-
Notifications
You must be signed in to change notification settings - Fork 126
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add ssl-native-tls feature allowing using native-tls as an SSL backend
native-tls is a crate that will pick the platforms native TLS implementation depending on the chosen build target
- Loading branch information
Showing
7 changed files
with
195 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
use crate::connection::Connection; | ||
use crate::util::refined_tcp_stream::Stream as RefinedStream; | ||
use std::error::Error; | ||
use std::io::{Read, Write}; | ||
use std::net::{Shutdown, SocketAddr}; | ||
use std::sync::{Arc, Mutex}; | ||
use zeroize::Zeroizing; | ||
|
||
/// A wrapper around a `native_tls` stream. | ||
/// | ||
/// Uses an internal Mutex to permit disparate reader & writer threads to access the stream independently. | ||
#[derive(Clone)] | ||
pub(crate) struct NativeTlsStream(Arc<Mutex<native_tls::TlsStream<Connection>>>); | ||
|
||
// These struct methods form the implict contract for swappable TLS implementations | ||
impl NativeTlsStream { | ||
pub(crate) fn peer_addr(&mut self) -> std::io::Result<Option<SocketAddr>> { | ||
self.0 | ||
.lock() | ||
.expect("Failed to lock SSL stream mutex") | ||
.get_mut() | ||
.peer_addr() | ||
} | ||
|
||
pub(crate) fn shutdown(&mut self, how: Shutdown) -> std::io::Result<()> { | ||
self.0 | ||
.lock() | ||
.expect("Failed to lock SSL stream mutex") | ||
.get_mut() | ||
.shutdown(how) | ||
} | ||
} | ||
|
||
impl Read for NativeTlsStream { | ||
fn read(&mut self, buf: &mut [u8]) -> std::io::Result<usize> { | ||
self.0 | ||
.lock() | ||
.expect("Failed to lock SSL stream mutex") | ||
.read(buf) | ||
} | ||
} | ||
|
||
impl Write for NativeTlsStream { | ||
fn write(&mut self, buf: &[u8]) -> std::io::Result<usize> { | ||
self.0 | ||
.lock() | ||
.expect("Failed to lock SSL stream mutex") | ||
.write(buf) | ||
} | ||
|
||
fn flush(&mut self) -> std::io::Result<()> { | ||
self.0 | ||
.lock() | ||
.expect("Failed to lock SSL stream mutex") | ||
.flush() | ||
} | ||
} | ||
|
||
pub(crate) struct NativeTlsContext(native_tls::TlsAcceptor); | ||
|
||
impl NativeTlsContext { | ||
pub fn from_pem( | ||
certificates: Vec<u8>, | ||
private_key: Zeroizing<Vec<u8>>, | ||
) -> Result<Self, Box<dyn Error + Send + Sync>> { | ||
let identity = native_tls::Identity::from_pkcs8(&certificates, &private_key)?; | ||
let acceptor = native_tls::TlsAcceptor::new(identity)?; | ||
Ok(Self(acceptor)) | ||
} | ||
|
||
pub fn accept( | ||
&self, | ||
stream: Connection, | ||
) -> Result<NativeTlsStream, Box<dyn Error + Send + Sync + 'static>> { | ||
let stream = self.0.accept(stream)?; | ||
Ok(NativeTlsStream(Arc::new(Mutex::new(stream)))) | ||
} | ||
} | ||
|
||
impl From<NativeTlsStream> for RefinedStream { | ||
fn from(stream: NativeTlsStream) -> Self { | ||
RefinedStream::Https(stream) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters