sergiobenitez / hyper-sync-rustls Goto Github PK
View Code? Open in Web Editor NEWThis project forked from rustls/hyper-rustls
Like hyper-rustls, but for synchronous hyper.
License: Other
This project forked from rustls/hyper-rustls
Like hyper-rustls, but for synchronous hyper.
License: Other
I'm seeing odd behavior in Click for some servers. I've traced it down a bit, and can reproduce it, but it's a bit hard to give a full repro here since there's some private information. However, here's what I do know:
Io(Os { code: 104, kind: ConnectionReset, message: "Connection reset by peer" })
tls.set_single_client_cert(..)
is usedI've modified the example clients from the two crates to support adding the client key/cert, and added a second get call, to reproduce it locally. Here's some logs from that.
First from hyper-sync-rustl:
$ RUST_LOG=debug cargo run --example client "https://[server]/[path] ca.cert client.cert client.key
[2020-02-13T22:33:35Z DEBUG rustls::anchors] add_pem_file processed 4 valid and 0 invalid certs
[2020-02-13T22:33:35Z DEBUG hyper::net] http scheme
[2020-02-13T22:33:35Z DEBUG hyper::net] https scheme
[2020-02-13T22:33:35Z DEBUG rustls::client::hs] No cached session for DNSNameRef("[server]")
[2020-02-13T22:33:35Z DEBUG rustls::client::hs] Not resuming any session
[2020-02-13T22:33:35Z DEBUG hyper::http::h1] request line: Get "/[path]" Http11
[2020-02-13T22:33:35Z DEBUG hyper::http::h1] headers=Headers { Host: [server]
, }
[2020-02-13T22:33:35Z DEBUG rustls::client::hs] Using ciphersuite TLS13_AES_128_GCM_SHA256
[2020-02-13T22:33:35Z DEBUG rustls::client::tls13] Not resuming
[2020-02-13T22:33:35Z DEBUG rustls::client::tls13] TLS1.3 encrypted extensions: []
[2020-02-13T22:33:35Z DEBUG rustls::client::hs] ALPN protocol is None
[2020-02-13T22:33:35Z DEBUG rustls::client::tls13] Got CertificateRequest CertificateRequestPayloadTLS13 { context: PayloadU8([]), extensions: [Unknown(UnknownExtension { typ: StatusRequest, payload: Payload([]) }), Unknown(UnknownExtension { typ: SCT, payload: Payload([]) }), SignatureAlgorithms([RSA_PSS_SHA256, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA384, RSA_PSS_SHA512, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, ECDSA_NISTP384_SHA384, ECDSA_NISTP521_SHA512, RSA_PKCS1_SHA1, ECDSA_SHA1_Legacy]), AuthorityNames([PayloadU16([SNIP])])] }
[2020-02-13T22:33:35Z DEBUG rustls::client::tls13] Attempting client auth
[2020-02-13T22:33:35Z DEBUG rustls::client::tls13] Server cert is [Certificate([SNIP])]
[2020-02-13T22:33:35Z DEBUG rustls::client::tls13] Ticket saved
[2020-02-13T22:33:35Z DEBUG hyper::client::response] version=Http11, status=Forbidden
[2020-02-13T22:33:35Z DEBUG hyper::client::response] headers=Headers { Audit-Id: [snip]
, Cache-Control: no-cache, private
, Content-Type: application/json
, X-Content-Type-Options: nosniff
, Date: Thu, 13 Feb 2020 22:33:35 GMT
, Content-Length: 264
, }
Response: 403 Forbidden
Headers:
Audit-Id: [snip]
Cache-Control: no-cache, private
Content-Type: application/json
X-Content-Type-Options: nosniff
Date: Thu, 13 Feb 2020 22:33:35 GMT
Content-Length: 264
[THE BODY]
Sending second request
[2020-02-13T22:33:35Z DEBUG hyper::net] http scheme
[2020-02-13T22:33:35Z DEBUG hyper::net] https scheme
[2020-02-13T22:33:35Z DEBUG rustls::client::hs] Resuming session
[2020-02-13T22:33:35Z DEBUG hyper::http::h1] request line: Get "/[path]" Http11
[2020-02-13T22:33:35Z DEBUG hyper::http::h1] headers=Headers { Host: [server]
, }
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Io(Os { code: 104, kind: ConnectionReset, message: "Connection reset by peer" })', src/libcore/result.rs:1188:5
and then for hyper-rustls:
$ RUST_LOG=debug cargo run --example client "https://[server]/[path] ca.cert client.cert client.key
[2020-02-13T22:44:12Z DEBUG rustls::anchors] add_pem_file processed 4 valid and 0 invalid certs
[2020-02-13T22:44:12Z DEBUG hyper::client::connect::dns] resolving host="[server]"
[2020-02-13T22:44:12Z DEBUG hyper::client::connect::http] connecting to [ip]:443
[2020-02-13T22:44:12Z DEBUG hyper::client::connect::http] connected to [ip]:443
[2020-02-13T22:44:12Z DEBUG rustls::client::hs] No cached session for DNSNameRef("[server]")
[2020-02-13T22:44:12Z DEBUG rustls::client::hs] Not resuming any session
[2020-02-13T22:44:12Z DEBUG rustls::client::hs] Using ciphersuite TLS13_AES_128_GCM_SHA256
[2020-02-13T22:44:12Z DEBUG rustls::client::tls13] Not resuming
[2020-02-13T22:44:12Z DEBUG rustls::client::tls13] TLS1.3 encrypted extensions: []
[2020-02-13T22:44:12Z DEBUG rustls::client::hs] ALPN protocol is None
[2020-02-13T22:44:12Z DEBUG rustls::client::tls13] Got CertificateRequest CertificateRequestPayloadTLS13 { context: PayloadU8([]), extensions: [Unknown(UnknownExtension { typ: StatusRequest, payload: Payload([]) }), Unknown(UnknownExtension { typ: SCT, payload: Payload([]) }), SignatureAlgorithms([RSA_PSS_SHA256, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA384, RSA_PSS_SHA512, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, ECDSA_NISTP384_SHA384, ECDSA_NISTP521_SHA512, RSA_PKCS1_SHA1, ECDSA_SHA1_Legacy]), AuthorityNames([SNIP])] }
[2020-02-13T22:44:12Z DEBUG rustls::client::tls13] Attempting client auth
[2020-02-13T22:44:12Z DEBUG rustls::client::tls13] Server cert is [Certificate([SNiP)]
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::io] flushed 98 bytes
[2020-02-13T22:44:12Z DEBUG rustls::client::tls13] Ticket saved
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::io] read 495 bytes
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::io] parsed 6 headers
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::conn] incoming body is content-length (264 bytes)
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::conn] incoming body completed
[2020-02-13T22:44:12Z DEBUG hyper::client::pool] pooling idle connection for ("https", [server])
Status:
403 Forbidden
Headers:
{
"audit-id": "[snip]",
"cache-control": "no-cache, private",
"content-type": "application/json",
"x-content-type-options": "nosniff",
"date": "Thu, 13 Feb 2020 22:44:12 GMT",
"content-length": "264",
}
Body:
[THE BODY]
Sending second request
[2020-02-13T22:44:12Z DEBUG hyper::client::pool] reuse idle connection for ("https", [server])
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::io] flushed 98 bytes
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::io] read 495 bytes
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::io] parsed 6 headers
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::conn] incoming body is content-length (264 bytes)
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::conn] incoming body completed
[2020-02-13T22:44:12Z DEBUG hyper::client::pool] pooling idle connection for ("https", [server])
Status2:
403 Forbidden
Headers2:
{
"audit-id": "[snip]",
"cache-control": "no-cache, private",
"content-type": "application/json",
"x-content-type-options": "nosniff",
"date": "Thu, 13 Feb 2020 22:44:12 GMT",
"content-length": "264",
}
Body2:
[THE BODY]
I realize there's a lot of moving parts here, but if you have any ideas I'd love to help track this down. Thanks!
I was looking for a way to get rid of the openSSL dependency, so this crate looks really promising. I've migrated my code from hyper-native-tls and found a weird performance issue, HTTPS requests taking too long, but only under Linux.
Here is a simple code to replicate the problem:
main.rs
#[macro_use]
extern crate log;
extern crate simple_logger;
extern crate hyper;
extern crate hyper_sync_rustls;
use hyper::Client;
use hyper::net::HttpsConnector;
use hyper_sync_rustls::TlsClient;
fn main() {
simple_logger::init().unwrap();
let client = Client::with_connector(HttpsConnector::new(TlsClient::new()));
info!("Start");
client
.get("https://dev.endticket.com/api/healthcheck")
.send()
.unwrap();
info!("Done");
}
Cargo.toml
[package]
name = "test_bin"
version = "0.1.0"
authors = ["Juhasz Sandor <[email protected]>"]
[dependencies]
log = "0.3.8"
simple_logger = "0.4.0"
hyper = "0.10"
hyper-sync-rustls = "0.1.0"
On Ubuntu Zesty (running in Vagrant on Windows) the request takes 15 seconds. Running the same code on Windows, the request takes <1 seconds.
I attached both logs, note the ~15 seconds holdup between these two lines:
2017-07-16 12:47:52 DEBUG [hyper::net] http scheme
2017-07-16 12:48:07 DEBUG [hyper::net] https scheme
Same lines under windows:
2017-07-16 14:50:21 DEBUG [hyper::net] http scheme
2017-07-16 14:50:21 DEBUG [hyper::net] https scheme
What could be the reason for this? What do you think, could this be an issue in Hyper or in Rustls? Where else should I report this?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.