ExternalVendorCode/chirpstack
1
0
Fork 0
mirror of https://github.com/chirpstack/chirpstack.git synced 2025-06-17 23:08:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update rustls / tls functions.

Browse Source
This commit is contained in:
Orne Brocaar
2024-03-13 16:23:49 +00:00
parent b118ab56be
commit 26cef0b2ca
10 changed files with 236 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

243
Cargo.lock generated
View File

@ -637,6 +637,16 @@ dependencies = [
"regex", "regex",
] ]
[[package]]
name = "bcder"
version = "0.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c627747a6774aab38beb35990d88309481378558875a41da1a4b2e373c906ef0"
dependencies = [
"bytes",
"smallvec",
]
[[package]] [[package]]
name = "bigdecimal" name = "bigdecimal"
version = "0.4.2" version = "0.4.2"
@ -843,9 +853,9 @@ dependencies = [
"rsa", "rsa",
"rumqttc", "rumqttc",
"rust-embed", "rust-embed",
"rustls", "rustls 0.22.2",
"rustls-native-certs", "rustls-native-certs 0.7.0",
"rustls-pemfile", "rustls-pemfile 2.1.1",
"serde", "serde",
"serde_json", "serde_json",
"serde_urlencoded", "serde_urlencoded",
@ -1032,6 +1042,19 @@ dependencies = [
"crossbeam-utils", "crossbeam-utils",
] ]
[[package]]
name = "console"
version = "0.15.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0e1f83fc076bd6dd27517eacdf25fef6c4dfe5f1d7448bafaaf3a26f13b5e4eb"
dependencies = [
"encode_unicode",
"lazy_static",
"libc",
"unicode-width",
"windows-sys 0.52.0",
]
[[package]] [[package]]
name = "const-oid" name = "const-oid"
version = "0.9.5" version = "0.9.5"
@ -1197,7 +1220,18 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fb84100978c1c7b37f09ed3ce3e5f843af02c2a2c431bae5b19230dad2c1b490" checksum = "fb84100978c1c7b37f09ed3ce3e5f843af02c2a2c431bae5b19230dad2c1b490"
dependencies = [ dependencies = [
"async-trait", "async-trait",
"deadpool-runtime", "deadpool-runtime 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)",
"num_cpus",
"tokio",
]
[[package]]
name = "deadpool"
version = "0.10.0"
source = "git+http://github.com/brocaar/deadpool.git?branch=update_redis#1697c5e198c72ac85c54613c5fc41aefaed09bee"
dependencies = [
"console",
"deadpool-runtime 0.1.3 (git+http://github.com/brocaar/deadpool.git?branch=update_redis)",
"num_cpus", "num_cpus",
"tokio", "tokio",
] ]
@ -1205,10 +1239,9 @@ dependencies = [
[[package]] [[package]]
name = "deadpool-redis" name = "deadpool-redis"
version = "0.14.0" version = "0.14.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "git+http://github.com/brocaar/deadpool.git?branch=update_redis#1697c5e198c72ac85c54613c5fc41aefaed09bee"
checksum = "36f2381b0e993d06a1f6d49f486b33bc4004085bf980340fc05726bacc681fff"
dependencies = [ dependencies = [
"deadpool", "deadpool 0.10.0 (git+http://github.com/brocaar/deadpool.git?branch=update_redis)",
"redis", "redis",
] ]
@ -1217,6 +1250,11 @@ name = "deadpool-runtime"
version = "0.1.3" version = "0.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "63dfa964fe2a66f3fde91fc70b267fe193d822c7e603e2a675a49a7f46ad3f49" checksum = "63dfa964fe2a66f3fde91fc70b267fe193d822c7e603e2a675a49a7f46ad3f49"
[[package]]
name = "deadpool-runtime"
version = "0.1.3"
source = "git+http://github.com/brocaar/deadpool.git?branch=update_redis#1697c5e198c72ac85c54613c5fc41aefaed09bee"
dependencies = [ dependencies = [
"tokio", "tokio",
] ]
@ -1289,7 +1327,7 @@ version = "0.4.1"
source = "git+https://github.com/weiznich/diesel_async.git?rev=017ebe2fb7a2709ab5db92148dea5ce812a35e09#017ebe2fb7a2709ab5db92148dea5ce812a35e09" source = "git+https://github.com/weiznich/diesel_async.git?rev=017ebe2fb7a2709ab5db92148dea5ce812a35e09#017ebe2fb7a2709ab5db92148dea5ce812a35e09"
dependencies = [ dependencies = [
"async-trait", "async-trait",
"deadpool", "deadpool 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)",
"diesel", "diesel",
"futures-util", "futures-util",
"scoped-futures", "scoped-futures",
@ -1489,6 +1527,12 @@ dependencies = [
"log", "log",
] ]
[[package]]
name = "encode_unicode"
version = "0.3.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f"
[[package]] [[package]]
name = "encoding_rs" name = "encoding_rs"
version = "0.8.33" version = "0.8.33"
@ -1777,8 +1821,8 @@ dependencies = [
"hyper", "hyper",
"hyper-rustls", "hyper-rustls",
"ring 0.16.20", "ring 0.16.20",
"rustls", "rustls 0.21.10",
"rustls-pemfile", "rustls-pemfile 1.0.4",
"serde", "serde",
"serde_json", "serde_json",
"thiserror", "thiserror",
@ -2101,10 +2145,10 @@ dependencies = [
"futures-util", "futures-util",
"http", "http",
"hyper", "hyper",
"rustls", "rustls 0.21.10",
"rustls-native-certs", "rustls-native-certs 0.6.3",
"tokio", "tokio",
"tokio-rustls", "tokio-rustls 0.24.1",
] ]
[[package]] [[package]]
@ -3387,9 +3431,9 @@ dependencies = [
[[package]] [[package]]
name = "redis" name = "redis"
version = "0.24.0" version = "0.25.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c580d9cbbe1d1b479e8d67cf9daf6a62c957e6846048408b80b43ac3f6af84cd" checksum = "14c442de91f2a085154b1e1b374d5d5edf5bc49d2ebbfdf47e67edd6c2df568d"
dependencies = [ dependencies = [
"async-trait", "async-trait",
"bytes", "bytes",
@ -3402,15 +3446,15 @@ dependencies = [
"percent-encoding", "percent-encoding",
"pin-project-lite", "pin-project-lite",
"rand", "rand",
"rustls", "rustls 0.22.2",
"rustls-native-certs", "rustls-native-certs 0.7.0",
"rustls-pemfile", "rustls-pemfile 2.1.1",
"rustls-webpki", "rustls-pki-types",
"ryu", "ryu",
"sha1_smol", "sha1_smol",
"socket2 0.4.10", "socket2 0.5.5",
"tokio", "tokio",
"tokio-rustls", "tokio-rustls 0.25.0",
"tokio-util", "tokio-util",
"url", "url",
] ]
@ -3499,15 +3543,15 @@ dependencies = [
"once_cell", "once_cell",
"percent-encoding", "percent-encoding",
"pin-project-lite", "pin-project-lite",
"rustls", "rustls 0.21.10",
"rustls-native-certs", "rustls-native-certs 0.6.3",
"rustls-pemfile", "rustls-pemfile 1.0.4",
"serde", "serde",
"serde_json", "serde_json",
"serde_urlencoded", "serde_urlencoded",
"system-configuration", "system-configuration",
"tokio", "tokio",
"tokio-rustls", "tokio-rustls 0.24.1",
"tower-service", "tower-service",
"url", "url",
"wasm-bindgen", "wasm-bindgen",
@ -3608,20 +3652,20 @@ dependencies = [
[[package]] [[package]]
name = "rumqttc" name = "rumqttc"
version = "0.23.0" version = "0.24.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8d8941c6791801b667d52bfe9ff4fc7c968d4f3f9ae8ae7abdaaa1c966feafc8" checksum = "e1568e15fab2d546f940ed3a21f48bbbd1c494c90c99c4481339364a497f94a9"
dependencies = [ dependencies = [
"bytes", "bytes",
"flume 0.11.0", "flume 0.11.0",
"futures-util", "futures-util",
"log", "log",
"rustls-native-certs", "rustls-native-certs 0.7.0",
"rustls-pemfile", "rustls-pemfile 2.1.1",
"rustls-webpki", "rustls-webpki 0.102.2",
"thiserror", "thiserror",
"tokio", "tokio",
"tokio-rustls", "tokio-rustls 0.25.0",
"url", "url",
] ]
@ -3724,10 +3768,24 @@ checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba"
dependencies = [ dependencies = [
"log", "log",
"ring 0.17.7", "ring 0.17.7",
"rustls-webpki", "rustls-webpki 0.101.7",
"sct", "sct",
] ]
[[package]]
name = "rustls"
version = "0.22.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e87c9956bd9807afa1f77e0f7594af32566e830e088a5576d27c5b6f30f49d41"
dependencies = [
"log",
"ring 0.17.7",
"rustls-pki-types",
"rustls-webpki 0.102.2",
"subtle",
"zeroize",
]
[[package]] [[package]]
name = "rustls-connector" name = "rustls-connector"
version = "0.18.5" version = "0.18.5"
@ -3735,9 +3793,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "25da151615461c7347114b1ad1a7458b4cdebc69cb220cd140cd5cb324b1dd37" checksum = "25da151615461c7347114b1ad1a7458b4cdebc69cb220cd140cd5cb324b1dd37"
dependencies = [ dependencies = [
"log", "log",
"rustls", "rustls 0.21.10",
"rustls-native-certs", "rustls-native-certs 0.6.3",
"rustls-webpki", "rustls-webpki 0.101.7",
] ]
[[package]] [[package]]
@ -3747,7 +3805,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00" checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00"
dependencies = [ dependencies = [
"openssl-probe", "openssl-probe",
"rustls-pemfile", "rustls-pemfile 1.0.4",
"schannel",
"security-framework",
]
[[package]]
name = "rustls-native-certs"
version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8f1fb85efa936c42c6d5fc28d2629bb51e4b2f4b8a5211e297d599cc5a093792"
dependencies = [
"openssl-probe",
"rustls-pemfile 2.1.1",
"rustls-pki-types",
"schannel", "schannel",
"security-framework", "security-framework",
] ]
@ -3761,6 +3832,22 @@ dependencies = [
"base64 0.21.5", "base64 0.21.5",
] ]
[[package]]
name = "rustls-pemfile"
version = "2.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f48172685e6ff52a556baa527774f61fcaa884f59daf3375c62a3f1cd2549dab"
dependencies = [
"base64 0.21.5",
"rustls-pki-types",
]
[[package]]
name = "rustls-pki-types"
version = "1.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5ede67b28608b4c60685c7d54122d4400d90f62b40caee7700e700380a390fa8"
[[package]] [[package]]
name = "rustls-webpki" name = "rustls-webpki"
version = "0.101.7" version = "0.101.7"
@ -3771,6 +3858,17 @@ dependencies = [
"untrusted 0.9.0", "untrusted 0.9.0",
] ]
[[package]]
name = "rustls-webpki"
version = "0.102.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610"
dependencies = [
"ring 0.17.7",
"rustls-pki-types",
"untrusted 0.9.0",
]
[[package]] [[package]]
name = "rustversion" name = "rustversion"
version = "1.0.14" version = "1.0.14"
@ -4274,7 +4372,7 @@ dependencies = [
"cfg-if", "cfg-if",
"p12", "p12",
"rustls-connector", "rustls-connector",
"rustls-pemfile", "rustls-pemfile 1.0.4",
] ]
[[package]] [[package]]
@ -4386,9 +4484,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
[[package]] [[package]]
name = "tokio" name = "tokio"
version = "1.35.0" version = "1.36.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "841d45b238a16291a4e1584e61820b8ae57d696cc5015c459c229ccc6990cc1c" checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931"
dependencies = [ dependencies = [
"backtrace", "backtrace",
"bytes", "bytes",
@ -4462,16 +4560,17 @@ dependencies = [
[[package]] [[package]]
name = "tokio-postgres-rustls" name = "tokio-postgres-rustls"
version = "0.10.0" version = "0.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dd5831152cb0d3f79ef5523b357319ba154795d64c7078b2daa95a803b54057f" checksum = "0ea13f22eda7127c827983bdaf0d7fff9df21c8817bab02815ac277a21143677"
dependencies = [ dependencies = [
"futures", "futures",
"ring 0.16.20", "ring 0.17.7",
"rustls", "rustls 0.22.2",
"tokio", "tokio",
"tokio-postgres", "tokio-postgres",
"tokio-rustls", "tokio-rustls 0.25.0",
"x509-certificate",
] ]
[[package]] [[package]]
@ -4494,7 +4593,18 @@ version = "0.24.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
dependencies = [ dependencies = [
"rustls", "rustls 0.21.10",
"tokio",
]
[[package]]
name = "tokio-rustls"
version = "0.25.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f"
dependencies = [
"rustls 0.22.2",
"rustls-pki-types",
"tokio", "tokio",
] ]
@ -4812,6 +4922,12 @@ dependencies = [
"tinyvec", "tinyvec",
] ]
[[package]]
name = "unicode-width"
version = "0.1.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85"
[[package]] [[package]]
name = "unicode-xid" name = "unicode-xid"
version = "0.2.4" version = "0.2.4"
@ -4945,13 +5061,13 @@ dependencies = [
"mime_guess", "mime_guess",
"percent-encoding", "percent-encoding",
"pin-project", "pin-project",
"rustls-pemfile", "rustls-pemfile 1.0.4",
"scoped-tls", "scoped-tls",
"serde", "serde",
"serde_json", "serde_json",
"serde_urlencoded", "serde_urlencoded",
"tokio", "tokio",
"tokio-rustls", "tokio-rustls 0.24.1",
"tokio-stream", "tokio-stream",
"tokio-util", "tokio-util",
"tower-service", "tower-service",
@ -5259,6 +5375,25 @@ dependencies = [
"windows-sys 0.48.0", "windows-sys 0.48.0",
] ]
[[package]]
name = "x509-certificate"
version = "0.23.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "66534846dec7a11d7c50a74b7cdb208b9a581cad890b7866430d438455847c85"
dependencies = [
"bcder",
"bytes",
"chrono",
"der",
"hex",
"pem",
"ring 0.17.7",
"signature",
"spki",
"thiserror",
"zeroize",
]
[[package]] [[package]]
name = "x509-parser" name = "x509-parser"
version = "0.15.1" version = "0.15.1"
@ -5291,3 +5426,17 @@ name = "zeroize"
version = "1.7.0" version = "1.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d"
dependencies = [
"zeroize_derive",
]
[[package]]
name = "zeroize_derive"
version = "1.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.40",
]

2
Cargo.toml
View File

@ -20,3 +20,5 @@ diesel = { git = "https://github.com/diesel-rs/diesel.git", rev = "566dcccc6df6a
# Remove if diesel-async > 0.4.1 # Remove if diesel-async > 0.4.1
diesel-async = { git = "https://github.com/weiznich/diesel_async.git", rev = "017ebe2fb7a2709ab5db92148dea5ce812a35e09" } diesel-async = { git = "https://github.com/weiznich/diesel_async.git", rev = "017ebe2fb7a2709ab5db92148dea5ce812a35e09" }
deadpool-redis = { git = "http://github.com/brocaar/deadpool.git", branch = "update_redis" }

2
chirpstack-integration/Cargo.toml
View File

@ -10,7 +10,7 @@
[dependencies] [dependencies]
chirpstack_api = { path = "../api/rust", version = "4.7.0-test.3" } chirpstack_api = { path = "../api/rust", version = "4.7.0-test.3" }
redis = { version = "0.24", features = [ redis = { version = "0.25", features = [
"cluster-async", "cluster-async",
"tokio-rustls-comp", "tokio-rustls-comp",
] } ] }

6
chirpstack-integration/src/lib.rs
View File

@ -95,7 +95,9 @@ enum RedisClient {
impl RedisClient { impl RedisClient {
async fn get_async_connection(&self) -> Result<RedisConnection> { async fn get_async_connection(&self) -> Result<RedisConnection> {
match self { match self {
RedisClient::Client(c) => Ok(RedisConnection::Client(c.get_async_connection().await?)), RedisClient::Client(c) => Ok(RedisConnection::Client(
c.get_multiplexed_async_connection().await?,
)),
RedisClient::ClusterClient(c) => Ok(RedisConnection::ClusterClient( RedisClient::ClusterClient(c) => Ok(RedisConnection::ClusterClient(
c.get_async_connection().await?, c.get_async_connection().await?,
)), )),
@ -104,7 +106,7 @@ impl RedisClient {
} }
enum RedisConnection { enum RedisConnection {
Client(redis::aio::Connection), Client(redis::aio::MultiplexedConnection),
ClusterClient(redis::cluster_async::ClusterConnection), ClusterClient(redis::cluster_async::ClusterConnection),
} }

12
chirpstack/Cargo.toml
View File

@ -35,9 +35,9 @@ diesel = { version = "2.1", features = [
diesel_migrations = { version = "2.1" } diesel_migrations = { version = "2.1" }
diesel-async = { version = "0.4", features = ["deadpool", "postgres", "async-connection-wrapper"] } diesel-async = { version = "0.4", features = ["deadpool", "postgres", "async-connection-wrapper"] }
tokio-postgres = "0.7" tokio-postgres = "0.7"
tokio-postgres-rustls = "0.10.0" tokio-postgres-rustls = "0.11"
bigdecimal = "0.4" bigdecimal = "0.4"
redis = { version = "0.24", features = [ "tls-rustls", "tokio-rustls-comp"] } redis = { version = "0.25.1", features = [ "tls-rustls", "tokio-rustls-comp"] }
deadpool-redis = { version = "0.14", features = ["cluster"] } deadpool-redis = { version = "0.14", features = ["cluster"] }
# Logging # Logging
@ -101,16 +101,16 @@ anyhow = "1.0"
pbkdf2 = { version = "0.12", features = ["simple"] } pbkdf2 = { version = "0.12", features = ["simple"] }
rand_core = { version = "0.6", features = ["std"] } rand_core = { version = "0.6", features = ["std"] }
jsonwebtoken = "9.2" jsonwebtoken = "9.2"
rustls = "0.21" rustls = "0.22"
rustls-native-certs = "0.6" rustls-native-certs = "0.7"
rustls-pemfile = "1.0" rustls-pemfile = "2.0"
rsa = "0.9" rsa = "0.9"
rcgen = { version = "0.12", features = [ "x509-parser" ] } rcgen = { version = "0.12", features = [ "x509-parser" ] }
openidconnect = { version = "3.3", features = ["accept-rfc3339-timestamps"] } openidconnect = { version = "3.3", features = ["accept-rfc3339-timestamps"] }
oauth2 = "4.4" oauth2 = "4.4"
# MQTT # MQTT
rumqttc = { version = "0.23", features = ["url"] } rumqttc = { version = "0.24", features = ["url"] }
hex = "0.4" hex = "0.4"
# Codecs # Codecs

2
chirpstack/src/gateway/backend/mqtt.rs
View File

@ -143,12 +143,10 @@ impl<'a> MqttBackend<'a> {
let client_conf = if conf.tls_cert.is_empty() && conf.tls_key.is_empty() { let client_conf = if conf.tls_cert.is_empty() && conf.tls_key.is_empty() {
rustls::ClientConfig::builder() rustls::ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(root_certs.clone()) .with_root_certificates(root_certs.clone())
.with_no_client_auth() .with_no_client_auth()
} else { } else {
rustls::ClientConfig::builder() rustls::ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(root_certs.clone()) .with_root_certificates(root_certs.clone())
.with_client_auth_cert(load_cert(&conf.tls_cert)?, load_key(&conf.tls_key)?)? .with_client_auth_cert(load_cert(&conf.tls_cert)?, load_key(&conf.tls_key)?)?
}; };

50
chirpstack/src/helpers/tls.rs
View File

@ -2,48 +2,52 @@ use std::fs::File;
use std::io::BufReader; use std::io::BufReader;
use anyhow::{Context, Result}; use anyhow::{Context, Result};
use rustls::pki_types::{CertificateDer, PrivateKeyDer};
// Return root certificates, optionally with the provided ca_file appended. // Return root certificates, optionally with the provided ca_file appended.
pub fn get_root_certs(ca_file: Option<String>) -> Result<rustls::RootCertStore> { pub fn get_root_certs(ca_file: Option<String>) -> Result<rustls::RootCertStore> {
let mut roots = rustls::RootCertStore::empty(); let mut roots = rustls::RootCertStore::empty();
let certs = rustls_native_certs::load_native_certs()?; for cert in rustls_native_certs::load_native_certs()? {
let certs: Vec<_> = certs.into_iter().map(|cert| cert.0).collect(); roots.add(cert)?;
roots.add_parsable_certificates(&certs); }
if let Some(ca_file) = &ca_file { if let Some(ca_file) = &ca_file {
let f = File::open(ca_file).context("Open CA certificate")?; let f = File::open(ca_file).context("Open CA certificate")?;
let mut reader = BufReader::new(f); let mut reader = BufReader::new(f);
let certs = rustls_pemfile::certs(&mut reader)?; let certs = rustls_pemfile::certs(&mut reader);
for cert in certs for cert in certs {
.into_iter() if let Ok(cert) = cert {
.map(rustls::Certificate) roots.add(cert)?;
.collect::<Vec<_>>() }
{
roots.add(&cert)?;
} }
} }
Ok(roots) Ok(roots)
} }
pub fn load_cert(cert_file: &str) -> Result<Vec<rustls::Certificate>> { pub fn load_cert(cert_file: &str) -> Result<Vec<CertificateDer<'static>>> {
let f = File::open(cert_file).context("Open TLS certificate")?; let f = File::open(cert_file).context("Open TLS certificate")?;
let mut reader = BufReader::new(f); let mut reader = BufReader::new(f);
let certs = rustls_pemfile::certs(&mut reader)?; let certs = rustls_pemfile::certs(&mut reader);
let certs = certs let mut out = Vec::new();
.into_iter() for cert in certs {
.map(rustls::Certificate) out.push(cert?.into_owned());
.collect::<Vec<_>>(); }
Ok(certs) Ok(out)
} }
pub fn load_key(key_file: &str) -> Result<rustls::PrivateKey> { pub fn load_key(key_file: &str) -> Result<PrivateKeyDer<'static>> {
let f = File::open(key_file).context("Open private key")?; let f = File::open(key_file).context("Open private key")?;
let mut reader = BufReader::new(f); let mut reader = BufReader::new(f);
let mut keys = rustls_pemfile::pkcs8_private_keys(&mut reader)?; let mut keys = rustls_pemfile::pkcs8_private_keys(&mut reader);
match keys.len() { if let Some(key) = keys.next() {
0 => Err(anyhow!("No private key found")), match key {
1 => Ok(rustls::PrivateKey(keys.remove(0))), Ok(v) => return Ok(PrivateKeyDer::Pkcs8(v.clone_key())),
_ => Err(anyhow!("More than one private key found")), Err(e) => {
return Err(anyhow!("Error parsing private key, error: {}", e));
}
}
} }
Err(anyhow!("No private key found"))
} }

2
chirpstack/src/integration/mqtt.rs
View File

@ -110,12 +110,10 @@ impl<'a> Integration<'a> {
let client_conf = if conf.tls_cert.is_empty() && conf.tls_key.is_empty() { let client_conf = if conf.tls_cert.is_empty() && conf.tls_key.is_empty() {
rustls::ClientConfig::builder() rustls::ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(root_certs.clone()) .with_root_certificates(root_certs.clone())
.with_no_client_auth() .with_no_client_auth()
} else { } else {
rustls::ClientConfig::builder() rustls::ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(root_certs.clone()) .with_root_certificates(root_certs.clone())
.with_client_auth_cert(load_cert(&conf.tls_cert)?, load_key(&conf.tls_key)?)? .with_client_auth_cert(load_cert(&conf.tls_cert)?, load_key(&conf.tls_key)?)?
}; };

1
chirpstack/src/integration/postgresql/mod.rs
View File

@ -240,7 +240,6 @@ fn pg_establish_connection(config: &str) -> BoxFuture<ConnectionResult<AsyncPgCo
}) })
.map_err(|e| ConnectionError::BadConnection(e.to_string()))?; .map_err(|e| ConnectionError::BadConnection(e.to_string()))?;
let rustls_config = rustls::ClientConfig::builder() let rustls_config = rustls::ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(root_certs) .with_root_certificates(root_certs)
.with_no_client_auth(); .with_no_client_auth();
let tls = tokio_postgres_rustls::MakeRustlsConnect::new(rustls_config); let tls = tokio_postgres_rustls::MakeRustlsConnect::new(rustls_config);

1
chirpstack/src/storage/mod.rs
View File

@ -167,7 +167,6 @@ fn pg_establish_connection(config: &str) -> BoxFuture<ConnectionResult<AsyncPgCo
}) })
.map_err(|e| ConnectionError::BadConnection(e.to_string()))?; .map_err(|e| ConnectionError::BadConnection(e.to_string()))?;
let rustls_config = rustls::ClientConfig::builder() let rustls_config = rustls::ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(root_certs) .with_root_certificates(root_certs)
.with_no_client_auth(); .with_no_client_auth();
let tls = tokio_postgres_rustls::MakeRustlsConnect::new(rustls_config); let tls = tokio_postgres_rustls::MakeRustlsConnect::new(rustls_config);