min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rename connectors

This commit is contained in:
Steven Fackler 2016-10-30 19:39:18 -07:00
parent 997e92e052
commit add8e4023e
3 changed files with 50 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
openssl/src/ssl/connector.rs
View File

@ -42,14 +42,14 @@ fn ctx(method: SslMethod) -> Result<SslContextBuilder, ErrorStack> {
Ok(ctx)
}
/// A builder for `ClientConnector`s.
pub struct ClientConnectorBuilder(SslContextBuilder);
/// A builder for `SslConnector`s.
pub struct SslConnectorBuilder(SslContextBuilder);
impl ClientConnectorBuilder {
impl SslConnectorBuilder {
/// Creates a new builder for TLS connections.
///
/// The default configuration is subject to change, and is currently derived from Python.
pub fn new(method: SslMethod) -> Result<ClientConnectorBuilder, ErrorStack> {
pub fn new(method: SslMethod) -> Result<SslConnectorBuilder, ErrorStack> {
let mut ctx = try!(ctx(method));
try!(ctx.set_default_verify_paths());
// From https://github.com/python/cpython/blob/c30098c8c6014f3340a369a31df9c74bdbacc269/Lib/ssl.py#L191
@ -57,7 +57,7 @@ impl ClientConnectorBuilder {
"ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:ECDH+AES128:\
DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH:!aNULL:!eNULL:!MD5:!3DES"));
Ok(ClientConnectorBuilder(ctx))
Ok(SslConnectorBuilder(ctx))
}
/// Returns a shared reference to the inner `SslContextBuilder`.
@ -70,9 +70,9 @@ impl ClientConnectorBuilder {
&mut self.0
}
/// Consumes the builder, returning a `ClientConnector`.
pub fn build(self) -> ClientConnector {
ClientConnector(self.0.build())
/// Consumes the builder, returning a `SslConnector`.
pub fn build(self) -> SslConnector {
SslConnector(self.0.build())
}
}
@ -83,9 +83,9 @@ impl ClientConnectorBuilder {
///
/// OpenSSL's built in hostname verification is used when linking against OpenSSL 1.0.2 or 1.1.0,
/// and a custom implementation is used when linking against OpenSSL 1.0.1.
pub struct ClientConnector(SslContext);
pub struct SslConnector(SslContext);
impl ClientConnector {
impl SslConnector {
/// Initiates a client-side TLS session on a stream.
///
/// The domain is used for SNI and hostname verification.
@ -100,10 +100,10 @@ impl ClientConnector {
}
}
/// A builder for `ServerConnector`s.
pub struct ServerConnectorBuilder(SslContextBuilder);
/// A builder for `SslAcceptor`s.
pub struct SslAcceptorBuilder(SslContextBuilder);
impl ServerConnectorBuilder {
impl SslAcceptorBuilder {
/// Creates a new builder configured to connect to non-legacy clients. This should generally be
/// considered a reasonable default choice.
///
@ -115,7 +115,7 @@ impl ServerConnectorBuilder {
private_key: &PKeyRef,
certificate: &X509Ref,
chain: I)
-> Result<ServerConnectorBuilder, ErrorStack>
-> Result<SslAcceptorBuilder, ErrorStack>
where I: IntoIterator,
I::Item: AsRef<X509Ref>
{
@ -134,7 +134,7 @@ impl ServerConnectorBuilder {
DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:\
EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:\
AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"));
ServerConnectorBuilder::finish_setup(ctx, private_key, certificate, chain)
SslAcceptorBuilder::finish_setup(ctx, private_key, certificate, chain)
}
/// Creates a new builder configured to connect to modern clients.
@ -147,7 +147,7 @@ impl ServerConnectorBuilder {
private_key: &PKeyRef,
certificate: &X509Ref,
chain: I)
-> Result<ServerConnectorBuilder, ErrorStack>
-> Result<SslAcceptorBuilder, ErrorStack>
where I: IntoIterator,
I::Item: AsRef<X509Ref>
{
@ -159,14 +159,14 @@ impl ServerConnectorBuilder {
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\
ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:\
ECDHE-RSA-AES128-SHA256"));
ServerConnectorBuilder::finish_setup(ctx, private_key, certificate, chain)
SslAcceptorBuilder::finish_setup(ctx, private_key, certificate, chain)
}
fn finish_setup<I>(mut ctx: SslContextBuilder,
private_key: &PKeyRef,
certificate: &X509Ref,
chain: I)
-> Result<ServerConnectorBuilder, ErrorStack>
-> Result<SslAcceptorBuilder, ErrorStack>
where I: IntoIterator,
I::Item: AsRef<X509Ref>
{
@ -176,7 +176,7 @@ impl ServerConnectorBuilder {
for cert in chain {
try!(ctx.add_extra_chain_cert(cert.as_ref().to_owned()));
}
Ok(ServerConnectorBuilder(ctx))
Ok(SslAcceptorBuilder(ctx))
}
/// Returns a shared reference to the inner `SslContextBuilder`.
@ -189,9 +189,9 @@ impl ServerConnectorBuilder {
&mut self.0
}
/// Consumes the builder, returning a `ServerConnector`.
pub fn build(self) -> ServerConnector {
ServerConnector(self.0.build())
/// Consumes the builder, returning a `SslAcceptor`.
pub fn build(self) -> SslAcceptor {
SslAcceptor(self.0.build())
}
}
@ -215,11 +215,11 @@ fn setup_curves(_: &mut SslContextBuilder) -> Result<(), ErrorStack> {
///
/// OpenSSL's default configuration is highly insecure. This connector manages the OpenSSL
/// structures, configuring cipher suites, session options, and more.
pub struct ServerConnector(SslContext);
pub struct SslAcceptor(SslContext);
impl ServerConnector {
impl SslAcceptor {
/// Initiates a server-side TLS session on a stream.
pub fn connect<S>(&self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
pub fn accept<S>(&self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
where S: Read + Write
{
let ssl = try!(Ssl::new(&self.0));

28
openssl/src/ssl/mod.rs
View File

@ -1,6 +1,6 @@
//! SSL/TLS support.
//!
//! The `ClientConnector` and `ServerConnector` should be used in most cases - they handle
//! The `SslConnector` and `SslAcceptor` should be used in most cases - they handle
//! configuration of the OpenSSL primitives for you.
//!
//! # Examples
@ -8,11 +8,11 @@
//! To connect as a client to a remote server:
//!
//! ```
//! use openssl::ssl::{SslMethod, ClientConnectorBuilder};
//! use openssl::ssl::{SslMethod, SslConnectorBuilder};
//! use std::io::{Read, Write};
//! use std::net::TcpStream;
//!
//! let connector = ClientConnectorBuilder::new(SslMethod::tls()).unwrap().build();
//! let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build();
//!
//! let stream = TcpStream::connect("google.com:443").unwrap();
//! let mut stream = connector.connect("google.com", stream).unwrap();
@ -27,7 +27,7 @@
//!
//! ```no_run
//! use openssl::pkcs12::Pkcs12;
//! use openssl::ssl::{SslMethod, ServerConnectorBuilder, SslStream};
//! use openssl::ssl::{SslMethod, SslAcceptorBuilder, SslStream};
//! use std::fs::File;
//! use std::io::{Read, Write};
//! use std::net::{TcpListener, TcpStream};
@ -43,11 +43,13 @@
//! let pkcs12 = Pkcs12::from_der(&pkcs12).unwrap();
//! let identity = pkcs12.parse("password123").unwrap();
//!
//! let connector = ServerConnectorBuilder::mozilla_intermediate(
//! SslMethod::tls(), &identity.pkey, &identity.cert, &identity.chain)
//! let acceptor = SslAcceptorBuilder::mozilla_intermediate(SslMethod::tls(),
//! &identity.pkey,
//! &identity.cert,
//! &identity.chain)
//! .unwrap()
//! .build();
//! let connector = Arc::new(connector);
//! let acceptor = Arc::new(acceptor);
//!
//! let listener = TcpListener::bind("0.0.0.0:8443").unwrap();
//!
@ -58,9 +60,9 @@
//! for stream in listener.incoming() {
//! match stream {
//! Ok(stream) => {
//! let connector = connector.clone();
//! let acceptor = acceptor.clone();
//! thread::spawn(move || {
//! let stream = connector.connect(stream).unwrap();
//! let stream = acceptor.accept(stream).unwrap();
//! handle_client(stream);
//! });
//! }
@ -106,8 +108,8 @@ mod tests;
use self::bio::BioMethod;
pub use ssl::connector::{ClientConnectorBuilder, ClientConnector, ServerConnectorBuilder,
ServerConnector};
pub use ssl::connector::{SslConnectorBuilder, SslConnector, SslAcceptorBuilder,
SslAcceptor};
pub use ssl::error::{Error, HandshakeError};
bitflags! {
@ -1161,7 +1163,7 @@ impl Ssl {
/// # Warning
///
/// OpenSSL's default configuration is insecure. It is highly recommended to use
/// `ClientConnector` rather than `Ssl` directly, as it manages that configuration.
/// `SslConnector` rather than `Ssl` directly, as it manages that configuration.
pub fn connect<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
where S: Read + Write
{
@ -1193,7 +1195,7 @@ impl Ssl {
/// # Warning
///
/// OpenSSL's default configuration is insecure. It is highly recommended to use
/// `ServerConnector` rather than `Ssl` directly, as it manages that configuration.
/// `SslAcceptor` rather than `Ssl` directly, as it manages that configuration.
pub fn accept<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
where S: Read + Write
{

20
openssl/src/ssl/tests/mod.rs
View File

@ -18,8 +18,8 @@ use hash::MessageDigest;
use ssl;
use ssl::SSL_VERIFY_PEER;
use ssl::{SslMethod, HandshakeError};
use ssl::{SslContext, SslStream, Ssl, ShutdownResult, ClientConnectorBuilder,
ServerConnectorBuilder, Error};
use ssl::{SslContext, SslStream, Ssl, ShutdownResult, SslConnectorBuilder,
SslAcceptorBuilder, Error};
use x509::X509StoreContextRef;
use x509::X509FileType;
use x509::X509;
@ -1085,7 +1085,7 @@ fn verify_invalid_hostname() {
#[test]
fn connector_valid_hostname() {
let connector = ClientConnectorBuilder::new(SslMethod::tls()).unwrap().build();
let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build();
let s = TcpStream::connect("google.com:443").unwrap();
let mut socket = connector.connect("google.com", s).unwrap();
@ -1101,7 +1101,7 @@ fn connector_valid_hostname() {
#[test]
fn connector_invalid_hostname() {
let connector = ClientConnectorBuilder::new(SslMethod::tls()).unwrap().build();
let connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap().build();
let s = TcpStream::connect("google.com:443").unwrap();
assert!(connector.connect("foobar.com", s).is_err());
@ -1115,19 +1115,19 @@ fn connector_client_server_mozilla_intermediate() {
let t = thread::spawn(move || {
let key = PKey::private_key_from_pem(KEY).unwrap();
let cert = X509::from_pem(CERT).unwrap();
let connector = ServerConnectorBuilder::mozilla_intermediate(SslMethod::tls(),
let connector = SslAcceptorBuilder::mozilla_intermediate(SslMethod::tls(),
&key,
&cert,
None::<X509>)
.unwrap()
.build();
let stream = listener.accept().unwrap().0;
let mut stream = connector.connect(stream).unwrap();
let mut stream = connector.accept(stream).unwrap();
stream.write_all(b"hello").unwrap();
});
let mut connector = ClientConnectorBuilder::new(SslMethod::tls()).unwrap();
let mut connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
connector.context_mut().set_CA_file("test/root-ca.pem").unwrap();
let connector = connector.build();
@ -1150,16 +1150,16 @@ fn connector_client_server_mozilla_modern() {
let key = PKey::private_key_from_pem(KEY).unwrap();
let cert = X509::from_pem(CERT).unwrap();
let connector =
ServerConnectorBuilder::mozilla_modern(SslMethod::tls(), &key, &cert, None::<X509>)
SslAcceptorBuilder::mozilla_modern(SslMethod::tls(), &key, &cert, None::<X509>)
.unwrap()
.build();
let stream = listener.accept().unwrap().0;
let mut stream = connector.connect(stream).unwrap();
let mut stream = connector.accept(stream).unwrap();
stream.write_all(b"hello").unwrap();
});
let mut connector = ClientConnectorBuilder::new(SslMethod::tls()).unwrap();
let mut connector = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
connector.context_mut().set_CA_file("test/root-ca.pem").unwrap();
let connector = connector.build();