516
use tokio_postgres::tls::{ChannelBinding, MakeTlsConnect, TlsConnect};
1617
use tokio_rustls::{client::TlsStream, TlsConnector};
@@ -44,7 +45,7 @@ where
4445
ServerName::try_from(hostname)
4546
.map(|dns_name| {
4647
RustlsConnect(Some(RustlsConnectData {
47-
hostname: dns_name,
48+
hostname: dns_name.to_owned(),
4849
connector: Arc::clone(&self.config).into(),
4950
}))
5051
})
@@ -55,7 +56,7 @@ where
5556
pub struct RustlsConnect(Option<RustlsConnectData>);
5657

5758
struct RustlsConnectData {
58-
hostname: ServerName,
59+
hostname: ServerName<'static>,
5960
connector: TlsConnector,
6061
}
6162

@@ -151,30 +152,62 @@ where
151152
mod tests {
152153
use super::*;
153154
use futures::future::TryFutureExt;
154-
use rustls::{client::ServerCertVerified, client::ServerCertVerifier, Certificate, Error};
155-
use std::time::SystemTime;
156-
155+
use rustls::{
156+
client::danger::ServerCertVerifier,
157+
client::danger::{HandshakeSignatureValid, ServerCertVerified},
158+
Error, SignatureScheme,
159+
};
160+
use rustls::pki_types::{CertificateDer, UnixTime};
161+
162+
#[derive(Debug)]
157163
struct AcceptAllVerifier {}
158164
impl ServerCertVerifier for AcceptAllVerifier {
159165
fn verify_server_cert(
160166
&self,
161-
_end_entity: &Certificate,
162-
_intermediates: &[Certificate],
163-
_server_name: &ServerName,
164-
_scts: &mut dyn Iterator<Item = &[u8]>,
167+
_end_entity: &CertificateDer<'_>,
168+
_intermediates: &[CertificateDer<'_>],
169+
_server_name: &ServerName<'_>,
165170
_ocsp_response: &[u8],
166-
_now: SystemTime,
171+
_now: UnixTime,
167172
) -> Result<ServerCertVerified, Error> {
168173
Ok(ServerCertVerified::assertion())
169174
}
175+
176+
fn verify_tls12_signature(
177+
&self,
178+
_message: &[u8],
179+
_cert: &CertificateDer<'_>,
180+
_dss: &rustls::DigitallySignedStruct,
181+
) -> Result<rustls::client::danger::HandshakeSignatureValid, Error> {
182+
Ok(HandshakeSignatureValid::assertion())
183+
}
184+
185+
fn verify_tls13_signature(
186+
&self,
187+
_message: &[u8],
188+
_cert: &CertificateDer<'_>,
189+
_dss: &rustls::DigitallySignedStruct,
190+
) -> Result<rustls::client::danger::HandshakeSignatureValid, Error> {
191+
Ok(HandshakeSignatureValid::assertion())
192+
}
193+
194+
fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
195+
vec![
196+
SignatureScheme::ECDSA_NISTP384_SHA384,
197+
SignatureScheme::ECDSA_NISTP256_SHA256,
198+
SignatureScheme::RSA_PSS_SHA512,
199+
SignatureScheme::RSA_PSS_SHA384,
200+
SignatureScheme::RSA_PSS_SHA256,
201+
SignatureScheme::ED25519,
202+
]
203+
}
170204
}
171205

172206
#[tokio::test]
173207
async fn it_works() {
174208
env_logger::builder().is_test(true).try_init().unwrap();
175209

176210
let mut config = rustls::ClientConfig::builder()
177-
.with_safe_defaults()
178211
.with_root_certificates(rustls::RootCertStore::empty())
179212
.with_no_client_auth();
180213
config

0 commit comments

Comments
 (0)