colin/hickory-dns
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update tokio-tls and native-tls (#562)

Browse Source 
* update tokio-tls and native-tls

* update changelog

* fix native-tls dev dep for server tests
This commit is contained in:
Benjamin Fry 2018-09-27 07:48:48 -07:00 committed by GitHub
parent 16cc45d94b
commit 2953e43b6b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 47 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -11,7 +11,6 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- feature `dns-over-https-rustls` *experimental*
- new configuration options for tls, see `server/tests/named_test_configs/dns_over_tls_rustls_and_openssl.toml`
### Changed
- *breaking* Overhauled all `ClientFuture` implementations to align with new `DnsExchange` and `DnsMultiplexer` components in proto.
@ -19,6 +18,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- *breaking* `Client` has more type parameters, these match with the same types returned by the `*ClientConnection` constructors
- *breaking* all default features, removed: "dns-over-openssl", "dnssec-openssl". Use --features=dns-over-openssl,dnssec-openssl to enable
- feature `tls` renamed to `dns-over-openssl`
- upgraded `native-tls` and `tokio-tls` to 0.2
## 0.14.0

12
native-tls/Cargo.toml
View File

@ -44,15 +44,15 @@ name = "trust_dns_native_tls"
path = "src/lib.rs"
[dependencies]
futures = "^0.1.17"
native-tls = "^0.1"
tokio-tcp = "^0.1"
tokio-tls = "^0.1"
futures = "0.1.17"
native-tls = "0.2"
tokio-tcp = "0.1"
tokio-tls = "0.2"
# disables default features, i.e. openssl...
trust-dns-proto = { version = "^0.5.0-alpha", path = "../proto", default-features = false }
trust-dns-proto = { version = "0.5.0-alpha", path = "../proto", default-features = false }
[dev-dependencies]
tokio = "^0.1.6"
tokio = "0.1.6"
## Commented out until MTLS support is complete
# [target.'cfg(target_os = "linux")'.dependencies]

12
native-tls/src/tests.rs
View File

@ -78,8 +78,7 @@ fn tls_client_stream_test(server_addr: IpAddr, mtls: bool) {
}
panic!("timeout");
})
.unwrap();
}).unwrap();
let server_path = env::var("TDNS_SERVER_SRC_ROOT").unwrap_or("../server".to_owned());
println!("using server src path: {}", server_path);
@ -99,9 +98,9 @@ fn tls_client_stream_test(server_addr: IpAddr, mtls: bool) {
let server_handle = thread::Builder::new()
.name("test_tls_client_stream:server".to_string())
.spawn(move || {
let pkcs12 = native_tls::Pkcs12::from_der(&server_pkcs12_der, "mypass")
.expect("Pkcs12::from_der");
let mut tls = TlsAcceptor::builder(pkcs12).expect("build with pkcs12 failed");
let pkcs12 = native_tls::Identity::from_pkcs12(&server_pkcs12_der, "mypass")
.expect("Identity::from_pkcs12");
let mut tls = TlsAcceptor::builder(pkcs12);
// #[cfg(target_os = "linux")]
// {
@ -165,8 +164,7 @@ fn tls_client_stream_test(server_addr: IpAddr, mtls: bool) {
// println!("wrote bytes iter: {}", i);
std::thread::yield_now();
}
})
.unwrap();
}).unwrap();
// let the server go first
std::thread::yield_now();

47
native-tls/src/tls_stream.rs
View File

@ -13,9 +13,9 @@ use std::net::SocketAddr;
use futures::sync::mpsc::unbounded;
use futures::{future, Future, IntoFuture};
use native_tls::Protocol::Tlsv12;
use native_tls::{Certificate, Pkcs12, TlsConnector};
use native_tls::{Certificate, Identity, TlsConnector};
use tokio_tcp::TcpStream as TokioTcpStream;
use tokio_tls::{TlsConnectorExt, TlsStream as TokioTlsStream};
use tokio_tls::{TlsConnector as TokioTlsConnector, TlsStream as TokioTlsStream};
use trust_dns_proto::tcp::TcpStream;
use trust_dns_proto::xfer::BufStreamHandle;
@ -23,36 +23,16 @@ use trust_dns_proto::xfer::BufStreamHandle;
/// A TlsStream counterpart to the TcpStream which embeds a secure TlsStream
pub type TlsStream = TcpStream<TokioTlsStream<TokioTcpStream>>;
fn tls_new(certs: Vec<Certificate>, pkcs12: Option<Pkcs12>) -> io::Result<TlsConnector> {
let mut builder = TlsConnector::builder().map_err(|e| {
io::Error::new(
io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e),
)
})?;
builder.supported_protocols(&[Tlsv12]).map_err(|e| {
io::Error::new(
io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e),
)
})?;
fn tls_new(certs: Vec<Certificate>, pkcs12: Option<Identity>) -> io::Result<TlsConnector> {
let mut builder = TlsConnector::builder();
builder.min_protocol_version(Some(Tlsv12));
for cert in certs {
builder.add_root_certificate(cert).map_err(|e| {
io::Error::new(
io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e),
)
})?;
builder.add_root_certificate(cert);
}
if let Some(pkcs12) = pkcs12 {
builder.identity(pkcs12).map_err(|e| {
io::Error::new(
io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e),
)
})?;
builder.identity(pkcs12);
}
builder.build().map_err(|e| {
io::Error::new(
@ -80,7 +60,7 @@ pub fn tls_from_stream(
/// A builder for the TlsStream
pub struct TlsStreamBuilder {
ca_chain: Vec<Certificate>,
identity: Option<Pkcs12>,
identity: Option<Identity>,
}
impl TlsStreamBuilder {
@ -101,8 +81,8 @@ impl TlsStreamBuilder {
/// Client side identity for client auth in TLS (aka mutual TLS auth)
#[cfg(feature = "mtls")]
pub fn identity(&mut self, pkcs12: Pkcs12) {
self.identity = Some(pkcs12);
pub fn identity(&mut self, identity: Identity) {
self.identity = Some(identity);
}
/// Creates a new TlsStream to the specified name_server
@ -142,7 +122,7 @@ impl TlsStreamBuilder {
let message_sender = BufStreamHandle::new(message_sender);
let tls_connector = match ::tls_stream::tls_new(self.ca_chain, self.identity) {
Ok(c) => c,
Ok(c) => TokioTlsConnector::from(c),
Err(e) => {
return (
Box::new(future::err(e).into_future().map_err(|e| {
@ -163,11 +143,10 @@ impl TlsStreamBuilder {
let stream = Box::new(
tcp.and_then(move |tcp_stream| {
tls_connector
.connect_async(&dns_name, tcp_stream)
.connect(&dns_name, tcp_stream)
.map(move |s| {
TcpStream::from_stream_with_receiver(s, name_server, outbound_messages)
})
.map_err(|e| {
}).map_err(|e| {
io::Error::new(
io::ErrorKind::ConnectionRefused,
format!("tls error: {}", e),

44
server/Cargo.toml
View File

@ -72,32 +72,32 @@ name = "named"
path = "src/named.rs"
[dependencies]
backtrace = "^0.3"
backtrace = "0.3"
bytes = "0.4.9"
chrono = "^0.4"
clap = "^2.27"
env_logger = "^0.5"
chrono = "0.4"
clap = "2.27"
env_logger = "0.5"
failure = "0.1"
futures = "^0.1.17"
futures = "0.1.17"
h2 = { version = "0.1", optional = true }
http = { version = "0.1", optional = true }
lazy_static = "^1.0"
log = "^0.4.1"
rand = "^0.5"
lazy_static = "1.0"
log = "0.4.1"
rand = "0.5"
rusqlite = { version = "0.14.0", features = ["bundled"] }
rustls = { version = "0.13", optional = true }
serde = "^1.0"
serde_derive = "^1.0"
time = "^0.1"
tokio = "^0.1.6"
tokio-executor = "^0.1"
tokio-io = "^0.1"
tokio-reactor = "^0.1"
tokio-rustls = "^0.7"
tokio-tcp = "^0.1"
tokio-timer = "^0.2"
tokio-udp = "^0.1"
toml = "^0.4"
serde = "1.0"
serde_derive = "1.0"
time = "0.1"
tokio = "0.1.6"
tokio-executor = "0.1"
tokio-io = "0.1"
tokio-reactor = "0.1"
tokio-rustls = "0.7"
tokio-tcp = "0.1"
tokio-timer = "0.2"
tokio-udp = "0.1"
toml = "0.4"
trust-dns = { version = "0.15.0-alpha", path = "../client" }
trust-dns-https = { version = "0.1.0-alpha", path = "../https", optional = true }
trust-dns-proto = { version = "0.5.0-alpha", path = "../proto" }
@ -105,6 +105,6 @@ trust-dns-openssl = { version = "0.4.0-alpha", path = "../openssl", optional = t
trust-dns-rustls = { version = "0.4.0-alpha", path = "../rustls", optional = true }
[dev-dependencies]
native-tls = "^0.1"
native-tls = "0.2"
trust-dns-native-tls = { version = "0.4.0-alpha", path = "../native-tls" }
tokio-tls = "^0.1"
tokio-tls = "0.2"