diff --git a/Cargo.lock b/Cargo.lock index f63ad856..ae956ecf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -637,6 +637,16 @@ dependencies = [ "regex", ] +[[package]] +name = "bcder" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c627747a6774aab38beb35990d88309481378558875a41da1a4b2e373c906ef0" +dependencies = [ + "bytes", + "smallvec", +] + [[package]] name = "bigdecimal" version = "0.4.2" @@ -843,9 +853,9 @@ dependencies = [ "rsa", "rumqttc", "rust-embed", - "rustls", - "rustls-native-certs", - "rustls-pemfile", + "rustls 0.22.2", + "rustls-native-certs 0.7.0", + "rustls-pemfile 2.1.1", "serde", "serde_json", "serde_urlencoded", @@ -1032,6 +1042,19 @@ dependencies = [ "crossbeam-utils", ] +[[package]] +name = "console" +version = "0.15.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0e1f83fc076bd6dd27517eacdf25fef6c4dfe5f1d7448bafaaf3a26f13b5e4eb" +dependencies = [ + "encode_unicode", + "lazy_static", + "libc", + "unicode-width", + "windows-sys 0.52.0", +] + [[package]] name = "const-oid" version = "0.9.5" @@ -1197,7 +1220,18 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fb84100978c1c7b37f09ed3ce3e5f843af02c2a2c431bae5b19230dad2c1b490" dependencies = [ "async-trait", - "deadpool-runtime", + "deadpool-runtime 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)", + "num_cpus", + "tokio", +] + +[[package]] +name = "deadpool" +version = "0.10.0" +source = "git+http://github.com/brocaar/deadpool.git?branch=update_redis#1697c5e198c72ac85c54613c5fc41aefaed09bee" +dependencies = [ + "console", + "deadpool-runtime 0.1.3 (git+http://github.com/brocaar/deadpool.git?branch=update_redis)", "num_cpus", "tokio", ] @@ -1205,10 +1239,9 @@ dependencies = [ [[package]] name = "deadpool-redis" version = "0.14.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "36f2381b0e993d06a1f6d49f486b33bc4004085bf980340fc05726bacc681fff" +source = "git+http://github.com/brocaar/deadpool.git?branch=update_redis#1697c5e198c72ac85c54613c5fc41aefaed09bee" dependencies = [ - "deadpool", + "deadpool 0.10.0 (git+http://github.com/brocaar/deadpool.git?branch=update_redis)", "redis", ] @@ -1217,6 +1250,11 @@ name = "deadpool-runtime" version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "63dfa964fe2a66f3fde91fc70b267fe193d822c7e603e2a675a49a7f46ad3f49" + +[[package]] +name = "deadpool-runtime" +version = "0.1.3" +source = "git+http://github.com/brocaar/deadpool.git?branch=update_redis#1697c5e198c72ac85c54613c5fc41aefaed09bee" dependencies = [ "tokio", ] @@ -1289,7 +1327,7 @@ version = "0.4.1" source = "git+https://github.com/weiznich/diesel_async.git?rev=017ebe2fb7a2709ab5db92148dea5ce812a35e09#017ebe2fb7a2709ab5db92148dea5ce812a35e09" dependencies = [ "async-trait", - "deadpool", + "deadpool 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)", "diesel", "futures-util", "scoped-futures", @@ -1489,6 +1527,12 @@ dependencies = [ "log", ] +[[package]] +name = "encode_unicode" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f" + [[package]] name = "encoding_rs" version = "0.8.33" @@ -1777,8 +1821,8 @@ dependencies = [ "hyper", "hyper-rustls", "ring 0.16.20", - "rustls", - "rustls-pemfile", + "rustls 0.21.10", + "rustls-pemfile 1.0.4", "serde", "serde_json", "thiserror", @@ -2101,10 +2145,10 @@ dependencies = [ "futures-util", "http", "hyper", - "rustls", - "rustls-native-certs", + "rustls 0.21.10", + "rustls-native-certs 0.6.3", "tokio", - "tokio-rustls", + "tokio-rustls 0.24.1", ] [[package]] @@ -3387,9 +3431,9 @@ dependencies = [ [[package]] name = "redis" -version = "0.24.0" +version = "0.25.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c580d9cbbe1d1b479e8d67cf9daf6a62c957e6846048408b80b43ac3f6af84cd" +checksum = "14c442de91f2a085154b1e1b374d5d5edf5bc49d2ebbfdf47e67edd6c2df568d" dependencies = [ "async-trait", "bytes", @@ -3402,15 +3446,15 @@ dependencies = [ "percent-encoding", "pin-project-lite", "rand", - "rustls", - "rustls-native-certs", - "rustls-pemfile", - "rustls-webpki", + "rustls 0.22.2", + "rustls-native-certs 0.7.0", + "rustls-pemfile 2.1.1", + "rustls-pki-types", "ryu", "sha1_smol", - "socket2 0.4.10", + "socket2 0.5.5", "tokio", - "tokio-rustls", + "tokio-rustls 0.25.0", "tokio-util", "url", ] @@ -3499,15 +3543,15 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", - "rustls", - "rustls-native-certs", - "rustls-pemfile", + "rustls 0.21.10", + "rustls-native-certs 0.6.3", + "rustls-pemfile 1.0.4", "serde", "serde_json", "serde_urlencoded", "system-configuration", "tokio", - "tokio-rustls", + "tokio-rustls 0.24.1", "tower-service", "url", "wasm-bindgen", @@ -3608,20 +3652,20 @@ dependencies = [ [[package]] name = "rumqttc" -version = "0.23.0" +version = "0.24.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d8941c6791801b667d52bfe9ff4fc7c968d4f3f9ae8ae7abdaaa1c966feafc8" +checksum = "e1568e15fab2d546f940ed3a21f48bbbd1c494c90c99c4481339364a497f94a9" dependencies = [ "bytes", "flume 0.11.0", "futures-util", "log", - "rustls-native-certs", - "rustls-pemfile", - "rustls-webpki", + "rustls-native-certs 0.7.0", + "rustls-pemfile 2.1.1", + "rustls-webpki 0.102.2", "thiserror", "tokio", - "tokio-rustls", + "tokio-rustls 0.25.0", "url", ] @@ -3724,10 +3768,24 @@ checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" dependencies = [ "log", "ring 0.17.7", - "rustls-webpki", + "rustls-webpki 0.101.7", "sct", ] +[[package]] +name = "rustls" +version = "0.22.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e87c9956bd9807afa1f77e0f7594af32566e830e088a5576d27c5b6f30f49d41" +dependencies = [ + "log", + "ring 0.17.7", + "rustls-pki-types", + "rustls-webpki 0.102.2", + "subtle", + "zeroize", +] + [[package]] name = "rustls-connector" version = "0.18.5" @@ -3735,9 +3793,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "25da151615461c7347114b1ad1a7458b4cdebc69cb220cd140cd5cb324b1dd37" dependencies = [ "log", - "rustls", - "rustls-native-certs", - "rustls-webpki", + "rustls 0.21.10", + "rustls-native-certs 0.6.3", + "rustls-webpki 0.101.7", ] [[package]] @@ -3747,7 +3805,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00" dependencies = [ "openssl-probe", - "rustls-pemfile", + "rustls-pemfile 1.0.4", + "schannel", + "security-framework", +] + +[[package]] +name = "rustls-native-certs" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f1fb85efa936c42c6d5fc28d2629bb51e4b2f4b8a5211e297d599cc5a093792" +dependencies = [ + "openssl-probe", + "rustls-pemfile 2.1.1", + "rustls-pki-types", "schannel", "security-framework", ] @@ -3761,6 +3832,22 @@ dependencies = [ "base64 0.21.5", ] +[[package]] +name = "rustls-pemfile" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f48172685e6ff52a556baa527774f61fcaa884f59daf3375c62a3f1cd2549dab" +dependencies = [ + "base64 0.21.5", + "rustls-pki-types", +] + +[[package]] +name = "rustls-pki-types" +version = "1.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ede67b28608b4c60685c7d54122d4400d90f62b40caee7700e700380a390fa8" + [[package]] name = "rustls-webpki" version = "0.101.7" @@ -3771,6 +3858,17 @@ dependencies = [ "untrusted 0.9.0", ] +[[package]] +name = "rustls-webpki" +version = "0.102.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" +dependencies = [ + "ring 0.17.7", + "rustls-pki-types", + "untrusted 0.9.0", +] + [[package]] name = "rustversion" version = "1.0.14" @@ -4274,7 +4372,7 @@ dependencies = [ "cfg-if", "p12", "rustls-connector", - "rustls-pemfile", + "rustls-pemfile 1.0.4", ] [[package]] @@ -4386,9 +4484,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.35.0" +version = "1.36.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "841d45b238a16291a4e1584e61820b8ae57d696cc5015c459c229ccc6990cc1c" +checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931" dependencies = [ "backtrace", "bytes", @@ -4462,16 +4560,17 @@ dependencies = [ [[package]] name = "tokio-postgres-rustls" -version = "0.10.0" +version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd5831152cb0d3f79ef5523b357319ba154795d64c7078b2daa95a803b54057f" +checksum = "0ea13f22eda7127c827983bdaf0d7fff9df21c8817bab02815ac277a21143677" dependencies = [ "futures", - "ring 0.16.20", - "rustls", + "ring 0.17.7", + "rustls 0.22.2", "tokio", "tokio-postgres", - "tokio-rustls", + "tokio-rustls 0.25.0", + "x509-certificate", ] [[package]] @@ -4494,7 +4593,18 @@ version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" dependencies = [ - "rustls", + "rustls 0.21.10", + "tokio", +] + +[[package]] +name = "tokio-rustls" +version = "0.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f" +dependencies = [ + "rustls 0.22.2", + "rustls-pki-types", "tokio", ] @@ -4812,6 +4922,12 @@ dependencies = [ "tinyvec", ] +[[package]] +name = "unicode-width" +version = "0.1.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85" + [[package]] name = "unicode-xid" version = "0.2.4" @@ -4945,13 +5061,13 @@ dependencies = [ "mime_guess", "percent-encoding", "pin-project", - "rustls-pemfile", + "rustls-pemfile 1.0.4", "scoped-tls", "serde", "serde_json", "serde_urlencoded", "tokio", - "tokio-rustls", + "tokio-rustls 0.24.1", "tokio-stream", "tokio-util", "tower-service", @@ -5259,6 +5375,25 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "x509-certificate" +version = "0.23.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "66534846dec7a11d7c50a74b7cdb208b9a581cad890b7866430d438455847c85" +dependencies = [ + "bcder", + "bytes", + "chrono", + "der", + "hex", + "pem", + "ring 0.17.7", + "signature", + "spki", + "thiserror", + "zeroize", +] + [[package]] name = "x509-parser" version = "0.15.1" @@ -5291,3 +5426,17 @@ name = "zeroize" version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.40", +] diff --git a/Cargo.toml b/Cargo.toml index 081345f8..07c0e6b8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,3 +20,5 @@ diesel = { git = "https://github.com/diesel-rs/diesel.git", rev = "566dcccc6df6a # Remove if diesel-async > 0.4.1 diesel-async = { git = "https://github.com/weiznich/diesel_async.git", rev = "017ebe2fb7a2709ab5db92148dea5ce812a35e09" } + +deadpool-redis = { git = "http://github.com/brocaar/deadpool.git", branch = "update_redis" } \ No newline at end of file diff --git a/chirpstack-integration/Cargo.toml b/chirpstack-integration/Cargo.toml index 4d1011db..9d82b032 100644 --- a/chirpstack-integration/Cargo.toml +++ b/chirpstack-integration/Cargo.toml @@ -10,7 +10,7 @@ [dependencies] chirpstack_api = { path = "../api/rust", version = "4.7.0-test.3" } - redis = { version = "0.24", features = [ + redis = { version = "0.25", features = [ "cluster-async", "tokio-rustls-comp", ] } diff --git a/chirpstack-integration/src/lib.rs b/chirpstack-integration/src/lib.rs index b483ab65..5c66caae 100644 --- a/chirpstack-integration/src/lib.rs +++ b/chirpstack-integration/src/lib.rs @@ -95,7 +95,9 @@ enum RedisClient { impl RedisClient { async fn get_async_connection(&self) -> Result { match self { - RedisClient::Client(c) => Ok(RedisConnection::Client(c.get_async_connection().await?)), + RedisClient::Client(c) => Ok(RedisConnection::Client( + c.get_multiplexed_async_connection().await?, + )), RedisClient::ClusterClient(c) => Ok(RedisConnection::ClusterClient( c.get_async_connection().await?, )), @@ -104,7 +106,7 @@ impl RedisClient { } enum RedisConnection { - Client(redis::aio::Connection), + Client(redis::aio::MultiplexedConnection), ClusterClient(redis::cluster_async::ClusterConnection), } diff --git a/chirpstack/Cargo.toml b/chirpstack/Cargo.toml index 43116f82..24b8869a 100644 --- a/chirpstack/Cargo.toml +++ b/chirpstack/Cargo.toml @@ -35,9 +35,9 @@ diesel = { version = "2.1", features = [ diesel_migrations = { version = "2.1" } diesel-async = { version = "0.4", features = ["deadpool", "postgres", "async-connection-wrapper"] } tokio-postgres = "0.7" -tokio-postgres-rustls = "0.10.0" +tokio-postgres-rustls = "0.11" bigdecimal = "0.4" -redis = { version = "0.24", features = [ "tls-rustls", "tokio-rustls-comp"] } +redis = { version = "0.25.1", features = [ "tls-rustls", "tokio-rustls-comp"] } deadpool-redis = { version = "0.14", features = ["cluster"] } # Logging @@ -101,16 +101,16 @@ anyhow = "1.0" pbkdf2 = { version = "0.12", features = ["simple"] } rand_core = { version = "0.6", features = ["std"] } jsonwebtoken = "9.2" -rustls = "0.21" -rustls-native-certs = "0.6" -rustls-pemfile = "1.0" +rustls = "0.22" +rustls-native-certs = "0.7" +rustls-pemfile = "2.0" rsa = "0.9" rcgen = { version = "0.12", features = [ "x509-parser" ] } openidconnect = { version = "3.3", features = ["accept-rfc3339-timestamps"] } oauth2 = "4.4" # MQTT -rumqttc = { version = "0.23", features = ["url"] } +rumqttc = { version = "0.24", features = ["url"] } hex = "0.4" # Codecs diff --git a/chirpstack/src/gateway/backend/mqtt.rs b/chirpstack/src/gateway/backend/mqtt.rs index 325e0396..c7e9ee5b 100644 --- a/chirpstack/src/gateway/backend/mqtt.rs +++ b/chirpstack/src/gateway/backend/mqtt.rs @@ -143,12 +143,10 @@ impl<'a> MqttBackend<'a> { let client_conf = if conf.tls_cert.is_empty() && conf.tls_key.is_empty() { rustls::ClientConfig::builder() - .with_safe_defaults() .with_root_certificates(root_certs.clone()) .with_no_client_auth() } else { rustls::ClientConfig::builder() - .with_safe_defaults() .with_root_certificates(root_certs.clone()) .with_client_auth_cert(load_cert(&conf.tls_cert)?, load_key(&conf.tls_key)?)? }; diff --git a/chirpstack/src/helpers/tls.rs b/chirpstack/src/helpers/tls.rs index 493d92c1..8a48a53d 100644 --- a/chirpstack/src/helpers/tls.rs +++ b/chirpstack/src/helpers/tls.rs @@ -2,48 +2,52 @@ use std::fs::File; use std::io::BufReader; use anyhow::{Context, Result}; +use rustls::pki_types::{CertificateDer, PrivateKeyDer}; // Return root certificates, optionally with the provided ca_file appended. pub fn get_root_certs(ca_file: Option) -> Result { let mut roots = rustls::RootCertStore::empty(); - let certs = rustls_native_certs::load_native_certs()?; - let certs: Vec<_> = certs.into_iter().map(|cert| cert.0).collect(); - roots.add_parsable_certificates(&certs); + for cert in rustls_native_certs::load_native_certs()? { + roots.add(cert)?; + } if let Some(ca_file) = &ca_file { let f = File::open(ca_file).context("Open CA certificate")?; let mut reader = BufReader::new(f); - let certs = rustls_pemfile::certs(&mut reader)?; - for cert in certs - .into_iter() - .map(rustls::Certificate) - .collect::>() - { - roots.add(&cert)?; + let certs = rustls_pemfile::certs(&mut reader); + for cert in certs { + if let Ok(cert) = cert { + roots.add(cert)?; + } } } Ok(roots) } -pub fn load_cert(cert_file: &str) -> Result> { +pub fn load_cert(cert_file: &str) -> Result>> { let f = File::open(cert_file).context("Open TLS certificate")?; let mut reader = BufReader::new(f); - let certs = rustls_pemfile::certs(&mut reader)?; - let certs = certs - .into_iter() - .map(rustls::Certificate) - .collect::>(); - Ok(certs) + let certs = rustls_pemfile::certs(&mut reader); + let mut out = Vec::new(); + for cert in certs { + out.push(cert?.into_owned()); + } + Ok(out) } -pub fn load_key(key_file: &str) -> Result { +pub fn load_key(key_file: &str) -> Result> { let f = File::open(key_file).context("Open private key")?; let mut reader = BufReader::new(f); - let mut keys = rustls_pemfile::pkcs8_private_keys(&mut reader)?; - match keys.len() { - 0 => Err(anyhow!("No private key found")), - 1 => Ok(rustls::PrivateKey(keys.remove(0))), - _ => Err(anyhow!("More than one private key found")), + let mut keys = rustls_pemfile::pkcs8_private_keys(&mut reader); + if let Some(key) = keys.next() { + match key { + Ok(v) => return Ok(PrivateKeyDer::Pkcs8(v.clone_key())), + Err(e) => { + return Err(anyhow!("Error parsing private key, error: {}", e)); + } + } } + + Err(anyhow!("No private key found")) } diff --git a/chirpstack/src/integration/mqtt.rs b/chirpstack/src/integration/mqtt.rs index 05fa9d5e..4dc53ef4 100644 --- a/chirpstack/src/integration/mqtt.rs +++ b/chirpstack/src/integration/mqtt.rs @@ -110,12 +110,10 @@ impl<'a> Integration<'a> { let client_conf = if conf.tls_cert.is_empty() && conf.tls_key.is_empty() { rustls::ClientConfig::builder() - .with_safe_defaults() .with_root_certificates(root_certs.clone()) .with_no_client_auth() } else { rustls::ClientConfig::builder() - .with_safe_defaults() .with_root_certificates(root_certs.clone()) .with_client_auth_cert(load_cert(&conf.tls_cert)?, load_key(&conf.tls_key)?)? }; diff --git a/chirpstack/src/integration/postgresql/mod.rs b/chirpstack/src/integration/postgresql/mod.rs index ee8a3e63..ae043505 100644 --- a/chirpstack/src/integration/postgresql/mod.rs +++ b/chirpstack/src/integration/postgresql/mod.rs @@ -240,7 +240,6 @@ fn pg_establish_connection(config: &str) -> BoxFuture BoxFuture