update tokio-tls and native-tls (#562)
* update tokio-tls and native-tls * update changelog * fix native-tls dev dep for server tests
This commit is contained in:
parent
16cc45d94b
commit
2953e43b6b
@ -11,7 +11,6 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
||||
- feature `dns-over-https-rustls` *experimental*
|
||||
- new configuration options for tls, see `server/tests/named_test_configs/dns_over_tls_rustls_and_openssl.toml`
|
||||
|
||||
|
||||
### Changed
|
||||
|
||||
- *breaking* Overhauled all `ClientFuture` implementations to align with new `DnsExchange` and `DnsMultiplexer` components in proto.
|
||||
@ -19,6 +18,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
||||
- *breaking* `Client` has more type parameters, these match with the same types returned by the `*ClientConnection` constructors
|
||||
- *breaking* all default features, removed: "dns-over-openssl", "dnssec-openssl". Use --features=dns-over-openssl,dnssec-openssl to enable
|
||||
- feature `tls` renamed to `dns-over-openssl`
|
||||
- upgraded `native-tls` and `tokio-tls` to 0.2
|
||||
|
||||
## 0.14.0
|
||||
|
||||
|
@ -44,15 +44,15 @@ name = "trust_dns_native_tls"
|
||||
path = "src/lib.rs"
|
||||
|
||||
[dependencies]
|
||||
futures = "^0.1.17"
|
||||
native-tls = "^0.1"
|
||||
tokio-tcp = "^0.1"
|
||||
tokio-tls = "^0.1"
|
||||
futures = "0.1.17"
|
||||
native-tls = "0.2"
|
||||
tokio-tcp = "0.1"
|
||||
tokio-tls = "0.2"
|
||||
# disables default features, i.e. openssl...
|
||||
trust-dns-proto = { version = "^0.5.0-alpha", path = "../proto", default-features = false }
|
||||
trust-dns-proto = { version = "0.5.0-alpha", path = "../proto", default-features = false }
|
||||
|
||||
[dev-dependencies]
|
||||
tokio = "^0.1.6"
|
||||
tokio = "0.1.6"
|
||||
|
||||
## Commented out until MTLS support is complete
|
||||
# [target.'cfg(target_os = "linux")'.dependencies]
|
||||
|
@ -78,8 +78,7 @@ fn tls_client_stream_test(server_addr: IpAddr, mtls: bool) {
|
||||
}
|
||||
|
||||
panic!("timeout");
|
||||
})
|
||||
.unwrap();
|
||||
}).unwrap();
|
||||
|
||||
let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or("../server".to_owned());
|
||||
println!("using server src path: {}", server_path);
|
||||
@ -99,9 +98,9 @@ fn tls_client_stream_test(server_addr: IpAddr, mtls: bool) {
|
||||
let server_handle = thread::Builder::new()
|
||||
.name("test_tls_client_stream:server".to_string())
|
||||
.spawn(move || {
|
||||
let pkcs12 = native_tls::Pkcs12::from_der(&server_pkcs12_der, "mypass")
|
||||
.expect("Pkcs12::from_der");
|
||||
let mut tls = TlsAcceptor::builder(pkcs12).expect("build with pkcs12 failed");
|
||||
let pkcs12 = native_tls::Identity::from_pkcs12(&server_pkcs12_der, "mypass")
|
||||
.expect("Identity::from_pkcs12");
|
||||
let mut tls = TlsAcceptor::builder(pkcs12);
|
||||
|
||||
// #[cfg(target_os = "linux")]
|
||||
// {
|
||||
@ -165,8 +164,7 @@ fn tls_client_stream_test(server_addr: IpAddr, mtls: bool) {
|
||||
// println!("wrote bytes iter: {}", i);
|
||||
std::thread::yield_now();
|
||||
}
|
||||
})
|
||||
.unwrap();
|
||||
}).unwrap();
|
||||
|
||||
// let the server go first
|
||||
std::thread::yield_now();
|
||||
|
@ -13,9 +13,9 @@ use std::net::SocketAddr;
|
||||
use futures::sync::mpsc::unbounded;
|
||||
use futures::{future, Future, IntoFuture};
|
||||
use native_tls::Protocol::Tlsv12;
|
||||
use native_tls::{Certificate, Pkcs12, TlsConnector};
|
||||
use native_tls::{Certificate, Identity, TlsConnector};
|
||||
use tokio_tcp::TcpStream as TokioTcpStream;
|
||||
use tokio_tls::{TlsConnectorExt, TlsStream as TokioTlsStream};
|
||||
use tokio_tls::{TlsConnector as TokioTlsConnector, TlsStream as TokioTlsStream};
|
||||
|
||||
use trust_dns_proto::tcp::TcpStream;
|
||||
use trust_dns_proto::xfer::BufStreamHandle;
|
||||
@ -23,36 +23,16 @@ use trust_dns_proto::xfer::BufStreamHandle;
|
||||
/// A TlsStream counterpart to the TcpStream which embeds a secure TlsStream
|
||||
pub type TlsStream = TcpStream<TokioTlsStream<TokioTcpStream>>;
|
||||
|
||||
fn tls_new(certs: Vec<Certificate>, pkcs12: Option<Pkcs12>) -> io::Result<TlsConnector> {
|
||||
let mut builder = TlsConnector::builder().map_err(|e| {
|
||||
io::Error::new(
|
||||
io::ErrorKind::ConnectionRefused,
|
||||
format!("tls error: {}", e),
|
||||
)
|
||||
})?;
|
||||
builder.supported_protocols(&[Tlsv12]).map_err(|e| {
|
||||
io::Error::new(
|
||||
io::ErrorKind::ConnectionRefused,
|
||||
format!("tls error: {}", e),
|
||||
)
|
||||
})?;
|
||||
fn tls_new(certs: Vec<Certificate>, pkcs12: Option<Identity>) -> io::Result<TlsConnector> {
|
||||
let mut builder = TlsConnector::builder();
|
||||
builder.min_protocol_version(Some(Tlsv12));
|
||||
|
||||
for cert in certs {
|
||||
builder.add_root_certificate(cert).map_err(|e| {
|
||||
io::Error::new(
|
||||
io::ErrorKind::ConnectionRefused,
|
||||
format!("tls error: {}", e),
|
||||
)
|
||||
})?;
|
||||
builder.add_root_certificate(cert);
|
||||
}
|
||||
|
||||
if let Some(pkcs12) = pkcs12 {
|
||||
builder.identity(pkcs12).map_err(|e| {
|
||||
io::Error::new(
|
||||
io::ErrorKind::ConnectionRefused,
|
||||
format!("tls error: {}", e),
|
||||
)
|
||||
})?;
|
||||
builder.identity(pkcs12);
|
||||
}
|
||||
builder.build().map_err(|e| {
|
||||
io::Error::new(
|
||||
@ -80,7 +60,7 @@ pub fn tls_from_stream(
|
||||
/// A builder for the TlsStream
|
||||
pub struct TlsStreamBuilder {
|
||||
ca_chain: Vec<Certificate>,
|
||||
identity: Option<Pkcs12>,
|
||||
identity: Option<Identity>,
|
||||
}
|
||||
|
||||
impl TlsStreamBuilder {
|
||||
@ -101,8 +81,8 @@ impl TlsStreamBuilder {
|
||||
|
||||
/// Client side identity for client auth in TLS (aka mutual TLS auth)
|
||||
#[cfg(feature = "mtls")]
|
||||
pub fn identity(&mut self, pkcs12: Pkcs12) {
|
||||
self.identity = Some(pkcs12);
|
||||
pub fn identity(&mut self, identity: Identity) {
|
||||
self.identity = Some(identity);
|
||||
}
|
||||
|
||||
/// Creates a new TlsStream to the specified name_server
|
||||
@ -142,7 +122,7 @@ impl TlsStreamBuilder {
|
||||
let message_sender = BufStreamHandle::new(message_sender);
|
||||
|
||||
let tls_connector = match ::tls_stream::tls_new(self.ca_chain, self.identity) {
|
||||
Ok(c) => c,
|
||||
Ok(c) => TokioTlsConnector::from(c),
|
||||
Err(e) => {
|
||||
return (
|
||||
Box::new(future::err(e).into_future().map_err(|e| {
|
||||
@ -163,11 +143,10 @@ impl TlsStreamBuilder {
|
||||
let stream = Box::new(
|
||||
tcp.and_then(move |tcp_stream| {
|
||||
tls_connector
|
||||
.connect_async(&dns_name, tcp_stream)
|
||||
.connect(&dns_name, tcp_stream)
|
||||
.map(move |s| {
|
||||
TcpStream::from_stream_with_receiver(s, name_server, outbound_messages)
|
||||
})
|
||||
.map_err(|e| {
|
||||
}).map_err(|e| {
|
||||
io::Error::new(
|
||||
io::ErrorKind::ConnectionRefused,
|
||||
format!("tls error: {}", e),
|
||||
|
@ -72,32 +72,32 @@ name = "named"
|
||||
path = "src/named.rs"
|
||||
|
||||
[dependencies]
|
||||
backtrace = "^0.3"
|
||||
backtrace = "0.3"
|
||||
bytes = "0.4.9"
|
||||
chrono = "^0.4"
|
||||
clap = "^2.27"
|
||||
env_logger = "^0.5"
|
||||
chrono = "0.4"
|
||||
clap = "2.27"
|
||||
env_logger = "0.5"
|
||||
failure = "0.1"
|
||||
futures = "^0.1.17"
|
||||
futures = "0.1.17"
|
||||
h2 = { version = "0.1", optional = true }
|
||||
http = { version = "0.1", optional = true }
|
||||
lazy_static = "^1.0"
|
||||
log = "^0.4.1"
|
||||
rand = "^0.5"
|
||||
lazy_static = "1.0"
|
||||
log = "0.4.1"
|
||||
rand = "0.5"
|
||||
rusqlite = { version = "0.14.0", features = ["bundled"] }
|
||||
rustls = { version = "0.13", optional = true }
|
||||
serde = "^1.0"
|
||||
serde_derive = "^1.0"
|
||||
time = "^0.1"
|
||||
tokio = "^0.1.6"
|
||||
tokio-executor = "^0.1"
|
||||
tokio-io = "^0.1"
|
||||
tokio-reactor = "^0.1"
|
||||
tokio-rustls = "^0.7"
|
||||
tokio-tcp = "^0.1"
|
||||
tokio-timer = "^0.2"
|
||||
tokio-udp = "^0.1"
|
||||
toml = "^0.4"
|
||||
serde = "1.0"
|
||||
serde_derive = "1.0"
|
||||
time = "0.1"
|
||||
tokio = "0.1.6"
|
||||
tokio-executor = "0.1"
|
||||
tokio-io = "0.1"
|
||||
tokio-reactor = "0.1"
|
||||
tokio-rustls = "0.7"
|
||||
tokio-tcp = "0.1"
|
||||
tokio-timer = "0.2"
|
||||
tokio-udp = "0.1"
|
||||
toml = "0.4"
|
||||
trust-dns = { version = "0.15.0-alpha", path = "../client" }
|
||||
trust-dns-https = { version = "0.1.0-alpha", path = "../https", optional = true }
|
||||
trust-dns-proto = { version = "0.5.0-alpha", path = "../proto" }
|
||||
@ -105,6 +105,6 @@ trust-dns-openssl = { version = "0.4.0-alpha", path = "../openssl", optional = t
|
||||
trust-dns-rustls = { version = "0.4.0-alpha", path = "../rustls", optional = true }
|
||||
|
||||
[dev-dependencies]
|
||||
native-tls = "^0.1"
|
||||
native-tls = "0.2"
|
||||
trust-dns-native-tls = { version = "0.4.0-alpha", path = "../native-tls" }
|
||||
tokio-tls = "^0.1"
|
||||
tokio-tls = "0.2"
|
Loading…
Reference in New Issue
Block a user