From 30e9d1574774aa9267ca8d4770f9af21f04edb13 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 12 Jan 2017 09:13:54 -0800 Subject: [PATCH 01/23] Derive Debug for TlsStream Closes #1 --- src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index 51af588..b942ec2 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -63,7 +63,7 @@ use std::fmt; use std::path::Path; /// A Hyper stream using native_tls. -#[derive(Clone)] +#[derive(Debug, Clone)] pub struct TlsStream(Arc>>); impl io::Read for TlsStream From 59d66737001710880e7997260911a03ef38965b6 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 12 Jan 2017 09:14:41 -0800 Subject: [PATCH 02/23] Release v0.2.1 --- Cargo.toml | 4 ++-- src/lib.rs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 4695661..86b6c23 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,12 +1,12 @@ [package] name = "hyper-native-tls" -version = "0.2.0" +version = "0.2.1" authors = ["Steven Fackler "] exclude = ["test/*"] license = "MIT/Apache-2.0" description = "native-tls support for Hyper" repository = "https://github.com/sfackler/hyper-native-tls" -documentation = "https://docs.rs/hyper-native-tls/0.2.0/hyper_native_tls" +documentation = "https://docs.rs/hyper-native-tls/0.2.1/hyper_native_tls" readme = "README.md" [dependencies] diff --git a/src/lib.rs b/src/lib.rs index b942ec2..6077ff6 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -40,7 +40,7 @@ //! } //! ``` #![warn(missing_docs)] -#![doc(html_root_url="https://docs.rs/hyper-native-tls/0.2.0")] +#![doc(html_root_url="https://docs.rs/hyper-native-tls/0.2.1")] extern crate antidote; extern crate hyper; extern crate native_tls; From f0bfe6e87c7ae8cc2964bff72a1d1e9f135b5929 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 31 Jan 2017 08:37:04 -0800 Subject: [PATCH 03/23] Reexport native_tls Closes #2 --- src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index 6077ff6..20c4aa7 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -43,7 +43,7 @@ #![doc(html_root_url="https://docs.rs/hyper-native-tls/0.2.1")] extern crate antidote; extern crate hyper; -extern crate native_tls; +pub extern crate native_tls; #[cfg(test)] extern crate hyper_openssl; From 9eee5612216f908dbb6a98912f67f862eee94a3f Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 31 Jan 2017 08:51:57 -0800 Subject: [PATCH 04/23] Release v0.2.2 --- Cargo.toml | 4 ++-- src/lib.rs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 86b6c23..5e5a268 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,12 +1,12 @@ [package] name = "hyper-native-tls" -version = "0.2.1" +version = "0.2.2" authors = ["Steven Fackler "] exclude = ["test/*"] license = "MIT/Apache-2.0" description = "native-tls support for Hyper" repository = "https://github.com/sfackler/hyper-native-tls" -documentation = "https://docs.rs/hyper-native-tls/0.2.1/hyper_native_tls" +documentation = "https://docs.rs/hyper-native-tls/0.2.2/hyper_native_tls" readme = "README.md" [dependencies] diff --git a/src/lib.rs b/src/lib.rs index 20c4aa7..e65069f 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -40,7 +40,7 @@ //! } //! ``` #![warn(missing_docs)] -#![doc(html_root_url="https://docs.rs/hyper-native-tls/0.2.1")] +#![doc(html_root_url="https://docs.rs/hyper-native-tls/0.2.2")] extern crate antidote; extern crate hyper; pub extern crate native_tls; From d1dc7e10d976bc2d866099429dcb7a703b299942 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 2 May 2017 21:12:39 -0700 Subject: [PATCH 05/23] Allow connection without hostname verification --- Cargo.toml | 2 +- src/lib.rs | 26 ++++++++++++++++++++++---- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 5e5a268..331144d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,7 +11,7 @@ readme = "README.md" [dependencies] antidote = "1.0" -native-tls = "0.1" +native-tls = "0.1.2" hyper = "0.10" [dev-dependencies] diff --git a/src/lib.rs b/src/lib.rs index e65069f..b5eab47 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -103,18 +103,31 @@ impl NetworkStream for TlsStream } /// An `SslClient` implementation using native-tls. -pub struct NativeTlsClient(TlsConnector); +pub struct NativeTlsClient { + connector: TlsConnector, + disable_verification: bool, +} impl NativeTlsClient { /// Returns a `NativeTlsClient` with a default configuration. pub fn new() -> native_tls::Result { - TlsConnector::builder().and_then(|b| b.build()).map(NativeTlsClient) + TlsConnector::builder().and_then(|b| b.build()).map(NativeTlsClient::from) + } + + /// If set, the + /// `TlsConnector::danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication` + /// method will be used to connect. + pub fn dannger_disable_hostname_verification(&mut self, disable_verification: bool) { + self.disable_verification = disable_verification; } } impl From for NativeTlsClient { fn from(t: TlsConnector) -> NativeTlsClient { - NativeTlsClient(t) + NativeTlsClient { + connector: t, + disable_verification: false, + } } } @@ -124,7 +137,12 @@ impl SslClient for NativeTlsClient type Stream = TlsStream; fn wrap_client(&self, stream: T, host: &str) -> hyper::Result> { - match self.0.connect(host, stream) { + let stream = if self.disable_verification { + self.connector.danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(stream) + } else { + self.connector.connect(host, stream) + }; + match stream { Ok(s) => Ok(TlsStream(Arc::new(Mutex::new(s)))), Err(e) => Err(hyper::Error::Ssl(Box::new(e))), } From 4a22758ba1dfbe0359d5d74ba7593d5309711aeb Mon Sep 17 00:00:00 2001 From: Sander Maijers Date: Wed, 3 May 2017 16:28:18 +0200 Subject: [PATCH 06/23] Clarify project status Resolves issue #1. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 75c4837..59ea18a 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,10 @@ -# hyper-native-tls +# `hyper-native-tls` [![Build Status](https://travis-ci.org/sfackler/hyper-native-tls.svg?branch=master)](https://travis-ci.org/sfackler/hyper-native-tls) [Documentation](https://docs.rs/hyper-native-tls) -native-tls support for Hyper. +`native-tls` support for Hyper. `hyper-tls` is currently made for async `hyper`, which isn't released yet. ## License From b494ea6810db5d3dba7e9846c30cbd176c88f173 Mon Sep 17 00:00:00 2001 From: Corentin Henry Date: Thu, 18 May 2017 18:04:55 -0700 Subject: [PATCH 07/23] allow clients to add custom root certificates --- src/lib.rs | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index b5eab47..1de75d8 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -52,7 +52,7 @@ extern crate openssl; use antidote::Mutex; use hyper::net::{SslClient, SslServer, NetworkStream}; -use native_tls::{TlsAcceptor, TlsConnector, Pkcs12}; +use native_tls::{TlsAcceptor, TlsConnector, Pkcs12, TlsConnectorBuilder}; use std::net::SocketAddr; use std::time::Duration; use std::error::Error; @@ -108,18 +108,44 @@ pub struct NativeTlsClient { disable_verification: bool, } +/// A `NativeTlsClient` builder. +pub struct NativeTlsClientBuilder(TlsConnectorBuilder); + +impl NativeTlsClientBuilder { + /// Adds a certificate to the set of roots that the connector will trust. + /// + /// The connector will use the system's trust root by default. This method can be used to add + /// to that set when communicating with servers not trusted by the system. + pub fn add_root_certificate(&mut self, cert: native_tls::Certificate) -> native_tls::Result<&mut NativeTlsClientBuilder> { + try!(self.0.add_root_certificate(cert)); + Ok(self) + } + + /// Consumes the builder, returning a `TlsConnector` + pub fn build(self) -> native_tls::Result { + self.0.build().map(NativeTlsClient::from) + } +} + impl NativeTlsClient { /// Returns a `NativeTlsClient` with a default configuration. pub fn new() -> native_tls::Result { TlsConnector::builder().and_then(|b| b.build()).map(NativeTlsClient::from) } + /// Returns a `NativeTlsClient` builder, which can be used to create a `NativeTlsClient` with a + /// custom configuration. + pub fn builder() -> native_tls::Result { + TlsConnector::builder().map(NativeTlsClientBuilder) + } + /// If set, the /// `TlsConnector::danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication` /// method will be used to connect. pub fn dannger_disable_hostname_verification(&mut self, disable_verification: bool) { self.disable_verification = disable_verification; } + } impl From for NativeTlsClient { From 94798b3b11ebba810636dd1213c0dc8f6e47ac07 Mon Sep 17 00:00:00 2001 From: Corentin Henry Date: Thu, 18 May 2017 18:59:31 -0700 Subject: [PATCH 08/23] re-export native_tls::Certificate --- src/lib.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lib.rs b/src/lib.rs index 1de75d8..ad2fcb9 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -62,6 +62,8 @@ use std::sync::Arc; use std::fmt; use std::path::Path; +pub use native_tls::Certificate; + /// A Hyper stream using native_tls. #[derive(Debug, Clone)] pub struct TlsStream(Arc>>); From 9cf37c3a5bc168beedf9088d0adb358d50ddeaa6 Mon Sep 17 00:00:00 2001 From: Corentin Henry Date: Thu, 18 May 2017 19:43:49 -0700 Subject: [PATCH 09/23] test setting custom root cert on client --- src/lib.rs | 14 ++++++++------ test/root-ca.der | Bin 0 -> 1417 bytes 2 files changed, 8 insertions(+), 6 deletions(-) create mode 100644 test/root-ca.der diff --git a/src/lib.rs b/src/lib.rs index ad2fcb9..c12d620 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -258,8 +258,7 @@ mod test { use hyper::{Client, Server}; use hyper::server::{Request, Response, Fresh}; use hyper::net::HttpsConnector; - use hyper_openssl::OpensslClient; - use openssl::ssl::{SslMethod, SslConnectorBuilder}; + use std::fs::File; use std::io::Read; use std::mem; @@ -288,10 +287,13 @@ mod test { let port = listening.socket.port(); mem::forget(listening); - let mut ssl = SslConnectorBuilder::new(SslMethod::tls()).unwrap(); - ssl.builder_mut().set_ca_file("test/root-ca.pem").unwrap(); - let ssl = OpensslClient::from(ssl.build()); - let connector = HttpsConnector::new(ssl); + + let mut buf = Vec::new(); + let _ = File::open("test/root-ca.der").unwrap().read_to_end(&mut buf).unwrap(); + let cert = Certificate::from_der(&buf).unwrap(); + let mut tls_builder = NativeTlsClient::builder().unwrap(); + tls_builder.add_root_certificate(cert).unwrap(); + let connector = HttpsConnector::new(tls_builder.build().unwrap()); let client = Client::with_connector(connector); let mut resp = client.get(&format!("https://localhost:{}", port)).send().unwrap(); diff --git a/test/root-ca.der b/test/root-ca.der new file mode 100644 index 0000000000000000000000000000000000000000..79d1a689dcd07bb75f1c417af021ca61581771c3 GIT binary patch literal 1417 zcmXqLVr?~OV$NN_%*4pV#L2L0a{LuJN2#R-ylk9WZ60mkc^MhGSs4r>4Y>_C*_cCF z*o2uJLk)!u1VJ1Q9vNA9?G4V4PG%;~8H8C+VJc#ySsLP1jJMpk|S)dBHgz~=F()%aHEgP>NU3Tcu zah8)${#D&O7J2^H(nr(8rx;%dIr*#OxZ&-)Uj17PZPy*)6RzZY%)To;U4(f{)v|Zb zw=X*1VMzX@`EY z-}Ai7$N8~CY{wL}gLnQf&3quQ@XBbNoyNnO+X^w8R)0RI@c6}_Xz`S%+EL$CpQ#Bf zIsagF_4bv4VNLH&^Y$!JSQ6NDJNcxPMA6Y1r==HLA3E|->=|etC9vK=nf8w57SebWaYH9wpdIlfY z!kTXayT8=$zICX}qs_EH+B)y4}h#pPN&7+Wv2h!9TM(4StEeo|tJ}=_1lD6ztIc zGQ?E)ou9^DRgc)s_c^}kTJ36b_f9-;nN77rcER3FXXZ)h_w1R-#LURRxH!PT&p;NK zY-Raa#8^ZG{rAnO|5kir#R)m@m2RPG37ao}0w;V~Wflnou?Fl4ctHAvSy&C285#d0 zr#WEe0;V}ehMuJFBCl5Fw7lD-r712``{}mk^jQLoyA#rw?P+EyOh zrF(1g#r<3I{Yy05AI)MosG^Xq^*KrYbIx?59?=K$>J~6eI>s5}dh3&_`<{bEjmN$` zXMe4B=s;fQ3D%p9B}G>ch4OrH@A~|dg(2tdV|MMce|NK#^t}xH>S_?fu#5ZL8_!-# zhCilXYmaIly8eCT)y>NL)Yz|IDxDg!SaRFUl?z<_4PO5_vUA48kXIrm-BXk zzvx<+g|N9z4RCt!^O(czg7xZO_6m9&kmFM9yM5ESwL8Z&I_Z$u+V44G)3^2C-Z}lz zD*0^B+Lq!|cFp}0&g|(fXKGYj@LB)Dg^;`7*2H=r*dOTC>89&cEm`Za`GE6Isd-)# z;@1CCmCgt$TFx@L!sOSj`$hA`_OUUftlT7ZCiUO5XDn5&HM8~|UBi;8Tet0I&d&ZD jDyKM4`aBh>?>zIaPyfy$ceAh(XSJRs?@lQ$-+Kc97ENA8 literal 0 HcmV?d00001 From 99c501a61817766b96e0520b91a87ef8d8856f36 Mon Sep 17 00:00:00 2001 From: Corentin Henry Date: Fri, 19 May 2017 08:39:17 -0700 Subject: [PATCH 10/23] remove dev dependency to openssl --- Cargo.toml | 4 ---- src/lib.rs | 5 ----- 2 files changed, 9 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 331144d..67cd38d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -13,7 +13,3 @@ readme = "README.md" antidote = "1.0" native-tls = "0.1.2" hyper = "0.10" - -[dev-dependencies] -openssl = "0.9" -hyper-openssl = "0.2" diff --git a/src/lib.rs b/src/lib.rs index c12d620..e8976e4 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -45,11 +45,6 @@ extern crate antidote; extern crate hyper; pub extern crate native_tls; -#[cfg(test)] -extern crate hyper_openssl; -#[cfg(test)] -extern crate openssl; - use antidote::Mutex; use hyper::net::{SslClient, SslServer, NetworkStream}; use native_tls::{TlsAcceptor, TlsConnector, Pkcs12, TlsConnectorBuilder}; From 8520bfb6ec9e124932e781f77f0fe8faddee5c84 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Sun, 21 May 2017 23:39:07 -0700 Subject: [PATCH 11/23] typo --- src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib.rs b/src/lib.rs index e8976e4..0518568 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -139,7 +139,7 @@ impl NativeTlsClient { /// If set, the /// `TlsConnector::danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication` /// method will be used to connect. - pub fn dannger_disable_hostname_verification(&mut self, disable_verification: bool) { + pub fn danger_disable_hostname_verification(&mut self, disable_verification: bool) { self.disable_verification = disable_verification; } From f17fe289148f05f61de21eee5311494a30d09cb1 Mon Sep 17 00:00:00 2001 From: Corentin Henry Date: Wed, 24 May 2017 16:19:21 -0700 Subject: [PATCH 12/23] remove NativeTlsClientBuilder NativeTlsClientBuilder was introduced in https://github.com/sfackler/hyper-native-tls/pull/7 As discussed in https://github.com/sfackler/hyper-native-tls/issues/9, this builder is not necessary, because we can already build a NativeTlsClient from a TlsConnector, since NativeTlsClient implements From. --- src/lib.rs | 37 ++++++++----------------------------- 1 file changed, 8 insertions(+), 29 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 0518568..6c01227 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -47,7 +47,7 @@ pub extern crate native_tls; use antidote::Mutex; use hyper::net::{SslClient, SslServer, NetworkStream}; -use native_tls::{TlsAcceptor, TlsConnector, Pkcs12, TlsConnectorBuilder}; +use native_tls::{TlsAcceptor, TlsConnector, Pkcs12}; use std::net::SocketAddr; use std::time::Duration; use std::error::Error; @@ -105,37 +105,12 @@ pub struct NativeTlsClient { disable_verification: bool, } -/// A `NativeTlsClient` builder. -pub struct NativeTlsClientBuilder(TlsConnectorBuilder); - -impl NativeTlsClientBuilder { - /// Adds a certificate to the set of roots that the connector will trust. - /// - /// The connector will use the system's trust root by default. This method can be used to add - /// to that set when communicating with servers not trusted by the system. - pub fn add_root_certificate(&mut self, cert: native_tls::Certificate) -> native_tls::Result<&mut NativeTlsClientBuilder> { - try!(self.0.add_root_certificate(cert)); - Ok(self) - } - - /// Consumes the builder, returning a `TlsConnector` - pub fn build(self) -> native_tls::Result { - self.0.build().map(NativeTlsClient::from) - } -} - impl NativeTlsClient { /// Returns a `NativeTlsClient` with a default configuration. pub fn new() -> native_tls::Result { TlsConnector::builder().and_then(|b| b.build()).map(NativeTlsClient::from) } - /// Returns a `NativeTlsClient` builder, which can be used to create a `NativeTlsClient` with a - /// custom configuration. - pub fn builder() -> native_tls::Result { - TlsConnector::builder().map(NativeTlsClientBuilder) - } - /// If set, the /// `TlsConnector::danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication` /// method will be used to connect. @@ -286,9 +261,13 @@ mod test { let mut buf = Vec::new(); let _ = File::open("test/root-ca.der").unwrap().read_to_end(&mut buf).unwrap(); let cert = Certificate::from_der(&buf).unwrap(); - let mut tls_builder = NativeTlsClient::builder().unwrap(); - tls_builder.add_root_certificate(cert).unwrap(); - let connector = HttpsConnector::new(tls_builder.build().unwrap()); + + let mut tls_connector_builder = TlsConnector::builder().unwrap(); + tls_connector_builder.add_root_certificate(cert).unwrap(); + let tls_connector = tls_connector_builder.build().unwrap(); + + let native_tls_client = NativeTlsClient::from(tls_connector); + let connector = HttpsConnector::new(native_tls_client); let client = Client::with_connector(connector); let mut resp = client.get(&format!("https://localhost:{}", port)).send().unwrap(); From afb26151d65af46dca5ed136e80f8e4d4c70a510 Mon Sep 17 00:00:00 2001 From: Corentin Henry Date: Wed, 24 May 2017 17:06:36 -0700 Subject: [PATCH 13/23] use rust >=1.15.0 for CI unicode-bidi does not build for rust < 1.14.0. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 51650c8..7e78d5d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,6 +2,6 @@ language: rust cache: cargo rust: - nightly -- 1.11.0 +- 1.15.0 script: - cargo test From 1fcd85279bfcad199ace410321285a71d9463f9c Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Wed, 31 May 2017 10:53:35 -0700 Subject: [PATCH 14/23] Mention From impl in docs --- src/lib.rs | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 6c01227..c8d595e 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -107,8 +107,13 @@ pub struct NativeTlsClient { impl NativeTlsClient { /// Returns a `NativeTlsClient` with a default configuration. + /// + /// To customize the configuration, build a `TlsConnector` and then use + /// `NativeTlsClient`'s `From` implementation. pub fn new() -> native_tls::Result { - TlsConnector::builder().and_then(|b| b.build()).map(NativeTlsClient::from) + TlsConnector::builder() + .and_then(|b| b.build()) + .map(NativeTlsClient::from) } /// If set, the @@ -117,7 +122,6 @@ impl NativeTlsClient { pub fn danger_disable_hostname_verification(&mut self, disable_verification: bool) { self.disable_verification = disable_verification; } - } impl From for NativeTlsClient { @@ -153,18 +157,21 @@ pub struct NativeTlsServer(Arc); impl NativeTlsServer { /// Returns a `NativeTlsServer` with a default configuration. + /// + /// To customize the configuration, build a `TlsAcceptor` and then use + /// `NativeTlsServer`'s `From` implementation. pub fn new

(identity: P, password: &str) -> Result where P: AsRef { let mut buf = vec![]; try!(File::open(identity) - .and_then(|mut f| f.read_to_end(&mut buf)) - .map_err(ServerError::Io)); + .and_then(|mut f| f.read_to_end(&mut buf)) + .map_err(ServerError::Io)); let identity = try!(Pkcs12::from_der(&buf, password).map_err(ServerError::Tls)); let acceptor = try!(TlsAcceptor::builder(identity) - .and_then(|b| b.build()) - .map_err(ServerError::Tls)); + .and_then(|b| b.build()) + .map_err(ServerError::Tls)); Ok(acceptor.into()) } } @@ -251,15 +258,18 @@ mod test { let ssl = NativeTlsServer::new("test/identity.p12", "mypass").unwrap(); let server = Server::https("127.0.0.1:0", ssl).unwrap(); - let listening = server.handle(|_: Request, resp: Response| { - resp.send(b"hello").unwrap() - }).unwrap(); + let listening = server + .handle(|_: Request, resp: Response| resp.send(b"hello").unwrap()) + .unwrap(); let port = listening.socket.port(); mem::forget(listening); let mut buf = Vec::new(); - let _ = File::open("test/root-ca.der").unwrap().read_to_end(&mut buf).unwrap(); + let _ = File::open("test/root-ca.der") + .unwrap() + .read_to_end(&mut buf) + .unwrap(); let cert = Certificate::from_der(&buf).unwrap(); let mut tls_connector_builder = TlsConnector::builder().unwrap(); @@ -270,7 +280,10 @@ mod test { let connector = HttpsConnector::new(native_tls_client); let client = Client::with_connector(connector); - let mut resp = client.get(&format!("https://localhost:{}", port)).send().unwrap(); + let mut resp = client + .get(&format!("https://localhost:{}", port)) + .send() + .unwrap(); let mut body = vec![]; resp.read_to_end(&mut body).unwrap(); assert_eq!(body, b"hello"); From f3f702c3ec38fb069959890297a95a0185ab21d5 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Wed, 31 May 2017 10:53:57 -0700 Subject: [PATCH 15/23] Release v0.2.3 --- Cargo.toml | 2 +- src/lib.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 67cd38d..4a1fece 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "hyper-native-tls" -version = "0.2.2" +version = "0.2.3" authors = ["Steven Fackler "] exclude = ["test/*"] license = "MIT/Apache-2.0" diff --git a/src/lib.rs b/src/lib.rs index c8d595e..6257c90 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -40,7 +40,7 @@ //! } //! ``` #![warn(missing_docs)] -#![doc(html_root_url="https://docs.rs/hyper-native-tls/0.2.2")] +#![doc(html_root_url="https://docs.rs/hyper-native-tls/0.2.3")] extern crate antidote; extern crate hyper; pub extern crate native_tls; From f788c80a1fd7b9a2c3c5a9f33bcd15f2af9d8d6b Mon Sep 17 00:00:00 2001 From: Sean McArthur Date: Fri, 2 Jun 2017 15:31:50 -0700 Subject: [PATCH 16/23] add TlsStream::lock and StreamGuard --- src/lib.rs | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/src/lib.rs b/src/lib.rs index 6257c90..9bd1b6e 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -53,6 +53,7 @@ use std::time::Duration; use std::error::Error; use std::io::{self, Read}; use std::fs::File; +use std::ops::{Deref, DerefMut}; use std::sync::Arc; use std::fmt; use std::path::Path; @@ -63,6 +64,15 @@ pub use native_tls::Certificate; #[derive(Debug, Clone)] pub struct TlsStream(Arc>>); +impl TlsStream + where S: io::Read + io::Write +{ + /// Returns a guard around a locked TLS stream. + pub fn lock(&self) -> StreamGuard { + StreamGuard(self.0.lock()) + } +} + impl io::Read for TlsStream where S: io::Read + io::Write { @@ -99,6 +109,27 @@ impl NetworkStream for TlsStream } } +/// A guard around a locked inner `TlsStream`. +pub struct StreamGuard<'a, T: io::Read + io::Write + 'a>(antidote::MutexGuard<'a, native_tls::TlsStream>); + +impl<'a, T> Deref for StreamGuard<'a, T> + where T: io::Read + io::Write + 'a +{ + type Target = native_tls::TlsStream; + + fn deref(&self) -> &Self::Target { + &self.0 + } +} + +impl<'a, T> DerefMut for StreamGuard<'a, T> + where T: io::Read + io::Write + 'a +{ + fn deref_mut(&mut self) -> &mut Self::Target { + &mut self.0 + } +} + /// An `SslClient` implementation using native-tls. pub struct NativeTlsClient { connector: TlsConnector, From c5df951112bed47516405de602207a93381260ca Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Tue, 6 Jun 2017 13:52:55 -0400 Subject: [PATCH 17/23] Release v0.2.4 --- Cargo.toml | 4 ++-- src/lib.rs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 4a1fece..79d4f4e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,12 +1,12 @@ [package] name = "hyper-native-tls" -version = "0.2.3" +version = "0.2.4" authors = ["Steven Fackler "] exclude = ["test/*"] license = "MIT/Apache-2.0" description = "native-tls support for Hyper" repository = "https://github.com/sfackler/hyper-native-tls" -documentation = "https://docs.rs/hyper-native-tls/0.2.2/hyper_native_tls" +documentation = "https://docs.rs/hyper-native-tls/0.2.4/hyper_native_tls" readme = "README.md" [dependencies] diff --git a/src/lib.rs b/src/lib.rs index 9bd1b6e..5b4bd1b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -40,7 +40,7 @@ //! } //! ``` #![warn(missing_docs)] -#![doc(html_root_url="https://docs.rs/hyper-native-tls/0.2.3")] +#![doc(html_root_url="https://docs.rs/hyper-native-tls/0.2.4")] extern crate antidote; extern crate hyper; pub extern crate native_tls; From ea442903e2e7694bf30df185626ab074c178de0c Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Fri, 7 Jul 2017 20:59:10 -0700 Subject: [PATCH 18/23] Note that tokio-tls should be used for 0.11 --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 59ea18a..9f8f088 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,11 @@ [Documentation](https://docs.rs/hyper-native-tls) -`native-tls` support for Hyper. `hyper-tls` is currently made for async `hyper`, which isn't released yet. +`native-tls` support for Hyper 0.10. + +## Warning + +This crate does not support the Tokio-based Hyper 0.11 release. Use the `tokio-tls` crate instead. ## License From 1ec194ff464e549c00004456051084edfa293216 Mon Sep 17 00:00:00 2001 From: equal-l2 Date: Sun, 3 Dec 2017 22:46:34 +0900 Subject: [PATCH 19/23] Bump minimum rustc version to 1.17.0 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 7e78d5d..ee78cb8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,6 +2,6 @@ language: rust cache: cargo rust: - nightly -- 1.15.0 +- 1.17.0 script: - cargo test From 2f1cd969dc900d26cbc80504d4324469098d91c5 Mon Sep 17 00:00:00 2001 From: Ian Date: Mon, 17 Sep 2018 20:37:21 +0300 Subject: [PATCH 20/23] Bump minimum rustc version to 1.21.0 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index ee78cb8..65f600e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,6 +2,6 @@ language: rust cache: cargo rust: - nightly -- 1.17.0 +- 1.21.0 script: - cargo test From 65c5db470976003625228cd9485d6b70911ecd41 Mon Sep 17 00:00:00 2001 From: Ian Date: Sun, 16 Sep 2018 00:27:47 +0300 Subject: [PATCH 21/23] Update native-tls version to 0.2 --- Cargo.toml | 2 +- src/lib.rs | 24 +++++------------------- 2 files changed, 6 insertions(+), 20 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 79d4f4e..9002bcd 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,5 +11,5 @@ readme = "README.md" [dependencies] antidote = "1.0" -native-tls = "0.1.2" +native-tls = "0.2" hyper = "0.10" diff --git a/src/lib.rs b/src/lib.rs index 5b4bd1b..f325a94 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -47,7 +47,7 @@ pub extern crate native_tls; use antidote::Mutex; use hyper::net::{SslClient, SslServer, NetworkStream}; -use native_tls::{TlsAcceptor, TlsConnector, Pkcs12}; +use native_tls::{TlsAcceptor, TlsConnector, Identity}; use std::net::SocketAddr; use std::time::Duration; use std::error::Error; @@ -133,7 +133,6 @@ impl<'a, T> DerefMut for StreamGuard<'a, T> /// An `SslClient` implementation using native-tls. pub struct NativeTlsClient { connector: TlsConnector, - disable_verification: bool, } impl NativeTlsClient { @@ -142,24 +141,15 @@ impl NativeTlsClient { /// To customize the configuration, build a `TlsConnector` and then use /// `NativeTlsClient`'s `From` implementation. pub fn new() -> native_tls::Result { - TlsConnector::builder() - .and_then(|b| b.build()) + TlsConnector::builder().build() .map(NativeTlsClient::from) } - - /// If set, the - /// `TlsConnector::danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication` - /// method will be used to connect. - pub fn danger_disable_hostname_verification(&mut self, disable_verification: bool) { - self.disable_verification = disable_verification; - } } impl From for NativeTlsClient { fn from(t: TlsConnector) -> NativeTlsClient { NativeTlsClient { connector: t, - disable_verification: false, } } } @@ -170,11 +160,7 @@ impl SslClient for NativeTlsClient type Stream = TlsStream; fn wrap_client(&self, stream: T, host: &str) -> hyper::Result> { - let stream = if self.disable_verification { - self.connector.danger_connect_without_providing_domain_for_certificate_verification_and_server_name_indication(stream) - } else { - self.connector.connect(host, stream) - }; + let stream = self.connector.connect(host, stream); match stream { Ok(s) => Ok(TlsStream(Arc::new(Mutex::new(s)))), Err(e) => Err(hyper::Error::Ssl(Box::new(e))), @@ -198,10 +184,10 @@ impl NativeTlsServer { try!(File::open(identity) .and_then(|mut f| f.read_to_end(&mut buf)) .map_err(ServerError::Io)); - let identity = try!(Pkcs12::from_der(&buf, password).map_err(ServerError::Tls)); + let identity = try!(Identity::from_pkcs12(&buf, password).map_err(ServerError::Tls)); let acceptor = try!(TlsAcceptor::builder(identity) - .and_then(|b| b.build()) + .build() .map_err(ServerError::Tls)); Ok(acceptor.into()) } From e6fcdc6bb532fad941f10aa4da1b2cc28333df5d Mon Sep 17 00:00:00 2001 From: Ian Date: Mon, 17 Sep 2018 09:09:35 +0300 Subject: [PATCH 22/23] Update tests --- src/lib.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index f325a94..82a06fa 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -289,8 +289,8 @@ mod test { .unwrap(); let cert = Certificate::from_der(&buf).unwrap(); - let mut tls_connector_builder = TlsConnector::builder().unwrap(); - tls_connector_builder.add_root_certificate(cert).unwrap(); + let mut tls_connector_builder = TlsConnector::builder(); + tls_connector_builder.add_root_certificate(cert); let tls_connector = tls_connector_builder.build().unwrap(); let native_tls_client = NativeTlsClient::from(tls_connector); From 37ee5f74d3cfc465bb591b82ae201c2cf051482d Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Mon, 17 Sep 2018 18:08:10 -0700 Subject: [PATCH 23/23] Release 0.3.0 --- Cargo.toml | 3 +-- src/lib.rs | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 9002bcd..3d9d14e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,12 +1,11 @@ [package] name = "hyper-native-tls" -version = "0.2.4" +version = "0.3.0" authors = ["Steven Fackler "] exclude = ["test/*"] license = "MIT/Apache-2.0" description = "native-tls support for Hyper" repository = "https://github.com/sfackler/hyper-native-tls" -documentation = "https://docs.rs/hyper-native-tls/0.2.4/hyper_native_tls" readme = "README.md" [dependencies] diff --git a/src/lib.rs b/src/lib.rs index 82a06fa..ea4ea91 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -40,7 +40,7 @@ //! } //! ``` #![warn(missing_docs)] -#![doc(html_root_url="https://docs.rs/hyper-native-tls/0.2.4")] +#![doc(html_root_url="https://docs.rs/hyper-native-tls/0.3")] extern crate antidote; extern crate hyper; pub extern crate native_tls;