summaryrefslogtreecommitdiff
path: root/test_util/src/lib.rs
diff options
context:
space:
mode:
Diffstat (limited to 'test_util/src/lib.rs')
-rw-r--r--test_util/src/lib.rs59
1 files changed, 36 insertions, 23 deletions
diff --git a/test_util/src/lib.rs b/test_util/src/lib.rs
index 857884efc..3cae1d7e1 100644
--- a/test_util/src/lib.rs
+++ b/test_util/src/lib.rs
@@ -1,6 +1,7 @@
// Copyright 2018-2021 the Deno authors. All rights reserved. MIT license.
// Usage: provide a port as argument to run hyper_hello benchmark server
// otherwise this starts multiple servers on many ports for test endpoints.
+use anyhow::anyhow;
use futures::FutureExt;
use futures::Stream;
use futures::StreamExt;
@@ -15,6 +16,8 @@ use hyper::StatusCode;
use lazy_static::lazy_static;
use os_pipe::pipe;
use regex::Regex;
+use rustls::Certificate;
+use rustls::PrivateKey;
use serde::Serialize;
use std::collections::HashMap;
use std::convert::Infallible;
@@ -40,7 +43,7 @@ use tempfile::TempDir;
use tokio::io::AsyncWriteExt;
use tokio::net::TcpListener;
use tokio::net::TcpStream;
-use tokio_rustls::rustls::{self, Session};
+use tokio_rustls::rustls;
use tokio_rustls::TlsAcceptor;
use tokio_tungstenite::accept_async;
@@ -321,21 +324,25 @@ async fn get_tls_config(
let key_file = std::fs::File::open(key_path)?;
let ca_file = std::fs::File::open(ca_path)?;
- let mut cert_reader = io::BufReader::new(cert_file);
- let cert = rustls::internal::pemfile::certs(&mut cert_reader)
- .expect("Cannot load certificate");
+ let certs: Vec<Certificate> = {
+ let mut cert_reader = io::BufReader::new(cert_file);
+ rustls_pemfile::certs(&mut cert_reader)
+ .unwrap()
+ .into_iter()
+ .map(Certificate)
+ .collect()
+ };
let mut ca_cert_reader = io::BufReader::new(ca_file);
- let ca_cert = rustls::internal::pemfile::certs(&mut ca_cert_reader)
+ let ca_cert = rustls_pemfile::certs(&mut ca_cert_reader)
.expect("Cannot load CA certificate")
.remove(0);
let mut key_reader = io::BufReader::new(key_file);
let key = {
- let pkcs8_key =
- rustls::internal::pemfile::pkcs8_private_keys(&mut key_reader)
- .expect("Cannot load key file");
- let rsa_key = rustls::internal::pemfile::rsa_private_keys(&mut key_reader)
+ let pkcs8_key = rustls_pemfile::pkcs8_private_keys(&mut key_reader)
+ .expect("Cannot load key file");
+ let rsa_key = rustls_pemfile::rsa_private_keys(&mut key_reader)
.expect("Cannot load key file");
if !pkcs8_key.is_empty() {
Some(pkcs8_key[0].clone())
@@ -349,26 +356,32 @@ async fn get_tls_config(
match key {
Some(key) => {
let mut root_cert_store = rustls::RootCertStore::empty();
- root_cert_store.add(&ca_cert).unwrap();
+ root_cert_store.add(&rustls::Certificate(ca_cert)).unwrap();
+
// Allow (but do not require) client authentication.
- let allow_client_auth =
- rustls::AllowAnyAnonymousOrAuthenticatedClient::new(root_cert_store);
- let mut config = rustls::ServerConfig::new(allow_client_auth);
+
+ let mut config = rustls::ServerConfig::builder()
+ .with_safe_defaults()
+ .with_client_cert_verifier(
+ rustls::server::AllowAnyAnonymousOrAuthenticatedClient::new(
+ root_cert_store,
+ ),
+ )
+ .with_single_cert(certs, PrivateKey(key))
+ .map_err(|e| {
+ anyhow!("Error setting cert: {:?}", e);
+ })
+ .unwrap();
+
match http_versions {
SupportedHttpVersions::All => {
- config.set_protocols(&["h2".into(), "http/1.1".into()]);
+ config.alpn_protocols = vec!["h2".into(), "http/1.1".into()];
}
SupportedHttpVersions::Http1Only => {}
SupportedHttpVersions::Http2Only => {
- config.set_protocols(&["h2".into()]);
+ config.alpn_protocols = vec!["h2".into()];
}
}
- config
- .set_single_cert(cert, key)
- .map_err(|e| {
- eprintln!("Error setting cert: {:?}", e);
- })
- .unwrap();
Ok(Arc::new(config))
}
@@ -466,7 +479,7 @@ async fn run_tls_client_auth_server() {
let (_, tls_session) = tls_stream.get_mut();
// We only need to check for the presence of client certificates
// here. Rusttls ensures that they are valid and signed by the CA.
- let response = match tls_session.get_peer_certificates() {
+ let response = match tls_session.peer_certificates() {
Some(_certs) => b"PASS",
None => b"FAIL",
};
@@ -1173,7 +1186,7 @@ async fn wrap_client_auth_https_server() {
let (_, tls_session) = tls_stream.get_mut();
// We only need to check for the presence of client certificates
// here. Rusttls ensures that they are valid and signed by the CA.
- match tls_session.get_peer_certificates() {
+ match tls_session.peer_certificates() {
Some(_certs) => { yield Ok(tls_stream); },
None => { eprintln!("https_client_auth: no valid client certificate"); },
};
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-17 04:10:43 +0000