From 84e289be26d5a91bd93dfc548ebcd3e9532fdc18 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Mon, 18 Mar 2024 21:48:02 +1100 Subject: [PATCH 1/3] Add test for bare PING-PONG protocol over TLS handle --- Cargo.lock | 94 +++++++++++++++++++ Cargo.toml | 4 + certs/Makefile | 62 +++++++++++++ certs/ca.rsa4096.crt | 33 +++++++ certs/ca.rsa4096.key | 52 +++++++++++ certs/cert.cnf | 21 +++++ certs/openssl.cnf | 23 +++++ certs/rustcryp.to.rsa4096.ca_signed.crt | 38 ++++++++ certs/rustcryp.to.rsa4096.csr | 29 ++++++ certs/rustcryp.to.rsa4096.key | 52 +++++++++++ tests/http_client.rs | 118 ++++++++++++++++++++++++ 11 files changed, 526 insertions(+) create mode 100644 certs/Makefile create mode 100644 certs/ca.rsa4096.crt create mode 100644 certs/ca.rsa4096.key create mode 100644 certs/cert.cnf create mode 100644 certs/openssl.cnf create mode 100644 certs/rustcryp.to.rsa4096.ca_signed.crt create mode 100644 certs/rustcryp.to.rsa4096.csr create mode 100644 certs/rustcryp.to.rsa4096.key create mode 100644 tests/http_client.rs diff --git a/Cargo.lock b/Cargo.lock index 0c80992..8c0d3d2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -55,6 +55,12 @@ version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" +[[package]] +name = "bitflags" +version = "2.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf" + [[package]] name = "block-buffer" version = "0.10.4" @@ -246,6 +252,7 @@ checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871" dependencies = [ "curve25519-dalek", "ed25519", + "serde", "sha2", "subtle", "zeroize", @@ -288,6 +295,21 @@ version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1676f435fc1dadde4d03e43f5d62b259e1ce5f40bd4ffb21db2b42ebe59c1382" +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + [[package]] name = "generic-array" version = "0.14.7" @@ -444,6 +466,44 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" +[[package]] +name = "openssl" +version = "0.10.64" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" +dependencies = [ + "bitflags", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", +] + +[[package]] +name = "openssl-macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "openssl-sys" +version = "0.9.101" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dda2b0f344e78efc2facf7d195d098df0dd72151b26ab98da807afc26c198dff" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + [[package]] name = "p256" version = "0.13.2" @@ -515,6 +575,12 @@ dependencies = [ "spki", ] +[[package]] +name = "pkg-config" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" + [[package]] name = "platforms" version = "3.3.0" @@ -694,9 +760,11 @@ dependencies = [ "ecdsa", "ed25519-dalek", "hmac", + "openssl", "p256", "p384", "paste", + "pem-rfc7468", "pkcs8", "rand_core", "rsa", @@ -740,6 +808,26 @@ version = "1.0.22" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "92d43fe69e652f3df9bdc2b85b2854a0825b86e4fb76bc44d945137d053639ca" +[[package]] +name = "serde" +version = "1.0.197" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3fb1c873e1b9b056a4dc4c0c198b24c3ffa059243875552b2bd0933b1aee4ce2" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.197" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7eb0b34b42edc17f6b7cac84a52a1c5f0e1bb2227e997ca9011ea3dd34e8610b" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "sha2" version = "0.10.8" @@ -834,6 +922,12 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + [[package]] name = "version_check" version = "0.9.4" diff --git a/Cargo.toml b/Cargo.toml index c14ae8a..74f4b5a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -43,3 +43,7 @@ std = ["alloc", "webpki/std", "pki-types/std", "rustls/std", "ed25519-dalek/std" # TODO: go through all of these to ensure to_vec etc. impls are exposed alloc = ["webpki/alloc", "pki-types/alloc", "aead/alloc", "ed25519-dalek/alloc"] zeroize = ["ed25519-dalek/zeroize", "x25519-dalek/zeroize"] + +[dev-dependencies] +openssl = { version = "0.10", default-features = false } +pem-rfc7468 = { version = "0.7", default-features = false, features = ["alloc"] } diff --git a/certs/Makefile b/certs/Makefile new file mode 100644 index 0000000..e2d13cb --- /dev/null +++ b/certs/Makefile @@ -0,0 +1,62 @@ +ed25519: ed25519-key ed25519-csr sign-ed25519-csr pk12-ed25519 + +rsa4096: rsa4096-key rsa4096-csr sign-rsa4096-csr pk12-rsa4096 + +clean: + rm rustcryp.to.key rustcryp.to.csr rustcryp.to.crt + +## Server Cert Keys + +ed25519-key: + openssl genpkey -algorithm ED25519 > rustcryp.to.ed25519.key + +rsa4096-key: + openssl genrsa -out rustcryp.to.rsa4096.key 4096 + +## CA + +ca-rsa4096-key: + openssl genrsa -out ca.rsa4096.key 4096 + +ca-rsa4096-crt: ca-rsa4096-key + openssl req -x509 -new -nodes -key ca.rsa4096.key -out ca.rsa4096.crt \ + -subj /C=XX/ST=YY/L=Antarctica/O=RustCrypto/OU=Contributors/CN=ca.rustcryp.to + +## CSR + +ed25519-csr: + openssl req -new -out rustcryp.to.ed25519.csr -key rustcryp.to.ed25519.key -config openssl.cnf + +rsa4096-csr: rsa4096-key + openssl req -new -out rustcryp.to.rsa4096.csr -key rustcryp.to.rsa4096.key -config cert.cnf + + +## Sign PKCS10 CA certified + +ca-sign-rsa4096-csr: + openssl x509 -req \ + -in rustcryp.to.rsa4096.csr \ + -out rustcryp.to.rsa4096.ca_signed.crt \ + -CA ca.rsa4096.crt \ + -CAkey ca.rsa4096.key \ + -CAcreateserial \ + -days 30 \ + -extensions v3_end \ + -extfile openssl.cnf + +## Sign PKCS10 self-certified + +sign-ed25591-csr: + openssl x509 -req -days 30 -in rustcryp.to.ed25519.csr -signkey rustcryp.to.ed25519.key -out rustcryp.to.ed25519.crt + +sign-rsa4096-csr: + openssl x509 -req -days 30 -in rustcryp.to.rsa4096csr -signkey rustcryp.to.rsa4096.key -out rustcryp.to.rsa4096.crt + +## Export PKCS12 + +pk12-ed25519: + openssl pkcs12 -export -out rustcryp.to.ed25519.pfx -inkey rustcryp.to.ed25519.key -in rustcryp.to.ed25519.crt -passout pass:test + +pk12-rsa4096: + openssl pkcs12 -export -out rustcryp.to.rsa4096.pfx -inkey rustcryp.to.rsa4096.key -in rustcryp.to.rsa4096.crt -passout pass:test + diff --git a/certs/ca.rsa4096.crt b/certs/ca.rsa4096.crt new file mode 100644 index 0000000..4f52d2e --- /dev/null +++ b/certs/ca.rsa4096.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFyTCCA7GgAwIBAgIUZx1B7o0SWeXhfT02gERB5Hb9G4wwDQYJKoZIhvcNAQEL +BQAwdDELMAkGA1UEBhMCWFgxCzAJBgNVBAgMAllZMRMwEQYDVQQHDApBbnRhcmN0 +aWNhMRMwEQYDVQQKDApSdXN0Q3J5cHRvMRUwEwYDVQQLDAxDb250cmlidXRvcnMx +FzAVBgNVBAMMDmNhLnJ1c3RjcnlwLnRvMB4XDTI0MDMxODA4MzQzN1oXDTI0MDQx +NzA4MzQzN1owdDELMAkGA1UEBhMCWFgxCzAJBgNVBAgMAllZMRMwEQYDVQQHDApB +bnRhcmN0aWNhMRMwEQYDVQQKDApSdXN0Q3J5cHRvMRUwEwYDVQQLDAxDb250cmli +dXRvcnMxFzAVBgNVBAMMDmNhLnJ1c3RjcnlwLnRvMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAh1c9EIxYfevzH7mA+GBNwnDs72Wz5hRRwuP0Or+ujhwI +0nJOBZbxVdqEQRkMCqMDjinUwup1iYHyAzGEVoUNuM3GrC0grhkxc540x47m0YRz +ncCcSgh/dvGVpjlKR33V91dCwHp7LcgegbpoWaGhg+Vu03l0GrLV0ICsmeSPk1qW +5BLW/G6xnSzRjNKnty3U38JwFGvxW+8qs53L8HNYEqFRPlNiS8DgZdtMk+5bgZW9 +Zw7QSTANTsjDUC+E5E5kY9Bedgcg4nMaOpxI3wbeWguNa8Vj+i/jFERFG034fYo4 +oEWB95djGfIL0ULuRbi6JtrHprTJzzQciRpxGXYQl+Txa7jAaoSPZu4I4V4Gh3kh +OUQJGp12LYOcJ36oyruLnliquXrG2YtEwqNV5OyEPKtFUai99l+f54wLKgSNQpvo +phu4OogYFJmC21DqG7XejnYOSjwITWaWt86ee9Q1AQT+JSRp/f+7qM71yUoAH2OJ +dvuauFN2VTHKtR0csmzOEZvTmRXj+ykxdn7i4kAvAVE8RdaiNK/i/dKmV40oQTe3 +eiW7dVa34pl8yQcpJoAi+r/APYpPyh61NOb2Fk4GdF3uXs2muPfHU6WEfmzCow1P +6ZyBRkcktJOztK4PNBykcx7yV0C3L5KPmAi85iAKsvWE4anJugiMxd5bWV9xZ9cC +AwEAAaNTMFEwHQYDVR0OBBYEFHmJDp40jGidJyLW7XHCkfm7KkBwMB8GA1UdIwQY +MBaAFHmJDp40jGidJyLW7XHCkfm7KkBwMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggIBAATry9irnXdVpOF9aFoveqhL452DyNoEF8xJyL0URxauaq84 +F15tLM5fjTX//uOcabYBBIbFwgVtgFtGwkh/HxhzQOpVjli96sxTkYgRpgVXXgT+ +0EPpqDXiRQV94NfcGOXQPImL5GVFbM46FEOvBy0AMiBqlU1eha1z9nbub0r2HD0h +Pu/4OuU8YBenl4RCgB6HsuLYr54dRiHLw+QzryUcot2ItzxpOaFcDS9uMlVb8E14 +MJV/szLKyT9mYQyseMMhOH+HBKZO6zfBedpRZcVQkQpKJ9YG25ZIHevVjSTHpLBZ +kNqkhlS40VemY/BnDGsVWaJHPbW4mPr9uSRB37J2wZR62Tsbyjauou56rTDBQkwd +m1wq7JADyKhwh5aAfee9qhuCPe3Y9bSjx0M9M9pfWCizdEDajvW8vAcK1a55TMvc +udh5vlwvinp5PCISGxuzI/8AAlw+O/fmI7z3oOGsOP0ckZ2GOOJX2DO1AzNX8EXV +N2AFD5kwxVm0GRiiy8DWnHwVEUbp3znYCdBPtU2Q2uRN60hIiEgIWXG4vtclCOoy +PV34tsQM6brspFGZ5UE7rZGoOmj6zFaoUSRSmdpD/X09w3n4iNjut6UmT2D1vwn6 +aEI3s84ezzexw7hCiyzMVe7ZK5vWHFmhUuvi1+J1WzqF60dIh6MEX/MFSHjI +-----END CERTIFICATE----- diff --git a/certs/ca.rsa4096.key b/certs/ca.rsa4096.key new file mode 100644 index 0000000..9743a34 --- /dev/null +++ b/certs/ca.rsa4096.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCHVz0QjFh96/Mf +uYD4YE3CcOzvZbPmFFHC4/Q6v66OHAjSck4FlvFV2oRBGQwKowOOKdTC6nWJgfID +MYRWhQ24zcasLSCuGTFznjTHjubRhHOdwJxKCH928ZWmOUpHfdX3V0LAenstyB6B +umhZoaGD5W7TeXQastXQgKyZ5I+TWpbkEtb8brGdLNGM0qe3LdTfwnAUa/Fb7yqz +ncvwc1gSoVE+U2JLwOBl20yT7luBlb1nDtBJMA1OyMNQL4TkTmRj0F52ByDicxo6 +nEjfBt5aC41rxWP6L+MUREUbTfh9ijigRYH3l2MZ8gvRQu5FuLom2semtMnPNByJ +GnEZdhCX5PFruMBqhI9m7gjhXgaHeSE5RAkanXYtg5wnfqjKu4ueWKq5esbZi0TC +o1Xk7IQ8q0VRqL32X5/njAsqBI1Cm+imG7g6iBgUmYLbUOobtd6Odg5KPAhNZpa3 +zp571DUBBP4lJGn9/7uozvXJSgAfY4l2+5q4U3ZVMcq1HRyybM4Rm9OZFeP7KTF2 +fuLiQC8BUTxF1qI0r+L90qZXjShBN7d6Jbt1VrfimXzJBykmgCL6v8A9ik/KHrU0 +5vYWTgZ0Xe5ezaa498dTpYR+bMKjDU/pnIFGRyS0k7O0rg80HKRzHvJXQLcvko+Y +CLzmIAqy9YThqcm6CIzF3ltZX3Fn1wIDAQABAoICADGyXhDyiBgNCSSQGISb0FHi +543suYd11KQM0oS0GCPEtZSZNn8k8w+EguXojZxmSYrtX1wHfgt1NOnpR+ABUY2X +uilFFOf5BkifQmA44Bb1XQMDVCB3SF7jzQDRrq3bzjLZzwAguZSRFGqsiV7IVCe7 +mtt6kKCxJIRAi6Ci5fnE3P140Yq2FvBRIc1lGQLRiIZ1vnQxQtpwUyzLd7SeliuZ +It0Q/1ozw/KC+XakouNNmdP7A46sX2abn+SU3mZ7Rq/ENrt+WJvuiiYVd0i2G/XS +oiZ9v/2Bkg/CFeI12lY26B4qB9RjuZcwYxh/TEE72NclpQRZBHXae9P4aqlfyi2D +xxQzQQZebX7Tut5tkyeQGxRxk789DxqZxHbTkCuL7PXS+VaTgcK5pAL7m1Y+3ysc +GhSwVH6QgeghY8m1LCMNGRT3ZObpUfDk4/Bl9oP6FLo31Rkz9+RnQyjktzDEXlEy +4QMhYv5hES6rypA9VW9oJmsnpWeJSNhUFKjKsyRhWGG3bKLXgTzZMGNyEOwliaV1 +FybsccdWD1K447kpmkUn8bQayDM76JDBOcLI5cc4Ddl6i1HOcdGDbGWxTeSvgGAr +boUBGf3wXxOeJsT4KTVs1OCeCswnPnOr5jDhPUVIr8Nttf5B2BxknbH6W3KjGxUJ +EMsdQke1Q+pO661dYvEZAoIBAQC7PPYwFx1QsJk8xqrAVpD8pLktjxxtNzNHjZcm +CtPsG3A4dmdIhducZYJxB9KYo7+rii2AchvnetIUd5fcj173if1BCJtv67/3/IqN +kb7GR6l+YvY+JPmDUjcf1Jq00cPe5aBpTbR7UycGzzcqr/SDWrek2Y5S7d+liZu/ +1RkBthhKXZ+vBLIpAjJhH4IvcfFta5tzZ3mvY7NigWGiE5SN3yNu+WAAUFIea3mU +RW61ftnzvFHHhHQfw7Kr26nSVyqn1vsq7TavTDXrBwozLeqTN/GeNgcH4K3aUitM +NLDMrTV1szv1NsHnDhn3qhzBSzrf1P3GhDb1+BY1Le/TysaTAoIBAQC5CzCWGu2z +p1h7bHcZEdRjoSRUTT3ODhF4EzIVddZB6CKjOqfHjXcKcrzt7pvqWwlc0iR7mXJx +E4kF4UIV40Vb4cqwLbVuessK79x4mAf/NX2zKHixD3XPbAgCHTCfvj1cBwedZcwY +pAoIIocwDMpBqL0165CLLsv7MlXImFb60EjkNNCE4XkJZ7bk1grcpati4LfLrNAs +SUjh9vZED9N//0tF5du4w6jtwm43k9ZIDNH6FFIe8YFHWzHP1eJYrMUv2wZ+nqtP +OaPmvUpdnr7xvrkU+CyI4kah9TlvJjeMzZ0cC7cpmwVAbJqg95XuIMAyeZT/M8zi +AyozNuB/UYAtAoIBAQC5j6MU6fN9omdbmjBjSeeK2t1Cz5AGlSxW/3YKl7SLTG4d +JwsZDsAk8V0jE/Ocnrw4D0sk/vG0qT5GVnfEeLpPbQv2Rcd2Vhf8duYBg62j6CWM +Qht0X0SA5xwGibeA+Fq8LqqZcg8qIbCNyRMNVTBodaGG2K16dpCtCAG5TkHoNkVA +fiThWTAQAENZidaFmtD/9iMrbiNktNR1DXBrJiiVqcz+EFsaNIAN8cmeLmmXqc3r +Bnmt2BEV4ebS93IIKab2i9KEKm+Fr2vIL0PmkNznZgwpFbZGEl95/PE4JwgI8KgI +q8cCMHBewtTtZEP3NM12Qyn2cdXeUy3/KjWCmnXNAoIBAEFeoptkh/SfebKgbrJ8 +iftoQd1GLD9O2P0CSv8p0bcWuqXPYtYsM5GNVxD26j2wS25vDlRbsQIhVJavLRlu +YGJFMcVrYFzXJEOI2OoBS1HtI6rW8UwbmhLcpzeX+EV2f1azZQ1FmQRbbu/QwtFG +s2zen3kc7sM8lPL4pTVoG9IfIqD7x24p+QhJi2Lr+opYPGOB32wkcKY0fXrWM8l3 +jc/58C2RNj3fYR4dQbKAl4J8hPFDnH8x8emzXbV+aafJ4R820OSKSRqD0lMBK/RG +0E22gsvVoGX7CdjNOKz7Y0RqnsX5nYslKIXJ2BZlYKHvD/bE3M4LDqYJWC8fg892 +i0ECggEAXi2lJdFFcsu8o7LYnFz4wIjC0CUuhyRvN66BtD8ggdtnKE2Isggr6EXZ +wzekEWYesNBC4gCYWZSf5uqW5oUs5hpbeW0G8ktFZ4fsMgVkSlMGTwpXGwW8v+d1 +hMeI9PtX4JvfbpYtWqLsjpnSf+l0i07vxAa4movzHs/iYF1/XBxZweGELSpNvyYa +l/7mD55D9XGNPiIo5cNdxya0hvOByVA8HCLf3D1bA9D4cs21OeZirG0YnCQyYmW+ +EqBiJDXPDdzCsBFAFxiRJTkNypBn7P+AWSYHVAOhJTh2sQqA2gNEemQLTajemgpa +CFPGysTiqjSznXbv6loyTwp2Cs1PoA== +-----END PRIVATE KEY----- diff --git a/certs/cert.cnf b/certs/cert.cnf new file mode 100644 index 0000000..6f97235 --- /dev/null +++ b/certs/cert.cnf @@ -0,0 +1,21 @@ +[req] +default_bits = 4096 +prompt = no +default_md = sha256 +req_extensions = req_ext +distinguished_name = dn + +[ dn ] +C=XX +ST=YY +L=Antarctica +O=Contributors +OU=Testers +emailAddress=hello@rustcryp.to +CN = test.rustcryp.to + +[ req_ext ] +subjectAltName = @alt_names + +[ alt_names ] +DNS.1 = localhost diff --git a/certs/openssl.cnf b/certs/openssl.cnf new file mode 100644 index 0000000..eb94919 --- /dev/null +++ b/certs/openssl.cnf @@ -0,0 +1,23 @@ +[ v3_end ] +basicConstraints = critical,CA:false +keyUsage = nonRepudiation, digitalSignature +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always +subjectAltName = @alt_names + +[ v3_client ] +basicConstraints = critical,CA:false +keyUsage = nonRepudiation, digitalSignature +extendedKeyUsage = critical, clientAuth +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer:always + +[ v3_inter ] +subjectKeyIdentifier = hash +extendedKeyUsage = critical, serverAuth, clientAuth +basicConstraints = CA:true +keyUsage = cRLSign, keyCertSign, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign + +[ alt_names ] +DNS.1 = www.rustcryp.to +DNS.3 = localhost diff --git a/certs/rustcryp.to.rsa4096.ca_signed.crt b/certs/rustcryp.to.rsa4096.ca_signed.crt new file mode 100644 index 0000000..ba2217d --- /dev/null +++ b/certs/rustcryp.to.rsa4096.ca_signed.crt @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGszCCBJugAwIBAgIULBS6esIThT88ao9+pOZd5y/bJ70wDQYJKoZIhvcNAQEL +BQAwdDELMAkGA1UEBhMCWFgxCzAJBgNVBAgMAllZMRMwEQYDVQQHDApBbnRhcmN0 +aWNhMRMwEQYDVQQKDApSdXN0Q3J5cHRvMRUwEwYDVQQLDAxDb250cmlidXRvcnMx +FzAVBgNVBAMMDmNhLnJ1c3RjcnlwLnRvMB4XDTI0MDMxODA4MzU1OVoXDTI0MDQx +NzA4MzU1OVowgZUxCzAJBgNVBAYTAlhYMQswCQYDVQQIDAJZWTETMBEGA1UEBwwK +QW50YXJjdGljYTEVMBMGA1UECgwMQ29udHJpYnV0b3JzMRAwDgYDVQQLDAdUZXN0 +ZXJzMSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BydXN0Y3J5cC50bzEZMBcGA1UEAwwQ +dGVzdC5ydXN0Y3J5cC50bzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AKOL3HYFIrHcRSSSEcddktLIm1Yf24src2TgKA6ELmFPHqeV0iKNLfNibGfj/NGl +ajFy+SB/bf2koD+MBQiTWVvkO7csZPl/aK3ShqzLqlkGDzGjkudE8BusY+Fn9cPB +/2dsUSaV0FT4yJvPgzQqRqUryMqPe9DVLZ4Lk6O9o22Br71UVOfdVhVu9HqpKydB +7VdHor8PbDej+xqTiZdmkyTleRHqL4QdsB8OG1L/VtHaEuoOrrKgSy/SAxu8fXyI +xZEHue+aUS5OMKu8T9A5yApS+VNGsJ0e5ysqVCS8DjQ/YbtPI1BuTmvlL1KqDdQZ +BzT6yfzAW15hs8X3QBy2DPMFNZiWL6QKeXYULkVIs46im+J2Yc4ZHAXPYpZIvT45 +B3OjQEmuDxLNyW0oCJG4fZagXT06NhsI0q14E52QqpAXXRfPe1DEZ4TG0mL4tKVH +wqZ1QR1nDzWS2d4Jd7vdYVIHYtQ5cqelJg/h9pt07GtjvsO9rWBNtb34COOkAazj +mPKDPTKHHI5omOoHwUAZIbKVFA5B2oaxAspzRX9xYQW4Ua/YICFuPnbVnCFUrkFV +KPq4uX8RoEQQ3qRo/MehAB0uZJWay6qM53luWiMlrIXbwaZu5zXA4i42WGTwVh6N +4C1P0lOwfPRcIXhj1sB0paY1bjVkBGLSbxVXUTxm15bBAgMBAAGjggEZMIIBFTAM +BgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUfB1gPr/ENxOfGfNK +GlFpRutlMnQwgbEGA1UdIwSBqTCBpoAUeYkOnjSMaJ0nItbtccKR+bsqQHCheKR2 +MHQxCzAJBgNVBAYTAlhYMQswCQYDVQQIDAJZWTETMBEGA1UEBwwKQW50YXJjdGlj +YTETMBEGA1UECgwKUnVzdENyeXB0bzEVMBMGA1UECwwMQ29udHJpYnV0b3JzMRcw +FQYDVQQDDA5jYS5ydXN0Y3J5cC50b4IUZx1B7o0SWeXhfT02gERB5Hb9G4wwJQYD +VR0RBB4wHIIPd3d3LnJ1c3RjcnlwLnRvgglsb2NhbGhvc3QwDQYJKoZIhvcNAQEL +BQADggIBAIRW8ysLc+woHqLh5yhghSe4uswtoWDZI9XFFLbssl8FNsbwMn8+nSiX +FYSsyOxyGpPyJaqya0zfMwrZikz7dJcbjz/a6R5DHM04PaYodlH4GROWxKl2XcW4 +q3523tJFJ8I1sbC3FXN3XNQubRPWfrxqUqLz5thefA+i4A81AG8bMT0oZtbtNt3s +iBj+FyRH3XgdE3Hx/X7d8PyUWDnii/1/bp81Q1+zfzBu3Ex3YsfdVUwdJ7+fvnAb ++LJTyVOuMIbwQFoQp2HL4VeBZpdPB7rTLqIL1NCUN5NbG2PeVT3VIZDzoT82903v +b1CqVRawcsMfHAu8vqkWzjTXjLuACoMA0sUeDcnnY53e8SeSfeRX5KDm3KIVE1NJ +JD/2lPfldnIdDwWHbM4AUrEm1896NkrP2bbrFOp4+cjxU5PZnXl9RNFpCCi0Pf4h +B0LSg88ltfnjGAkeXOPxHLfhqmXGHuIlnautbGRBB9m44qmeKNcSbqlP0wULQ+mW +sstteuGHtCQnvKKmlux6RylWFkEki8U0LTE/LWB8BBKqrcB6YmaE8vZR9RWY2V39 +vyszzi3vqTO6Wz4aVXs7mruRZMT5RbanVDPws4ehB/Dysj38AebYTlspJY1yzPwm +OALJkg4Sah/sLShN+OGHPTpjshiMSnFjrO2VlOoMIFR6JGqTSAcR +-----END CERTIFICATE----- diff --git a/certs/rustcryp.to.rsa4096.csr b/certs/rustcryp.to.rsa4096.csr new file mode 100644 index 0000000..29acfd1 --- /dev/null +++ b/certs/rustcryp.to.rsa4096.csr @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFAjCCAuoCAQAwgZUxCzAJBgNVBAYTAlhYMQswCQYDVQQIDAJZWTETMBEGA1UE +BwwKQW50YXJjdGljYTEVMBMGA1UECgwMQ29udHJpYnV0b3JzMRAwDgYDVQQLDAdU +ZXN0ZXJzMSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BydXN0Y3J5cC50bzEZMBcGA1UE +AwwQdGVzdC5ydXN0Y3J5cC50bzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAKOL3HYFIrHcRSSSEcddktLIm1Yf24src2TgKA6ELmFPHqeV0iKNLfNibGfj +/NGlajFy+SB/bf2koD+MBQiTWVvkO7csZPl/aK3ShqzLqlkGDzGjkudE8BusY+Fn +9cPB/2dsUSaV0FT4yJvPgzQqRqUryMqPe9DVLZ4Lk6O9o22Br71UVOfdVhVu9Hqp +KydB7VdHor8PbDej+xqTiZdmkyTleRHqL4QdsB8OG1L/VtHaEuoOrrKgSy/SAxu8 +fXyIxZEHue+aUS5OMKu8T9A5yApS+VNGsJ0e5ysqVCS8DjQ/YbtPI1BuTmvlL1Kq +DdQZBzT6yfzAW15hs8X3QBy2DPMFNZiWL6QKeXYULkVIs46im+J2Yc4ZHAXPYpZI +vT45B3OjQEmuDxLNyW0oCJG4fZagXT06NhsI0q14E52QqpAXXRfPe1DEZ4TG0mL4 +tKVHwqZ1QR1nDzWS2d4Jd7vdYVIHYtQ5cqelJg/h9pt07GtjvsO9rWBNtb34COOk +AazjmPKDPTKHHI5omOoHwUAZIbKVFA5B2oaxAspzRX9xYQW4Ua/YICFuPnbVnCFU +rkFVKPq4uX8RoEQQ3qRo/MehAB0uZJWay6qM53luWiMlrIXbwaZu5zXA4i42WGTw +Vh6N4C1P0lOwfPRcIXhj1sB0paY1bjVkBGLSbxVXUTxm15bBAgMBAAGgJzAlBgkq +hkiG9w0BCQ4xGDAWMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsF +AAOCAgEANfssW3NTIcZEZ5G7dh91NJzzMkQ+FtKH25eVgDqt5kfeTFP2+bicsMOT +bAj8JUEaSAvhg6tub9acYGdSbvjSjzb5mE/ZULoVZGPTa8uKhiGlMozYFjOPi0P1 +Fp90Pvb2UKKLSnunP9VgjtqVB0yHOCl5AJxFshyXqIFUJBPWJSNDLIDE4NF9MpPL +xWmQ2cOQvgs6YrETxDVw4NrExODDCGszTXeboCyef/ajAe9QXSy2G3MPcR6aBFly +K9qs63VqFOM8iOgtmfX4dKNqfryBq5MuknrqqrdLSWIebpE+mXnr6xU0bs1BjLqp +JG2ODTRSstrUZZdo35w7O5MS+GYcqwWzD9wPkWbRW6GMdc3/RnZJE1OcbSQ1HZwT +SR2DzqNwAfLwcmglQhy7DgXzcRzNlnjtHfflkCuzr+PL3D9s/ao/FngkuZ7Yh1pm +RLNRtDIEIFdasrWvAf5HPX7NDAL2/KTEUCPtKVmuyeaQSXqEwAhZvCFVkrP3yUz1 +EcGT8I4jhrF5QrtqHvnUezrICZNXYcBMB80Of6DvnRQkOLlqFc1Nj5FRp/cMKzkM +igUfBYyeP8AVZmNWjweBhc3VAie7mUBpWDgEGtyY1BSf1AapWggfXvrnNOhlvrJq +41m0ef+mk1mFC2rgqDAQj1cI5lp0oPZX3KHFFfl+hFbd9ig7rXQ= +-----END CERTIFICATE REQUEST----- diff --git a/certs/rustcryp.to.rsa4096.key b/certs/rustcryp.to.rsa4096.key new file mode 100644 index 0000000..9a5d6c5 --- /dev/null +++ b/certs/rustcryp.to.rsa4096.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCji9x2BSKx3EUk +khHHXZLSyJtWH9uLK3Nk4CgOhC5hTx6nldIijS3zYmxn4/zRpWoxcvkgf239pKA/ +jAUIk1lb5Du3LGT5f2it0oasy6pZBg8xo5LnRPAbrGPhZ/XDwf9nbFEmldBU+Mib +z4M0KkalK8jKj3vQ1S2eC5OjvaNtga+9VFTn3VYVbvR6qSsnQe1XR6K/D2w3o/sa +k4mXZpMk5XkR6i+EHbAfDhtS/1bR2hLqDq6yoEsv0gMbvH18iMWRB7nvmlEuTjCr +vE/QOcgKUvlTRrCdHucrKlQkvA40P2G7TyNQbk5r5S9Sqg3UGQc0+sn8wFteYbPF +90ActgzzBTWYli+kCnl2FC5FSLOOopvidmHOGRwFz2KWSL0+OQdzo0BJrg8Szclt +KAiRuH2WoF09OjYbCNKteBOdkKqQF10Xz3tQxGeExtJi+LSlR8KmdUEdZw81ktne +CXe73WFSB2LUOXKnpSYP4fabdOxrY77Dva1gTbW9+AjjpAGs45jygz0yhxyOaJjq +B8FAGSGylRQOQdqGsQLKc0V/cWEFuFGv2CAhbj521ZwhVK5BVSj6uLl/EaBEEN6k +aPzHoQAdLmSVmsuqjOd5blojJayF28Gmbuc1wOIuNlhk8FYejeAtT9JTsHz0XCF4 +Y9bAdKWmNW41ZARi0m8VV1E8ZteWwQIDAQABAoICABzM42zxKJPzu0VeZ70ZEGMI +Krq2732JkE+iXct4oYZHXZmbe57UB9SFb5u3/WyZ2aKNoauEZUU2eXXXXYeOEz1o +as+uBLYfJrr9iPPjBcOZmpFeQd9yN2pYKFqoaRIpFqYK4BuQZFiiWwl9OJi2HSy3 +EiwBqoczE05ysXQzUBVXsjAAKteOFbu+h1UWd1/5bydgmRtWRvNhcDXU53T+/kiQ +FIsAF5AHfl1pqYwrJQndglkvbrpMGhF4xU1cGykUGN6aYrb8EPG7mTyU8+UyV7Th +ucBdgXqZ15G1aY3yg/nVc4t9uzVNx4eem3/OLJM+OROuWmWlJjHvuK3TBbpIoOze +285q6tn5rROoEK+dCO6Gjhd6djbvXIPngO83/+x8XxYOrttDYEcv+RJAQAFopjwv +ulp2ln3TH29RuQ0PyEYiXepQuW4t5cAXP2UnM/MWvQpx2hILONM75V7Ye3OH5T7Z +GPE6LgvaBVSEJdqcxFjCTAkuN3zDUg8/rygAadVx5EhpPwL82l/DW9vFZmgzwOLi +IEYg4r5EmYmoDqNcJ6xYixgef2CQ/Cu3zB+S+CNbRUk0iJDjNFNf1Suwhrr/c5zE +7ueuEjb1bWvhMMC9SANCYtiXXUmdgdd6ahwrtE4oxl72mPqOkKVwkUYKhXt6w8zz +YiSbYYJmf6h4kWaz/GDVAoIBAQDNYUHB1R/CCTXBHGDOiqJT8Q7GmF3XvfdF4xIo +Ug+5TC1ybfS9qCQS+i9vYVC19W42gzvre6SqDz7TTZbJQQLhEtESIRbJxXPU2JfS +HC3198H39LRaEkEWXOcQMEkhh9Q4vaMSYiQvkphYcyXldWTDWsJtoDlaay7WNzIX +ZhAzkGAkNw7anTexIpgasoUQO5KgYt7fQ8k+eGTPxv6W4gJqXSgX7VH6JBmrN+Ob +caC4RFmEcyFjzxunKFaqy23M946V9ckiPz6++1e83v61DmpCXrZQVrl6A82qZISr +E2M0JkOh7bmRIMKyA6xtenm3JziLMfDkJ+d6R2sguRxwxT+vAoIBAQDL2w3biNWt +rMzXzFC7Ad7mEQSEyH+A7jAqDa9y+eNzkDAJRf0jbixpZYo4GqxgnNtr26/Kb+wk +TwMrXUny+EsS7mgK4iiaegGSwsBsd0aSI5frmNniDAz7LVZ95byzzXPRWyoHj2/f +C+FEYwjmdnta4KJNcPh72KScGSuUr4jRn2xiXTKa6+H61i/TrXjoRH6EOhuNEd4i +wc0rh0zdLe1oAlAKB9fDf1eN5w+gtcycykRmTMRiv8bU7UIxZUn8hhnc3u+shdUb ++L8JjQW9U+XSWNLVsy2f8MnQ1hKr86gjqE5oT1wLuYjsRNK7enc5X3gKvw01+Jz4 +xZ9AHPGBBDyPAoIBAQCAZ4QDOcpHOBbhi2qC924R6S6Bv5U8Y0qL6THa/6NRCG2J +k3Fmeg9DxiOOEVuyx6WGc3os+fqzUCDJX0McxIaWTXtlSEbFE6wdsOUKug+KLsKY +0edIQQ1se90C5A1050UpzHZ98doJ3C9fbW6ODV1YPhA9FeWFwGliCNRKiMcsVeGm +Ar5Is+6z0psiZeaHhZdgqzAIiorxgbgVp6ZYkylLcr60Zu3P5G4f/CtTbjE7w4/s +HUcM7dmuIqw80D7v3P7KhwafYMdMBDyQmyLH9CE/KZP2mqIPxPz6wSmpA9AMNLgo +L0bLk53mSiGtuNsMRXs2m5yuKLyyWKCDrvg3ETuFAoIBAC7Z22d3HVTbAAEgrfUs +yuOpSZaS1er10w/3MTmFgObQXpnjAfigm4hlk8ytJKzXn/478TzfWDBIEHxo5lP3 +CJoDPNozfA10uOPX6o2DJC72CzZUXM784gbgNp6crC/Oqi2VfCVcq+NhQZaMBEGj +PVp3ghW2PwWHlt1hU4jKhvFWaHx62uSMDdWuYDOQDNek1kbha++SCbGHRPYaFGpI +4eUjku2bO9VscNzmG8tdvPbT7cBtKD1hwfqxxKLBmq10zIDco8zMvVu+YXl6dbU7 +kPg0/c+rbHLzzg43BPeL+jqntc13X7o6G+PhNWVtEfWXoWkm24xp5PmvwZfkjwSN +yrUCggEAfl7Tn2HFOVYVggPU09gxRAzyO37FAjcge/nPmHqDUXZidvQTyAUj64cU +MC3oviFreC530z/JTgc1qWWWcFHsVE7QYHoFDsXTfwyNE02FtBepOsiYXM2AUcYx +5gI2psoXTFkOSQIDW+DTqndJK2o8HuTANcramhUpcjd5+SvtM2kGqOIv0enRsrhO +qPePpQaDjgVoDGKV4HJ7giAXiMR3Vlp3DSNkOM1kaU6JZckh9T2nz6AWc/y4DBLV +JzMgJlyUreoWKi4VZQQUQsCrBPc/GtcWf3iLwjzHi88T8hURqkla9+I22NAnJ6Zx +YoH2/0Jqixc/g57Y7CLF9IwQiopCXw== +-----END PRIVATE KEY----- diff --git a/tests/http_client.rs b/tests/http_client.rs new file mode 100644 index 0000000..13f5404 --- /dev/null +++ b/tests/http_client.rs @@ -0,0 +1,118 @@ +use std::io::{Read, Write}; + +use std::fs::File; + +use openssl::ssl::{SslMethod, SslAcceptor, SslStream, SslFiletype}; +use std::net::{TcpListener, TcpStream}; +use std::sync::Arc; +use std::thread; +use std::time::Duration; + +use rustls::pki_types::ServerName; +use rustls::pki_types::CertificateDer; + +use rustls_rustcrypto::provider as rustcrypto_provider; + +#[test] +fn local_ping_pong() { + + let listener = TcpListener::bind("127.0.0.1:0").unwrap(); + let server_addr = listener.local_addr().unwrap(); + + let mut ca_pkcs10_file = File::open("certs/ca.rsa4096.crt").unwrap(); + let mut ca_pkcs10_data: Vec = vec![]; + ca_pkcs10_file.read_to_end(&mut ca_pkcs10_data).unwrap(); + let (ca_type_label, ca_data) = pem_rfc7468::decode_vec(&ca_pkcs10_data).unwrap(); + assert_eq!(ca_type_label, "CERTIFICATE"); + let rustls_cert_der: CertificateDer = ca_data.try_into().unwrap(); + + // rustls-rustcrypto Client thread + let client_thread = thread::spawn(move || { + + let mut root_store = rustls::RootCertStore::empty(); + root_store.add(rustls_cert_der).unwrap(); + + let config = rustls::ClientConfig::builder_with_provider(Arc::new(rustcrypto_provider())) + .with_safe_default_protocol_versions().unwrap() + .with_root_certificates(root_store) + .with_no_client_auth(); + + let mut conn = rustls::ClientConnection::new(Arc::new(config), ServerName::try_from("localhost").unwrap()).unwrap(); + let mut sock = TcpStream::connect(server_addr).unwrap(); + let mut tls = rustls::Stream::new(&mut conn, &mut sock); + + tls.write_all(b"PING\n").unwrap(); + + let ciphersuite = tls + .conn + .negotiated_cipher_suite() + .unwrap(); + + let mut plaintext = Vec::new(); + tls.read_to_end(&mut plaintext).unwrap(); + + assert_eq!(core::str::from_utf8(&plaintext), Ok("PONG\n")); + + return; + }); + + let timeout_thread = thread::spawn(move || { + thread::sleep(Duration::from_millis(100)); + panic!("timeout"); + }); + + // OpenSSL Server Handler + let server_thread = thread::spawn(move || { + for stream in listener.incoming() { + match stream { + Ok(stream) => { + let mut ssl_context_build = openssl::ssl::SslContext::builder(openssl::ssl::SslMethod::tls_server()).unwrap(); + ssl_context_build.set_verify(openssl::ssl::SslVerifyMode::NONE); + ssl_context_build.set_ca_file("certs/ca.rsa4096.crt").unwrap(); + ssl_context_build.set_certificate_file("certs/rustcryp.to.rsa4096.ca_signed.crt", openssl::ssl::SslFiletype::PEM).unwrap(); + ssl_context_build.set_private_key_file("certs/rustcryp.to.rsa4096.key", openssl::ssl::SslFiletype::PEM).unwrap(); + // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_cipher_list + // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_ciphersuites + ssl_context_build.check_private_key().unwrap(); + let ctx = ssl_context_build.build(); + let ssl = openssl::ssl::Ssl::new(&ctx).unwrap(); + + let mut ssl_stream = openssl::ssl::SslStream::new(ssl, stream).unwrap(); + ssl_stream.accept().unwrap(); + let mut buf_in = vec![0; 1024]; + let siz = ssl_stream.ssl_read(&mut buf_in); + + + let incoming = match siz { + Ok(i) => buf_in[0..i].to_vec(), + Err(e) => panic!("Error reading?"), + }; + + assert_eq!(core::str::from_utf8(&incoming), Ok("PING\n")); + + let out = "PONG\n"; + ssl_stream.write(&out.as_bytes()); + + ssl_stream.shutdown().unwrap(); + }, + Err(e) => panic!("Connection failed"), + } + return; + } + + }); + + loop { + thread::sleep(Duration::from_millis(10)); + if client_thread.is_finished() == true && server_thread.is_finished() == true { + break; + } + if timeout_thread.is_finished() == true { + panic!("TIMEOUT"); + } + } + + client_thread.join().expect("Client thread panic"); + server_thread.join().expect("Server thread panic"); + +} From 8fcf7c1154632470f6926f84c84aa8914c0bb10b Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Mon, 18 Mar 2024 21:50:01 +1100 Subject: [PATCH 2/3] Obligatory fmt --- tests/http_client.rs | 65 ++++++++++++++++++++++++++------------------ 1 file changed, 38 insertions(+), 27 deletions(-) diff --git a/tests/http_client.rs b/tests/http_client.rs index 13f5404..458706e 100644 --- a/tests/http_client.rs +++ b/tests/http_client.rs @@ -2,20 +2,19 @@ use std::io::{Read, Write}; use std::fs::File; -use openssl::ssl::{SslMethod, SslAcceptor, SslStream, SslFiletype}; +use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod, SslStream}; use std::net::{TcpListener, TcpStream}; use std::sync::Arc; use std::thread; use std::time::Duration; -use rustls::pki_types::ServerName; use rustls::pki_types::CertificateDer; +use rustls::pki_types::ServerName; use rustls_rustcrypto::provider as rustcrypto_provider; #[test] fn local_ping_pong() { - let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let server_addr = listener.local_addr().unwrap(); @@ -28,31 +27,32 @@ fn local_ping_pong() { // rustls-rustcrypto Client thread let client_thread = thread::spawn(move || { - let mut root_store = rustls::RootCertStore::empty(); root_store.add(rustls_cert_der).unwrap(); - + let config = rustls::ClientConfig::builder_with_provider(Arc::new(rustcrypto_provider())) - .with_safe_default_protocol_versions().unwrap() + .with_safe_default_protocol_versions() + .unwrap() .with_root_certificates(root_store) .with_no_client_auth(); - - let mut conn = rustls::ClientConnection::new(Arc::new(config), ServerName::try_from("localhost").unwrap()).unwrap(); + + let mut conn = rustls::ClientConnection::new( + Arc::new(config), + ServerName::try_from("localhost").unwrap(), + ) + .unwrap(); let mut sock = TcpStream::connect(server_addr).unwrap(); let mut tls = rustls::Stream::new(&mut conn, &mut sock); tls.write_all(b"PING\n").unwrap(); - - let ciphersuite = tls - .conn - .negotiated_cipher_suite() - .unwrap(); - + + let ciphersuite = tls.conn.negotiated_cipher_suite().unwrap(); + let mut plaintext = Vec::new(); tls.read_to_end(&mut plaintext).unwrap(); assert_eq!(core::str::from_utf8(&plaintext), Ok("PONG\n")); - + return; }); @@ -60,46 +60,58 @@ fn local_ping_pong() { thread::sleep(Duration::from_millis(100)); panic!("timeout"); }); - + // OpenSSL Server Handler let server_thread = thread::spawn(move || { for stream in listener.incoming() { match stream { Ok(stream) => { - let mut ssl_context_build = openssl::ssl::SslContext::builder(openssl::ssl::SslMethod::tls_server()).unwrap(); + let mut ssl_context_build = + openssl::ssl::SslContext::builder(openssl::ssl::SslMethod::tls_server()) + .unwrap(); ssl_context_build.set_verify(openssl::ssl::SslVerifyMode::NONE); - ssl_context_build.set_ca_file("certs/ca.rsa4096.crt").unwrap(); - ssl_context_build.set_certificate_file("certs/rustcryp.to.rsa4096.ca_signed.crt", openssl::ssl::SslFiletype::PEM).unwrap(); - ssl_context_build.set_private_key_file("certs/rustcryp.to.rsa4096.key", openssl::ssl::SslFiletype::PEM).unwrap(); + ssl_context_build + .set_ca_file("certs/ca.rsa4096.crt") + .unwrap(); + ssl_context_build + .set_certificate_file( + "certs/rustcryp.to.rsa4096.ca_signed.crt", + openssl::ssl::SslFiletype::PEM, + ) + .unwrap(); + ssl_context_build + .set_private_key_file( + "certs/rustcryp.to.rsa4096.key", + openssl::ssl::SslFiletype::PEM, + ) + .unwrap(); // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_cipher_list // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_ciphersuites ssl_context_build.check_private_key().unwrap(); let ctx = ssl_context_build.build(); let ssl = openssl::ssl::Ssl::new(&ctx).unwrap(); - + let mut ssl_stream = openssl::ssl::SslStream::new(ssl, stream).unwrap(); ssl_stream.accept().unwrap(); let mut buf_in = vec![0; 1024]; let siz = ssl_stream.ssl_read(&mut buf_in); - let incoming = match siz { Ok(i) => buf_in[0..i].to_vec(), Err(e) => panic!("Error reading?"), }; assert_eq!(core::str::from_utf8(&incoming), Ok("PING\n")); - + let out = "PONG\n"; ssl_stream.write(&out.as_bytes()); ssl_stream.shutdown().unwrap(); - }, + } Err(e) => panic!("Connection failed"), } return; } - }); loop { @@ -111,8 +123,7 @@ fn local_ping_pong() { panic!("TIMEOUT"); } } - + client_thread.join().expect("Client thread panic"); server_thread.join().expect("Server thread panic"); - } From 0bffd9dff5a1d7f2d4d5c96de92d87f5c33aa726 Mon Sep 17 00:00:00 2001 From: pinkforest <36498018+pinkforest@users.noreply.github.com> Date: Mon, 18 Mar 2024 21:55:54 +1100 Subject: [PATCH 3/3] nits --- tests/{http_client.rs => bare-ping-poing.rs} | 24 ++++++++------------ 1 file changed, 10 insertions(+), 14 deletions(-) rename tests/{http_client.rs => bare-ping-poing.rs} (83%) diff --git a/tests/http_client.rs b/tests/bare-ping-poing.rs similarity index 83% rename from tests/http_client.rs rename to tests/bare-ping-poing.rs index 458706e..96eb3d6 100644 --- a/tests/http_client.rs +++ b/tests/bare-ping-poing.rs @@ -2,7 +2,7 @@ use std::io::{Read, Write}; use std::fs::File; -use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod, SslStream}; +use openssl::ssl::{SslFiletype, SslMethod, SslStream}; use std::net::{TcpListener, TcpStream}; use std::sync::Arc; use std::thread; @@ -14,7 +14,7 @@ use rustls::pki_types::ServerName; use rustls_rustcrypto::provider as rustcrypto_provider; #[test] -fn local_ping_pong() { +fn vs_openssl_as_client() { let listener = TcpListener::bind("127.0.0.1:0").unwrap(); let server_addr = listener.local_addr().unwrap(); @@ -46,7 +46,7 @@ fn local_ping_pong() { tls.write_all(b"PING\n").unwrap(); - let ciphersuite = tls.conn.negotiated_cipher_suite().unwrap(); + let _ciphersuite = tls.conn.negotiated_cipher_suite().unwrap(); let mut plaintext = Vec::new(); tls.read_to_end(&mut plaintext).unwrap(); @@ -67,8 +67,7 @@ fn local_ping_pong() { match stream { Ok(stream) => { let mut ssl_context_build = - openssl::ssl::SslContext::builder(openssl::ssl::SslMethod::tls_server()) - .unwrap(); + openssl::ssl::SslContext::builder(SslMethod::tls_server()).unwrap(); ssl_context_build.set_verify(openssl::ssl::SslVerifyMode::NONE); ssl_context_build .set_ca_file("certs/ca.rsa4096.crt") @@ -76,14 +75,11 @@ fn local_ping_pong() { ssl_context_build .set_certificate_file( "certs/rustcryp.to.rsa4096.ca_signed.crt", - openssl::ssl::SslFiletype::PEM, + SslFiletype::PEM, ) .unwrap(); ssl_context_build - .set_private_key_file( - "certs/rustcryp.to.rsa4096.key", - openssl::ssl::SslFiletype::PEM, - ) + .set_private_key_file("certs/rustcryp.to.rsa4096.key", SslFiletype::PEM) .unwrap(); // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_cipher_list // https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.set_ciphersuites @@ -91,24 +87,24 @@ fn local_ping_pong() { let ctx = ssl_context_build.build(); let ssl = openssl::ssl::Ssl::new(&ctx).unwrap(); - let mut ssl_stream = openssl::ssl::SslStream::new(ssl, stream).unwrap(); + let mut ssl_stream = SslStream::new(ssl, stream).unwrap(); ssl_stream.accept().unwrap(); let mut buf_in = vec![0; 1024]; let siz = ssl_stream.ssl_read(&mut buf_in); let incoming = match siz { Ok(i) => buf_in[0..i].to_vec(), - Err(e) => panic!("Error reading?"), + Err(_e) => panic!("Error reading?"), }; assert_eq!(core::str::from_utf8(&incoming), Ok("PING\n")); let out = "PONG\n"; - ssl_stream.write(&out.as_bytes()); + ssl_stream.write(&out.as_bytes()).unwrap(); ssl_stream.shutdown().unwrap(); } - Err(e) => panic!("Connection failed"), + Err(_) => panic!("Server connection failed"), } return; }