min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rename connectors

This commit is contained in:
Steven Fackler 2016-10-30 19:39:18 -07:00
parent 997e92e052
commit add8e4023e
3 changed files with 50 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
openssl/src/ssl/connector.rs
View File

@ -42,14 +42,14 @@ fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> {
Ok(ctx) Ok(ctx)
} }
/// A builder for `ClientConnector`s. /// A builder for `SslConnector`s.
pub struct ClientConnectorBuilder(SslContextBuilder); pub struct SslConnectorBuilder(SslContextBuilder);
impl ClientConnectorBuilder { impl SslConnectorBuilder {
/// Creates a new builder for TLS connections. /// Creates a new builder for TLS connections.
/// ///
/// The default configuration is subject to change, and is currently derived from Python. /// The default configuration is subject to change, and is currently derived from Python.
pub fn new(method: SslMethod) -> Result<ClientConnectorBuilder, ErrorStack> { pub fn new(method: SslMethod) -> Result<SslConnectorBuilder, ErrorStack> {
let mut ctx = try!(ctx(method)); let mut ctx = try!(ctx(method));
try!(ctx.set_default_verify_paths()); try!(ctx.set_default_verify_paths());
// From https://github.com/python/cpython/blob/c30098c8c6014f3340a369a31df9c74bdbacc269/Lib/ssl.py#L191 // From https://github.com/python/cpython/blob/c30098c8c6014f3340a369a31df9c74bdbacc269/Lib/ssl.py#L191
@ -57,7 +57,7 @@ impl ClientConnectorBuilder {
"ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:ECDH+AES128:\ "ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:ECDH+AES128:\
DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:!aNULL:!eNULL:!MD5:!3DES")); DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:!aNULL:!eNULL:!MD5:!3DES"));
Ok(ClientConnectorBuilder(ctx)) Ok(SslConnectorBuilder(ctx))
} }
/// Returns a shared reference to the inner `SslContextBuilder`. /// Returns a shared reference to the inner `SslContextBuilder`.
@ -70,9 +70,9 @@ impl ClientConnectorBuilder {
&mut self.0 &mut self.0
} }
/// Consumes the builder, returning a `ClientConnector`. /// Consumes the builder, returning a `SslConnector`.
pub fn build(self) -> ClientConnector { pub fn build(self) -> SslConnector {
ClientConnector(self.0.build()) SslConnector(self.0.build())
} }
} }
@ -83,9 +83,9 @@ impl ClientConnectorBuilder {
/// ///
/// OpenSSL's built in hostname verification is used when linking against OpenSSL 1.0.2 or 1.1.0, /// OpenSSL's built in hostname verification is used when linking against OpenSSL 1.0.2 or 1.1.0,
/// and a custom implementation is used when linking against OpenSSL 1.0.1. /// and a custom implementation is used when linking against OpenSSL 1.0.1.
pub struct ClientConnector(SslContext); pub struct SslConnector(SslContext);
impl ClientConnector { impl SslConnector {
/// Initiates a client-side TLS session on a stream. /// Initiates a client-side TLS session on a stream.
/// ///
/// The domain is used for SNI and hostname verification. /// The domain is used for SNI and hostname verification.
@ -100,10 +100,10 @@ impl ClientConnector {
} }
} }
/// A builder for `ServerConnector`s. /// A builder for `SslAcceptor`s.
pub struct ServerConnectorBuilder(SslContextBuilder); pub struct SslAcceptorBuilder(SslContextBuilder);
impl ServerConnectorBuilder { impl SslAcceptorBuilder {
/// Creates a new builder configured to connect to non-legacy clients. This should generally be /// Creates a new builder configured to connect to non-legacy clients. This should generally be
/// considered a reasonable default choice. /// considered a reasonable default choice.
/// ///
@ -115,7 +115,7 @@ impl ServerConnectorBuilder {
private_key: &PKeyRef, private_key: &PKeyRef,
certificate: &X509Ref, certificate: &X509Ref,
chain: I) chain: I)
-> Result<ServerConnectorBuilder, ErrorStack> -> Result<SslAcceptorBuilder, ErrorStack>
where I: IntoIterator, where I: IntoIterator,
I::Item: AsRef<X509Ref> I::Item: AsRef<X509Ref>
{ {
@ -134,7 +134,7 @@ impl ServerConnectorBuilder {
DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:\ DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:\
EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:\ EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:\
AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS")); AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"));
ServerConnectorBuilder::finish_setup(ctx, private_key, certificate, chain) SslAcceptorBuilder::finish_setup(ctx, private_key, certificate, chain)
} }
/// Creates a new builder configured to connect to modern clients. /// Creates a new builder configured to connect to modern clients.
@ -147,7 +147,7 @@ impl ServerConnectorBuilder {
private_key: &PKeyRef, private_key: &PKeyRef,
certificate: &X509Ref, certificate: &X509Ref,
chain: I) chain: I)
-> Result<ServerConnectorBuilder, ErrorStack> -> Result<SslAcceptorBuilder, ErrorStack>
where I: IntoIterator, where I: IntoIterator,
I::Item: AsRef<X509Ref> I::Item: AsRef<X509Ref>
{ {
@ -159,14 +159,14 @@ impl ServerConnectorBuilder {
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\ ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\
ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:\ ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:\
ECDHE-RSA-AES128-SHA256")); ECDHE-RSA-AES128-SHA256"));
ServerConnectorBuilder::finish_setup(ctx, private_key, certificate, chain) SslAcceptorBuilder::finish_setup(ctx, private_key, certificate, chain)
} }
fn finish_setup<I>(mut ctx: SslContextBuilder, fn finish_setup<I>(mut ctx: SslContextBuilder,
private_key: &PKeyRef, private_key: &PKeyRef,
certificate: &X509Ref, certificate: &X509Ref,
chain: I) chain: I)
-> Result<ServerConnectorBuilder, ErrorStack> -> Result<SslAcceptorBuilder, ErrorStack>
where I: IntoIterator, where I: IntoIterator,
I::Item: AsRef<X509Ref> I::Item: AsRef<X509Ref>
{ {
@ -176,7 +176,7 @@ impl ServerConnectorBuilder {
for cert in chain { for cert in chain {
try!(ctx.add_extra_chain_cert(cert.as_ref().to_owned())); try!(ctx.add_extra_chain_cert(cert.as_ref().to_owned()));
} }
Ok(ServerConnectorBuilder(ctx)) Ok(SslAcceptorBuilder(ctx))
} }
/// Returns a shared reference to the inner `SslContextBuilder`. /// Returns a shared reference to the inner `SslContextBuilder`.
@ -189,9 +189,9 @@ impl ServerConnectorBuilder {
&mut self.0 &mut self.0
} }
/// Consumes the builder, returning a `ServerConnector`. /// Consumes the builder, returning a `SslAcceptor`.
pub fn build(self) -> ServerConnector { pub fn build(self) -> SslAcceptor {
ServerConnector(self.0.build()) SslAcceptor(self.0.build())
} }
} }
@ -215,11 +215,11 @@ fn setup_curves(_: &mut SslContextBuilder) -> Result<(), ErrorStack> {
/// ///
/// OpenSSL's default configuration is highly insecure. This connector manages the OpenSSL /// OpenSSL's default configuration is highly insecure. This connector manages the OpenSSL
/// structures, configuring cipher suites, session options, and more. /// structures, configuring cipher suites, session options, and more.
pub struct ServerConnector(SslContext); pub struct SslAcceptor(SslContext);
impl ServerConnector { impl SslAcceptor {
/// Initiates a server-side TLS session on a stream. /// Initiates a server-side TLS session on a stream.
pub fn connect<S>(&self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> pub fn accept<S>(&self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
where S: Read + Write where S: Read + Write
{ {
let ssl = try!(Ssl::new(&self.0)); let ssl = try!(Ssl::new(&self.0));

28
openssl/src/ssl/mod.rs
View File

@ -1,6 +1,6 @@
//! SSL/TLS support. //! SSL/TLS support.
//! //!
//! The `ClientConnector` and `ServerConnector` should be used in most cases - they handle //! The `SslConnector` and `SslAcceptor` should be used in most cases - they handle
//! configuration of the OpenSSL primitives for you. //! configuration of the OpenSSL primitives for you.
//! //!
//! # Examples //! # Examples
@ -8,11 +8,11 @@
//! To connect as a client to a remote server: //! To connect as a client to a remote server:
//! //!
//! ``` //! ```
//! use openssl::ssl::{SslMethod, ClientConnectorBuilder}; //! use openssl::ssl::{SslMethod, SslConnectorBuilder};
//! use std::io::{Read, Write}; //! use std::io::{Read, Write};
//! use std::net::TcpStream; //! use std::net::TcpStream;
//! //!
//! let connector = ClientConnectorBuilder::new(SslMethod::tls()).unwrap().build(); //! let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build();
//! //!
//! let stream = TcpStream::connect("google.com:443").unwrap(); //! let stream = TcpStream::connect("google.com:443").unwrap();
//! let mut stream = connector.connect("google.com", stream).unwrap(); //! let mut stream = connector.connect("google.com", stream).unwrap();
@ -27,7 +27,7 @@
//! //!
//! ```no_run //! ```no_run
//! use openssl::pkcs12::Pkcs12; //! use openssl::pkcs12::Pkcs12;
//! use openssl::ssl::{SslMethod, ServerConnectorBuilder, SslStream}; //! use openssl::ssl::{SslMethod, SslAcceptorBuilder, SslStream};
//! use std::fs::File; //! use std::fs::File;
//! use std::io::{Read, Write}; //! use std::io::{Read, Write};
//! use std::net::{TcpListener, TcpStream}; //! use std::net::{TcpListener, TcpStream};
@ -43,11 +43,13 @@
//! let pkcs12 = Pkcs12::from_der(&pkcs12).unwrap(); //! let pkcs12 = Pkcs12::from_der(&pkcs12).unwrap();
//! let identity = pkcs12.parse("password123").unwrap(); //! let identity = pkcs12.parse("password123").unwrap();
//! //!
//! let connector = ServerConnectorBuilder::mozilla_intermediate( //! let acceptor = SslAcceptorBuilder::mozilla_intermediate(SslMethod::tls(),
//! SslMethod::tls(), &identity.pkey, &identity.cert, &identity.chain) //! &identity.pkey,
//! &identity.cert,
//! &identity.chain)
//! .unwrap() //! .unwrap()
//! .build(); //! .build();
//! let connector = Arc::new(connector); //! let acceptor = Arc::new(acceptor);
//! //!
//! let listener = TcpListener::bind("0.0.0.0:8443").unwrap(); //! let listener = TcpListener::bind("0.0.0.0:8443").unwrap();
//! //!
@ -58,9 +60,9 @@
//! for stream in listener.incoming() { //! for stream in listener.incoming() {
//! match stream { //! match stream {
//! Ok(stream) => { //! Ok(stream) => {
//! let connector = connector.clone(); //! let acceptor = acceptor.clone();
//! thread::spawn(move || { //! thread::spawn(move || {
//! let stream = connector.connect(stream).unwrap(); //! let stream = acceptor.accept(stream).unwrap();
//! handle_client(stream); //! handle_client(stream);
//! }); //! });
//! } //! }
@ -106,8 +108,8 @@ mod tests;
use self::bio::BioMethod; use self::bio::BioMethod;
pub use ssl::connector::{ClientConnectorBuilder, ClientConnector, ServerConnectorBuilder, pub use ssl::connector::{SslConnectorBuilder, SslConnector, SslAcceptorBuilder,
ServerConnector}; SslAcceptor};
pub use ssl::error::{Error, HandshakeError}; pub use ssl::error::{Error, HandshakeError};
bitflags! { bitflags! {
@ -1161,7 +1163,7 @@ impl Ssl {
/// # Warning /// # Warning
/// ///
/// OpenSSL's default configuration is insecure. It is highly recommended to use /// OpenSSL's default configuration is insecure. It is highly recommended to use
/// `ClientConnector` rather than `Ssl` directly, as it manages that configuration. /// `SslConnector` rather than `Ssl` directly, as it manages that configuration.
pub fn connect<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> pub fn connect<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
where S: Read + Write where S: Read + Write
{ {
@ -1193,7 +1195,7 @@ impl Ssl {
/// # Warning /// # Warning
/// ///
/// OpenSSL's default configuration is insecure. It is highly recommended to use /// OpenSSL's default configuration is insecure. It is highly recommended to use
/// `ServerConnector` rather than `Ssl` directly, as it manages that configuration. /// `SslAcceptor` rather than `Ssl` directly, as it manages that configuration.
pub fn accept<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>> pub fn accept<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
where S: Read + Write where S: Read + Write
{ {

20
openssl/src/ssl/tests/mod.rs
View File

@ -18,8 +18,8 @@ use hash::MessageDigest;
use ssl; use ssl;
use ssl::SSL_VERIFY_PEER; use ssl::SSL_VERIFY_PEER;
use ssl::{SslMethod, HandshakeError}; use ssl::{SslMethod, HandshakeError};
use ssl::{SslContext, SslStream, Ssl, ShutdownResult, ClientConnectorBuilder, use ssl::{SslContext, SslStream, Ssl, ShutdownResult, SslConnectorBuilder,
ServerConnectorBuilder, Error}; SslAcceptorBuilder, Error};
use x509::X509StoreContextRef; use x509::X509StoreContextRef;
use x509::X509FileType; use x509::X509FileType;
use x509::X509; use x509::X509;
@ -1085,7 +1085,7 @@ fn verify_invalid_hostname() {
#[test] #[test]
fn connector_valid_hostname() { fn connector_valid_hostname() {
let connector = ClientConnectorBuilder::new(SslMethod::tls()).unwrap().build(); let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build();
let s = TcpStream::connect("google.com:443").unwrap(); let s = TcpStream::connect("google.com:443").unwrap();
let mut socket = connector.connect("google.com", s).unwrap(); let mut socket = connector.connect("google.com", s).unwrap();
@ -1101,7 +1101,7 @@ fn connector_valid_hostname() {
#[test] #[test]
fn connector_invalid_hostname() { fn connector_invalid_hostname() {
let connector = ClientConnectorBuilder::new(SslMethod::tls()).unwrap().build(); let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build();
let s = TcpStream::connect("google.com:443").unwrap(); let s = TcpStream::connect("google.com:443").unwrap();
assert!(connector.connect("foobar.com", s).is_err()); assert!(connector.connect("foobar.com", s).is_err());
@ -1115,19 +1115,19 @@ fn connector_client_server_mozilla_intermediate() {
let t = thread::spawn(move || { let t = thread::spawn(move || {
let key = PKey::private_key_from_pem(KEY).unwrap(); let key = PKey::private_key_from_pem(KEY).unwrap();
let cert = X509::from_pem(CERT).unwrap(); let cert = X509::from_pem(CERT).unwrap();
let connector = ServerConnectorBuilder::mozilla_intermediate(SslMethod::tls(), let connector = SslAcceptorBuilder::mozilla_intermediate(SslMethod::tls(),
&key, &key,
&cert, &cert,
None::<X509>) None::<X509>)
.unwrap() .unwrap()
.build(); .build();
let stream = listener.accept().unwrap().0; let stream = listener.accept().unwrap().0;
let mut stream = connector.connect(stream).unwrap(); let mut stream = connector.accept(stream).unwrap();
stream.write_all(b"hello").unwrap(); stream.write_all(b"hello").unwrap();
}); });
let mut connector = ClientConnectorBuilder::new(SslMethod::tls()).unwrap(); let mut connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
connector.context_mut().set_CA_file("test/root-ca.pem").unwrap(); connector.context_mut().set_CA_file("test/root-ca.pem").unwrap();
let connector = connector.build(); let connector = connector.build();
@ -1150,16 +1150,16 @@ fn connector_client_server_mozilla_modern() {
let key = PKey::private_key_from_pem(KEY).unwrap(); let key = PKey::private_key_from_pem(KEY).unwrap();
let cert = X509::from_pem(CERT).unwrap(); let cert = X509::from_pem(CERT).unwrap();
let connector = let connector =
ServerConnectorBuilder::mozilla_modern(SslMethod::tls(), &key, &cert, None::<X509>) SslAcceptorBuilder::mozilla_modern(SslMethod::tls(), &key, &cert, None::<X509>)
.unwrap() .unwrap()
.build(); .build();
let stream = listener.accept().unwrap().0; let stream = listener.accept().unwrap().0;
let mut stream = connector.connect(stream).unwrap(); let mut stream = connector.accept(stream).unwrap();
stream.write_all(b"hello").unwrap(); stream.write_all(b"hello").unwrap();
}); });
let mut connector = ClientConnectorBuilder::new(SslMethod::tls()).unwrap(); let mut connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
connector.context_mut().set_CA_file("test/root-ca.pem").unwrap(); connector.context_mut().set_CA_file("test/root-ca.pem").unwrap();
let connector = connector.build(); let connector = connector.build();