From 12c5223e3f47c5a9f9b0979b2bca57ab2e4ed9f9 Mon Sep 17 00:00:00 2001 From: Malte Fischer Date: Thu, 5 Oct 2023 12:37:52 +0200 Subject: [PATCH] Swap openssl with rusttls --- Cargo.lock | 134 ++++++++++++++++++++++++++++++++++++++++++++------ Cargo.toml | 2 +- src/config.rs | 55 ++++++++++++++------- src/lib.rs | 8 +-- 4 files changed, 160 insertions(+), 39 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 90137c9..de6cf3a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -264,9 +264,20 @@ checksum = "86d7a0c1aa76363dac491de0ee99faf6941128376f1cf96f07db7603b7de69dd" [[package]] name = "futures-io" +version = "0.3.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4fff74096e71ed47f8e023204cfd0aa1289cd54ae5430a9523be060cdb849964" + +[[package]] +name = "futures-macro" version = "0.3.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89d422fa3cbe3b40dca574ab087abb5bc98258ea57eea3fd6f1fa7162c778b91" +checksum = "3eb14ed937631bd8b8b8977f2c198443447a8355b6e3ca599f38c975e5a963b6" +dependencies = [ + "proc-macro2", + "quote", + "syn 1.0.109", +] [[package]] name = "futures-sink" @@ -288,6 +299,7 @@ checksum = "3ef6b17e481503ec85211fed8f39d1970f128935ca1f814cd32ac4a6842e84ab" dependencies = [ "futures-core", "futures-io", + "futures-macro", "futures-task", "memchr", "pin-project-lite", @@ -326,15 +338,6 @@ version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7dfda62a12f55daeae5015f81b0baea145391cb4520f86c248fc615d72640d12" -[[package]] -name = "hermit-abi" -version = "0.2.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee512640fe35acbfb4bb779db6f0d80704c2cacfa2e39b601ef3e3f47d1ae4c7" -dependencies = [ - "libc", -] - [[package]] name = "hermit-abi" version = "0.3.1" @@ -423,6 +426,20 @@ dependencies = [ "want", ] +[[package]] +name = "hyper-rustls" +version = "0.24.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d78e1e73ec14cf7375674f74d7dde185c8206fd9dea6fb6295e8a98098aaa97" +dependencies = [ + "futures-util", + "http 0.2.9", + "hyper", + "rustls", + "tokio", + "tokio-rustls", +] + [[package]] name = "hyper-tls" version = "0.5.0" @@ -481,7 +498,7 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "76e86b86ae312accbf05ade23ce76b625e0e47a255712b7414037385a1c05380" dependencies = [ - "hermit-abi 0.3.1", + "hermit-abi", "libc", "windows-sys 0.45.0", ] @@ -593,11 +610,11 @@ dependencies = [ [[package]] name = "num_cpus" -version = "1.15.0" +version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fac9e2da13b5eb447a6ce3d392f23a29d8694bff781bf03a16cd9ac8697593b" +checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" dependencies = [ - "hermit-abi 0.2.6", + "hermit-abi", "libc", ] @@ -724,6 +741,7 @@ dependencies = [ "http 0.2.9", "http-body", "hyper", + "hyper-rustls", "hyper-tls", "ipnet", "js-sys", @@ -733,20 +751,39 @@ dependencies = [ "once_cell", "percent-encoding 2.2.0", "pin-project-lite", + "rustls", + "rustls-pemfile", "serde", "serde_json", "serde_urlencoded", "system-configuration", "tokio", "tokio-native-tls", + "tokio-rustls", "tower-service", "url", "wasm-bindgen", "wasm-bindgen-futures", "web-sys", + "webpki-roots", "winreg", ] +[[package]] +name = "ring" +version = "0.16.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" +dependencies = [ + "cc", + "libc", + "once_cell", + "spin", + "untrusted", + "web-sys", + "winapi", +] + [[package]] name = "rustix" version = "0.36.9" @@ -761,6 +798,37 @@ dependencies = [ "windows-sys 0.45.0", ] +[[package]] +name = "rustls" +version = "0.21.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8" +dependencies = [ + "log", + "ring", + "rustls-webpki", + "sct", +] + +[[package]] +name = "rustls-pemfile" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d3987094b1d07b653b7dfdc3f70ce9a1da9c51ac18c1b06b662e4f9a0e9f4b2" +dependencies = [ + "base64 0.21.0", +] + +[[package]] +name = "rustls-webpki" +version = "0.101.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c7d5dece342910d9ba34d259310cae3e0154b873b35408b787b59bce53d34fe" +dependencies = [ + "ring", + "untrusted", +] + [[package]] name = "ryu" version = "1.0.13" @@ -776,6 +844,16 @@ dependencies = [ "windows-sys 0.42.0", ] +[[package]] +name = "sct" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" +dependencies = [ + "ring", + "untrusted", +] + [[package]] name = "security-framework" version = "2.8.2" @@ -870,6 +948,12 @@ dependencies = [ "winapi", ] +[[package]] +name = "spin" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" + [[package]] name = "strsim" version = "0.10.0" @@ -983,6 +1067,16 @@ dependencies = [ "tokio", ] +[[package]] +name = "tokio-rustls" +version = "0.24.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" +dependencies = [ + "rustls", + "tokio", +] + [[package]] name = "tokio-util" version = "0.7.7" @@ -1084,6 +1178,12 @@ dependencies = [ "tinyvec", ] +[[package]] +name = "untrusted" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" + [[package]] name = "url" version = "2.3.1" @@ -1211,6 +1311,12 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "webpki-roots" +version = "0.25.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "14247bb57be4f377dfb94c72830b8ce8fc6beac03cf4bf7b9732eadd414123fc" + [[package]] name = "winapi" version = "0.3.9" diff --git a/Cargo.toml b/Cargo.toml index f569d79..6fabbb3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,7 +9,7 @@ serde = "1.0.188" serde_derive = "1.0.188" urlencoding = "2.1.3" thhp = "0.2.0" -reqwest = { version = "0.11.22", features = ["blocking"] } +reqwest = { version = "0.11.22", features = ["blocking", "rustls-tls"] } http-bytes = "0.1.0" anyhow = "1.0.75" clap = { version = "4.4.6", features = ["cargo"] } diff --git a/src/config.rs b/src/config.rs index 2b261a5..c4c48d7 100644 --- a/src/config.rs +++ b/src/config.rs @@ -1,4 +1,5 @@ use anyhow::anyhow; +use reqwest::{blocking::Client, Error}; use std::{env, fs}; use serde_derive::Deserialize; @@ -52,7 +53,7 @@ impl Replaceable { impl Config { pub fn read_from_config(location: &str) -> anyhow::Result { let is_config_host = env::var("WEBCOMMAND_HOST_MODE") == Ok("true".to_owned()); - let content = load_config(location, is_config_host); + let content = Config::load_config_str(location, is_config_host); let raw: RawConfig = toml::from_str(content?.as_str())?; @@ -111,27 +112,45 @@ impl Config { ); redirect_url } -} -fn load_config(location: &str, is_config_host: bool) -> anyhow::Result { - println!( - "Executing as {}.", + fn load_config_str(location: &str, is_config_host: bool) -> anyhow::Result { + println!( + "Executing as {}.", + if is_config_host { + "config host" + } else { + "config mirror" + } + ); + if is_config_host { - "config host" + fs::read_to_string(location).map_err(|_| anyhow!("please provide the config file")) } else { - "config mirror" + let config_host = env::var("WEBCOMMAND_CONFIG").map_err(|_| { + anyhow!("please provide the url to the config host in WEBCOMMAND_CONFIG.") + })?; + let config_host = get_config_url(&config_host); + let config = Config::get_request_client()? + .get(config_host) + .send()? + .text()?; + Ok(config) } - ); - - if is_config_host { - fs::read_to_string(location).map_err(|_| anyhow!("please provide the config file")) - } else { - let config_host = env::var("WEBCOMMAND_CONFIG").map_err(|_| { - anyhow!("please provide the url to the config host in WEBCOMMAND_CONFIG.") - })?; - let config_host = get_config_url(&config_host); - let config = reqwest::blocking::get(config_host)?.text()?; - Ok(config) + } + + fn get_request_client() -> Result { + reqwest::blocking::ClientBuilder::new() + .use_rustls_tls() + .build() + } + + pub fn trigger_host_reload(&self) -> anyhow::Result<()> { + if !self.is_config_host { + Config::get_request_client()? + .get(get_reload_url(&self.location)) + .send()?; + } + Ok(()) } } diff --git a/src/lib.rs b/src/lib.rs index 4a24f4e..8d670d8 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -7,7 +7,7 @@ use std::{ pub mod config; mod simple_server; use clap::crate_version; -use config::{get_config_url, get_reload_url, Config}; +use config::{get_config_url, Config}; use http_bytes::{ http::{Method, Response, StatusCode}, Request, @@ -76,11 +76,7 @@ fn send_config_file(_: &Request, config: &Config) -> anyhow::Result { } fn reload_config_handler(_: &Request, config: &mut Config) -> anyhow::Result { - if !config.is_config_host { - if let Err(e) = reqwest::blocking::get(get_reload_url(&config.location)) { - eprintln!("Error while triggering reload on config host: {}", e); - } - } + config.trigger_host_reload()?; config.reload_config()?; let response_text = "Reloaded configuration".as_bytes();