rustls / hyper-rustls Goto Github PK
View Code? Open in Web Editor NEWIntegration between hyper HTTP library and rustls TLS stack
License: Other
Integration between hyper HTTP library and rustls TLS stack
License: Other
Hi,
thanks for your library! I'm using it to get around of OpenSSL nightmares on different platforms.
I encountered a compiler error when i tried to compile my project with nightly
rustc.
Error is caused by old version of rustls, which is using unknown compiler feature #[export_macro]
. That issue is now fixed in 0.5.8
. source: rustls/rustls#55
Is it welcome to submit PR that upgrades just that dependency?
ps: I'm not in hurry and i can wait for next release.
Reference to rustls/rustls#22.
Having log
be an optional crate is great in rustls
. However, this crate depends on rustls
with no way to turn off logging, which really, really looks bad in binary crates (especially since rustls
prints out all of this debug info in the INFO
log level instead of DEBUG
).
Please either make logging an option here or turn it off.
Dependabot couldn't find a Cargo.toml for this project.
Dependabot requires a Cargo.toml to evaluate your project's current Rust dependencies. It had expected to find one at the path: /tokio-rustls/Cargo.toml
.
If this isn't a Rust project, or if it is a library, you may wish to disable updates for it from within Dependabot.
You can mention @dependabot in the comments below to contact the Dependabot team.
I've tried to send a request to https://1.1.1.1
. This fails with an error:
StringError("invalid dnsname")
The error seems to be coming from hyper-rustls, the https-connector I use:
https://github.com/ctz/hyper-rustls/blob/276c10aa7373d3c8da7d39d22b82f7a4600f6bd2/src/connector.rs#L81
Hi. Thank you for your wonderful project!
I upgrade hyper to 0.14 and hyper-rustls from 0.14 to 0.22. Then, I got an error only on HTTP/2 over HTTPS.
I created a minimal sample here:
Type the following commands to run an HTTPS server.
git clone [email protected]:nwtgck/public-code.git
cd public-code/hyper-0-14-http2-unexpected-eof-problem
cargo run
Then, https://localhost:8443/ is served.
I got "hello, world" successfully when using HTTP/1.1 over HTTPS like the following.
$ curl -k --http1.1 https://localhost:8443/
hello, world
But, I got an error when using HTTP/2 over HTTPS like the following.
$ curl -k --http2 https://localhost:8443/
curl: (56) Unexpected EOF
Here is verbose output with -vvv
.
$ curl -vvvk --http2 https://localhost:8443/
* Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 8443 failed: Connection refused
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=localhost
* start date: Jan 6 15:33:09 2021 GMT
* expire date: Jan 6 15:33:09 2022 GMT
* issuer: CN=localhost
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fadb080d800)
> GET / HTTP/2
> Host: localhost:8443
> User-Agent: curl/7.54.0
> Accept: */*
>
* Unexpected EOF
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
curl: (56) Unexpected EOF
I got an error in Web browser too. Honestly speaking, I am not sure which library causes the error: tokio, hyper, tokio-rustls, rustls, hyper-rustls, so I may post the issue on wrong place.
When I used like the following dependencies with hyper 0.13 and the same rust code, HTTP/2 over HTTPS worked as I expected.
# <hyper 0.13 (old)>
# ...
[dependencies]
hyper = { version = "0.13", features = ["stream"] }
futures = "0.3"
http = "0.2"
tokio = { version = "0.2", features = ["macros", "stream"] }
rustls = "0.18"
hyper-rustls = "0.22"
futures-util = "0.3"
tokio-rustls = "0.14"
async-stream = "0.3.0"
It looks like the recently released tokio 0.2.7 has broken hyper-rustls:
Compiling tokio v0.2.7
Compiling pin-project v0.4.6
Compiling futures-util v0.3.1
error[E0432]: unresolved import `tokio_macros::main_basic`
--> /Users/etryzelaar/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-0.2.7/src/lib.rs:276:21
|
276 | pub use tokio_macros::main_basic as main;
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ no `main_basic` in the root
error[E0432]: unresolved import `tokio_macros::test_basic`
--> /Users/etryzelaar/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-0.2.7/src/lib.rs:277:21
|
277 | pub use tokio_macros::test_basic as test;
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ no `test_basic` in the root
error: aborting due to 2 previous errors
For more information about this error, try `rustc --explain E0432`.
As best as I can tell, this should be fixed once tokio-rs/tokio#2069 lands though.
The stuff in examples/
are meant to be verbatim copies of upstream hyper examples of the same name, showing how to integrate this crate. But they've fallen out of sync. Bring these up to date.
Would it be possible to release a 0.15.1 that includes the ALPN update? That way we can start to enable it reqwest.
Finished dev [unoptimized + debuginfo] target(s) in 6.47s
Running `target\debug\web_tcp.exe`
Starting to serve on https://127.0.0.1:1337.
[!] Voluntary server halt due to client-connection error...
FAILED: error accepting connection: unexpected end of file
error: process didn't exit successfully: target\debug\web_tcp.exe
(exit code: 1)
Just to make sure my request in #100 (comment) doesn't get missed, would it be possible to have a 0.19.1 release made? We need this in order to update hyper-rustls in Fuchsia. Thanks so much!
Thanks for landing #69! Would it be possible to cut a 0.16.1 release? That'll allow us to pull hyper-rustls into Fuchsia.
Thanks again!
With an older version of Hyper using OpenSSL I could do something like this:
if let Some(sslstream) = request.ssl::<SslStream<HttpStream>>() {
let ssl: &Ssl = sslstream.ssl();
let peer_x509: X509 = ssl.peer_certificate().unwrap();
let sn = peer_x509.subject_name();
cn = sn.text_by_nid(Nid::CN).unwrap();
debug!("cn: {}", &cn);
}
I need the CN to do anything useful on our corporate network.
Is it possible to do something like this when I'm using hyper-rustls?
If yes, how?
Thanks!
steps to reproduce:
first, verify the server example works:
$ cargo run --example server
Starting to serve on https://127.0.0.1:1337.
$ curl -X POST --data "POST-it note" https://127.0.0.1:1337/echo --insecure
POST-it note
so far so good! lets try curling with http to see if the server gracefully drops the packet
$ curl -X POST --data "POST-it note" http://127.0.0.1:1337/echo
curl: (52) Empty reply from server
that part seems right, but wait! my server has crashed!
[!] Voluntary server halt due to client-connection error...
FAILED: error accepting connection: TLS Error: Custom { kind: InvalidData, error: CorruptMessage }
ok - lets look at the example code. it seems to say that i can uncomment the error and just return Ok(None)
and that should take care of things: uncomment this line and comment this line so it looks like this:
let incoming_tls_stream = tcp
.incoming()
.map_err(|e| error(format!("Incoming failed: {:?}", e)))
.and_then(move |s| {
tls_acceptor.accept(s).map_err(|e| Ok(None))
})
.boxed();
unfortunately when i run the server it fails to compile with a rather verbose error message:
$ cargo run --example server
Compiling hyper-rustls v0.21.0 (/Users/averyharnish/Documents/work/hyper-rustls)
error[E0271]: type mismatch resolving `<[closure@examples/server.rs:67:44: 72:14] as std::ops::FnOnce<(std::io::Error,)>>::Output == std::io::Error`
--> examples/server.rs:66:10
|
66 | .and_then(move |s| {
| ^^^^^^^^ expected enum `std::result::Result`, found struct `std::io::Error`
|
= note: expected enum `std::result::Result<std::option::Option<_>, _>`
found struct `std::io::Error`
= note: required because of the requirements on the impl of `futures_util::fns::FnOnce1<std::io::Error>` for `[closure@examples/server.rs:67:44: 72:14]`
= note: required because of the requirements on the impl of `std::future::Future` for `futures_util::future::future::map::Map<futures_util::future::try_future::into_future::IntoFuture<tokio_rustls::Accept<tokio::net::tcp::stream::TcpStream>>, futures_util::fns::MapErrFn<[closure@examples/server.rs:67:44: 72:14]>>`
= note: required because of the requirements on the impl of `futures_core::future::TryFuture` for `futures_util::future::try_future::MapErr<tokio_rustls::Accept<tokio::net::tcp::stream::TcpStream>, [closure@examples/server.rs:67:44: 72:14]>`
error[E0599]: no method named `boxed` found for struct `futures_util::stream::try_stream::and_then::AndThen<futures_util::stream::try_stream::MapErr<tokio::net::tcp::incoming::Incoming<'_>, [closure@examples/server.rs:65:18: 65:64]>, futures_util::future::try_future::MapErr<tokio_rustls::Accept<tokio::net::tcp::stream::TcpStream>, [closure@examples/server.rs:67:44: 72:14]>, [closure@examples/server.rs:66:19: 73:10 tls_acceptor:_]>` in the current scope
--> examples/server.rs:74:10
|
74 | .boxed();
| ^^^^^ method not found in `futures_util::stream::try_stream::and_then::AndThen<futures_util::stream::try_stream::MapErr<tokio::net::tcp::incoming::Incoming<'_>, [closure@examples/server.rs:65:18: 65:64]>, futures_util::future::try_future::MapErr<tokio_rustls::Accept<tokio::net::tcp::stream::TcpStream>, [closure@examples/server.rs:67:44: 72:14]>, [closure@examples/server.rs:66:19: 73:10 tls_acceptor:_]>`
|
::: /Users/averyharnish/.cargo/registry/src/github.com-1ecc6299db9ec823/futures-util-0.3.5/src/stream/try_stream/and_then.rs:13:1
|
13 | pub struct AndThen<St, Fut, F> {
| ------------------------------
| |
| doesn't satisfy `_: futures_core::stream::Stream`
| doesn't satisfy `_: futures_util::stream::stream::StreamExt`
|
= note: the method `boxed` exists but the following trait bounds were not satisfied:
`futures_util::stream::try_stream::and_then::AndThen<futures_util::stream::try_stream::MapErr<tokio::net::tcp::incoming::Incoming<'_>, [closure@examples/server.rs:65:18: 65:64]>, futures_util::future::try_future::MapErr<tokio_rustls::Accept<tokio::net::tcp::stream::TcpStream>, [closure@examples/server.rs:67:44: 72:14]>, [closure@examples/server.rs:66:19: 73:10 tls_acceptor:_]>: futures_core::stream::Stream`
which is required by `futures_util::stream::try_stream::and_then::AndThen<futures_util::stream::try_stream::MapErr<tokio::net::tcp::incoming::Incoming<'_>, [closure@examples/server.rs:65:18: 65:64]>, futures_util::future::try_future::MapErr<tokio_rustls::Accept<tokio::net::tcp::stream::TcpStream>, [closure@examples/server.rs:67:44: 72:14]>, [closure@examples/server.rs:66:19: 73:10 tls_acceptor:_]>: futures_util::stream::stream::StreamExt`
`&futures_util::stream::try_stream::and_then::AndThen<futures_util::stream::try_stream::MapErr<tokio::net::tcp::incoming::Incoming<'_>, [closure@examples/server.rs:65:18: 65:64]>, futures_util::future::try_future::MapErr<tokio_rustls::Accept<tokio::net::tcp::stream::TcpStream>, [closure@examples/server.rs:67:44: 72:14]>, [closure@examples/server.rs:66:19: 73:10 tls_acceptor:_]>: futures_core::stream::Stream`
which is required by `&futures_util::stream::try_stream::and_then::AndThen<futures_util::stream::try_stream::MapErr<tokio::net::tcp::incoming::Incoming<'_>, [closure@examples/server.rs:65:18: 65:64]>, futures_util::future::try_future::MapErr<tokio_rustls::Accept<tokio::net::tcp::stream::TcpStream>, [closure@examples/server.rs:67:44: 72:14]>, [closure@examples/server.rs:66:19: 73:10 tls_acceptor:_]>: futures_util::stream::stream::StreamExt`
`&mut futures_util::stream::try_stream::and_then::AndThen<futures_util::stream::try_stream::MapErr<tokio::net::tcp::incoming::Incoming<'_>, [closure@examples/server.rs:65:18: 65:64]>, futures_util::future::try_future::MapErr<tokio_rustls::Accept<tokio::net::tcp::stream::TcpStream>, [closure@examples/server.rs:67:44: 72:14]>, [closure@examples/server.rs:66:19: 73:10 tls_acceptor:_]>: futures_core::stream::Stream`
which is required by `&mut futures_util::stream::try_stream::and_then::AndThen<futures_util::stream::try_stream::MapErr<tokio::net::tcp::incoming::Incoming<'_>, [closure@examples/server.rs:65:18: 65:64]>, futures_util::future::try_future::MapErr<tokio_rustls::Accept<tokio::net::tcp::stream::TcpStream>, [closure@examples/server.rs:67:44: 72:14]>, [closure@examples/server.rs:66:19: 73:10 tls_acceptor:_]>: futures_util::stream::stream::StreamExt`
warning: unused import: `StreamExt`
--> examples/server.rs:10:22
|
10 | stream::{Stream, StreamExt, TryStreamExt},
| ^^^^^^^^^
|
= note: `#[warn(unused_imports)]` on by default
error: aborting due to 2 previous errors; 1 warning emitted
Some errors have detailed explanations: E0271, E0599.
For more information about an error, try `rustc --explain E0271`.
error: could not compile `hyper-rustls`.
To learn more, run the command again with --verbose.
I tried looking into the documentation and I found into_failable
which seems like maybe something that could be useful to me? But really I'm not sure where to go from here. Any help with this is greatly appreciated and I'd be happy to update the server example with something that works once I understand what's going on.
crates.io has an 0.18 release issued a few minutes ago, but I don't see any changes for it in git.
It seems like neither the client nor the server use HTTP2 by default. The server example recently got updated to manually allow HTTP2, but the client example still only uses HTTP1.1. Which begs the question why you even need to do this manually in the first place. I feel like either there should be some helper in the HttpsConnector .with_http2() or it should just be the default. I may be misunderstanding something though.
So hyper-rustls doesn't do ALPN by default and hyper-tls doesn't do ALPN at all. I'm so confused.
use this example:
Starting to serve on https://127.0.0.1:1337.
[!] Voluntary server halt due to client-connection error...
FAILED: run errorerror trying to connect: invalid dnsname
I'm currently having issues porting my code to hyper 0.12 and getting it to work with hyper-rustls again.
Currently I'm stuck here:
the trait `hyper::client::connect::Connect` is not implemented for `hyper_rustls::HttpsConnector`
I think a new release might be necessary. Thanks for building rustls and hyper-rustls! :)
It seems the unwrap in this line of the connector:
let dnsname = DNSNameRef::try_from_ascii_str(dst.host()).unwrap();
may panic if the url contains an IP instead of an host name. I can't get my patch to compile right now, so I'm leaving this as an issue instead. :)
Dependabot can't resolve your Rust dependency files.
As a result, Dependabot couldn't update your dependencies.
The error Dependabot encountered was:
Updating crates.io index
error: failed to select a version for `ring`.
... required by package `webpki v0.19.0`
... which is depended on by `hyper-rustls v0.15.1 (/home/dependabot/dependabot-updater/dependabot_tmp_dir/home/dependabot/dependabot-updater/dependabot_tmp_dir
If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.
You can mention @dependabot in the comments below to contact the Dependabot team.
Hey,
I have tried to update this crate from 0.18
to 0.20
but I'm getting the following errors without bumping hyper to 0.13
:
error[E0277]: the trait bound `hyper_rustls::HttpsConnector<hyper::client::connect::http::HttpConnector>: hyper::client::connect::Connect` is not satisfied
--> util/fetch/src/client.rs:203:12
|
203 | .build(hyper_rustls::HttpsConnector::new());
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ the trait `hyper::client::connect::Connect` is not implemented for `hyper_rustls::HttpsConnector<hyper::client::connect::http::HttpConnector>`
error[E0599]: no method named `request` found for struct `hyper::Client<hyper_rustls::HttpsConnector<hyper::client::connect::http::HttpConnector>, _>` in the current scope
--> util/fetch/src/client.rs:218:13
|
218 | client.request(request.into())
| ^^^^^^^ method not found in `hyper::Client<hyper_rustls::HttpsConnector<hyper::client::connect::http::HttpConnector>, _>`
|
::: /home/niklasad1/.cargo/registry/src/github.com-1ecc6299db9ec823/hyper-rustls-0.20.0/src/connector.rs:22:1
|
22 | pub struct HttpsConnector<T> {
| ---------------------------- doesn't satisfy `_: hyper::client::connect::Connect`
|
= note: the method `request` exists but the following trait bounds were not satisfied:
`hyper_rustls::HttpsConnector<hyper::client::connect::http::HttpConnector>: hyper::client::connect::Connect`
AFAIU, the trait hyper::Connect was implemented by 0.18
but was removed in 0.19
.
Is there any workaround for this without using hyper 0.13
?
I want to avoid using futures 0.3
.
As in the title; the functions should not panic.
Currently the parameters of hyper::Service::call
only include a Request
. And I'm curious if it's possible to access rustls::Session
somewhere from the Service
.
Accessing TLS session could be useful for multiple reasons, for example for implementing applications that rely on the TLS Keying Material (provided by rustls::Session::export_keying_material
).
cc @tiziano88
As of v0.17.0, I am unable to successfully make an HTTPS connection to www.googleapis.com. Using HTTP/2, I get a "connection closed" response (it seems the server drops the connection). Using HTTP/1.1, the connection hangs indefinitely.
There's a code snippet and debug logs here: https://gist.github.com/jbg/2b24ec191dac2bd0ad165d43efd50b11
Prior to the v0.17.0 release, we were using a local fork of hyper-rustls that I had updated to use the new rustls/tokio-rustls/etc releases, and had no issues. There's a small difference between the way v0.17.0 was updated to use the new tokio-rustls API, and the way I had updated our local fork.
With this patch applied to v0.17.0, I'm able to connect to www.googleapis.com over TLS successfully again:
https://github.com/ctz/hyper-rustls/compare/master...jbg:master?expand=1
I have tried the example. But I failed to compile the program with Ok(None):
let stream = tls_acceptor.accept(socket).map_err(|e| {
println!("[!] Voluntary server halt due to client-connection error...");
// Errors could be handled here, instead of server aborting.
// Ok(None)
error(format!("TLS Error: {:?}", e))
});
If the error does not handle here. The server will abort.
I use the example code server.rs. And when I use the sample.pem
and sample.rsa
in the example fold, the server will crash and give me these messages:
Starting to serve on https://127.0.0.1:1337.
[!] Voluntary server halt due to client-connection error...
FAILED: error accepting connection: TLS Error: Custom { kind: InvalidData, error: AlertReceived(BadCertificate) }
And when I generated the self-signed certificates follow these instructions How to enable SSL and TLS 1.3 on NGINX.
After I load the ca.crt
and ca.key
file, I still got these message:
Starting to serve on https://127.0.0.1:1337.
[!] Voluntary server halt due to client-connection error...
FAILED: error accepting connection: TLS Error: Custom { kind: InvalidData, error: AlertReceived(BadCertificate) }
I want to use TLS 1.3, but I don't know how to generate the self-signed certificates. BTW, my environment is MacosX + Rust 1.45.2.
Please give me some advice, thank you.
I'm looking to serve HTTP/1.1 and HTTP/2 over TLS behind the same port with ALPN. Is that within scope for this crate or as an example in this crate?
It's a bit bare, isn't it?
is ther an example to use the HttpsConnector with trust-dns-resolver?
I was having a quick look at this crate and I think the hyper-current branch (for async hyper) may be a bit behind. hyper::client::HttpsConnector
is not anymore there and I'm not sure how the whole thing has been re-arranged. Any hints / branch to a have a working async-hyper + rustls setup?
It seems to be possible to use hyper with async-std if you provide a Connector for it that uses async-std. Considering half the ecosystem is seemingly moving to async-std and tokio doesn't play well with async-std, there should probably be a good rustls based Connector that can be used in that case. I'm not sure if that is within the scope of hyper-rustls or if we need a second hyper-rustls-async-std.
My specific goal is to go from hyper::server::Request
to a client certificate.
I can get from Request
to WrappedStream
with request.ssl::<hyper_rustls::WrappedStream>().unwrap()
, and a rustls::Session
has get_peer_certificates
, so it seems the missing piece is hyper_rustls::WrappedStream
-> rustls::Session
.
git clone https://github.com/ctz/hyper-rustls
cd hyper-rustls
cargo run --example server
and in an other terminal:
curl https://127.0.0.1:1337
In the first terminal, you should get:
Starting to serve on https://127.0.0.1:1337.
FAILED: error accepting connection: received fatal alert: UnknownCA
The server should not crash when the client return an UnknownCA
alert and just close the connection.
This is mostly meant as a tracking issue for the update to tokio 0.2 and hyper 0.13. tokio 0.2 is out and hyper has tokio 0.2 support on master, so someone could already start migrating hyper-rustls and be ready for when they release hyper 0.13.
The HttpsConnector currently has a different signature from hyper-tls:
impl HttpsConnector<HttpConnector>
impl HttpsConnector
It would be nice if I could provide my own HttpConnector, also this would make it easier to switch them with a feature flag.
Thread 'fetch' panicked at 'cannot access native cert store: Custom { kind: InvalidData, error: BadDER }', C:\Users\runneradmin.cargo\registry\src\github.com-1ecc6299db9ec823\hyper-rustls-0.18.0\src\connector.rs:29
I got this issue when tried to run https://github.com/openethereum/openethereum client.
I use
OS Name Microsoft Windows 10 Pro
Version 10.0.18363 Build 18363
What can cause this issue? And how it can be solved?
How do you use hyper-rustls with an http proxy? The following results an error.
let ssl = TlsClient::new();
let connector = HttpsConnector::new(ssl);
let proxy_config = ProxyConfig::new("http", host, port, connector, ssl);
let client = Client::with_proxy_config(proxy_config);
The error message is:
the trait bound hyper_rustls::TlsClient: hyper::net::SslClient<hyper::net::HttpsStream<hyper_rustls::WrappedStream>>
is not satisfied
cargo run --example server
error: native library `ring-asm` is being linked to by more than one version of the same package, but it can only be linked once; try updating or pinning your dependencies to ensure that this package only shows up once
ring v0.9.7
ring v0.11.0
See for example the example code at hyper-trust-dns.
If I want to supply an HttpConnector
, for example to change the resolver, it seems that I also have to also supply a ClientConfig
.
It could be useful to offer a from(http_connector: T)
which uses the default rustls ClientConfig
.
The hyper::client::HttpConnector
that HttpsConnector
uses under the hood has a new_with_executor()
constructor. This is very useful for performance if the application already has an existing threadpool, allowing it to be reused instead of having the connector create one of its own, which as far as I can tell, is unfortunately hard-coded to only 4 threads. This constructor should really be exposed to ensure feature parity with hyper
.
Currently hyper-rustls sets alpn_protocols to advertise HTTP2 (in connector.rs).
It doesn't properly work with current hyper features (which require http2 to be explicitly enabled), and forces the user to enable a feature that has a large dependency footprint and potential security surface (or to be incompatible with some peers).
hyper-rustls should give the caller some control over that, prior to building the connector.
And the support should be conditional on an hyper-rustls/http2 feature, so that the dependency set is always correct at compile time. It could work similar to how the root certificates are determined.
Maybe, ring dependency should be updated on the next release(0.13) so it compiles with future versions of compiler? briansmith/ring#609
In the file lib. rs ,Lines 73 to 80 :
fn promote_tls_error(&mut self) -> io::Result<()> {
match self.tls_error.take() {
Some(err) => {
return Err(io::Error::new(io::ErrorKind::ConnectionAborted, err));
},
None => return Ok(())
};
}
is that correct? Should remove the ';'?
Hey @ctz—quite keen to get a new release with the recent upgrade with the tokio v1.0/hyper v0.14 bump! One of the last two pieces to get a new release of Rusoto out. Thanks in advance!
Could you please make an example how to
All snippets I can find about this topic in rustls are really big and seem to not fit into this.
There had been https_with_context() or https_using_context in hyper, but they say
hyperium/hyper#887 (comment)
With the release of 0.10, hyper no longer bundles a default SslClient, and instead proposes use of pluggable crates to provide it. So I'm going to close this.
Iron/hyper feels like a cool mini nginx in rust.
I think it would go too far if I ask you how to use SNI (different context per domain) on the same port with hyper, so I won't ask this.
How would that be done with your example server?
https://github.com/ctz/hyper-rustls/blob/master/examples/server.rs
Thank you, I love Rust <3
Edit: I see, it's better to use hyper master from git and use rusttls' server example because they have massively changed how things #work.
If ECDSA certs and defining a curve lists work I will close this issue. Have to test first.
hyper
has an API for that, see https://docs.rs/hyper/0.12.7/hyper/server/struct.Builder.html#method.tcp_nodelay. However based on the server example code of hyper-rustls
, I do not get the required hyper::server::Builder<Incoming>
, but a complex type hyper::server::Builder<futures::stream::filter_map::FilterMap<futures::stream::then::Then<futures::stream::and_then::AndThen<tokio_tcp::incoming::Incoming, [closure@webserver/src/lib.rs:328:19: 328:51 serverconfig:_], tokio_rustls::AcceptAsync<tokio_tcp::stream::TcpStream>>, [closure@webserver/src/lib.rs:329:15: 337:10], std::result::Result<std::option::Option<tokio_rustls::TlsStream<tokio_tcp::stream::TcpStream, rustls::server::ServerSession>>, std::io::Error>>, [closure@webserver/src/lib.rs:338:21: 338:26]>>
. How to proceed?
Capturing from #6 (comment):
let people pass in a whole Arcrustls::ClientConfig, then they can do all the file IO and error handling outside TlsClient.
I would like to see such a feature as well. I'm a bit unsure about what is the expected signature here.
I was thinking about some simple with_config(&cfg)
, however hyper-tls seems to have taken a different approach and now has a
fn from(args: (T, TlsConnector)) -> HttpsConnector<T>
@ctz should we have a similar from()
here? Directly taking a ClientSession
(I'm unsure about the hostname in the constructor)?
Is this planned?
The first parts of the new Hyper server API came in v0.11.7, i.e. server::Serve
and Http::serve_connection
.
I wonder how hyper-rustls
fits with this. @P-E-Meunier explained in hyperium/hyper#1326 he is also looking for more control over the socket and transport without lots of complex code. Is somebody able to present an example here of combining hyper-rustls
with the new server API?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.