diff --git a/.worktrees/feat/ops/logging b/.worktrees/feat/ops/logging new file mode 160000 index 0000000..9b4cabc --- /dev/null +++ b/.worktrees/feat/ops/logging @@ -0,0 +1 @@ +Subproject commit 9b4cabc4d6f663627cb6176e2cd3293da711fdae diff --git a/.worktrees/feat/tls/manual-tls b/.worktrees/feat/tls/manual-tls new file mode 160000 index 0000000..dd748b9 --- /dev/null +++ b/.worktrees/feat/tls/manual-tls @@ -0,0 +1 @@ +Subproject commit dd748b973d9a398f584aef2839fd77542fab4dee diff --git a/Cargo.lock b/Cargo.lock index b7f826b..07fd9ce 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -590,12 +590,6 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" -[[package]] -name = "foldhash" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" - [[package]] name = "foreign-types" version = "0.3.2" @@ -757,23 +751,10 @@ checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd" dependencies = [ "cfg-if", "libc", - "r-efi 5.3.0", + "r-efi", "wasip2", ] -[[package]] -name = "getrandom" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555" -dependencies = [ - "cfg-if", - "libc", - "r-efi 6.0.0", - "wasip2", - "wasip3", -] - [[package]] name = "gimli" version = "0.32.3" @@ -799,15 +780,6 @@ dependencies = [ "tracing", ] -[[package]] -name = "hashbrown" -version = "0.15.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1" -dependencies = [ - "foldhash", -] - [[package]] name = "hashbrown" version = "0.17.1" @@ -1055,12 +1027,6 @@ dependencies = [ "zerovec", ] -[[package]] -name = "id-arena" -version = "2.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954" - [[package]] name = "idna" version = "1.1.0" @@ -1089,9 +1055,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d466e9454f08e4a911e14806c24e16fba1b4c121d1ea474396f396069cf949d9" dependencies = [ "equivalent", - "hashbrown 0.17.1", - "serde", - "serde_core", + "hashbrown", ] [[package]] @@ -1139,12 +1103,6 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" -[[package]] -name = "leb128fmt" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" - [[package]] name = "libc" version = "0.2.186" @@ -1469,16 +1427,6 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" -[[package]] -name = "prettyplease" -version = "0.2.37" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" -dependencies = [ - "proc-macro2", - "syn", -] - [[package]] name = "proc-macro2" version = "1.0.106" @@ -1503,12 +1451,6 @@ version = "5.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" -[[package]] -name = "r-efi" -version = "6.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf" - [[package]] name = "rcgen" version = "0.13.2" @@ -1763,12 +1705,6 @@ dependencies = [ "libc", ] -[[package]] -name = "semver" -version = "1.0.28" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a7852d02fc848982e0c167ef163aaff9cd91dc640ba85e263cb1ce46fae51cd" - [[package]] name = "serde" version = "1.0.228" @@ -1983,15 +1919,15 @@ dependencies = [ [[package]] name = "tempfile" -version = "3.27.0" +version = "3.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32497e9a4c7b38532efcdebeef879707aa9f794296a4f0244f6f69e9bc8574bd" +checksum = "e8a64e3985349f2441a1a9ef0b853f869006c3855f2cda6862a94d26ebb9d6a1" dependencies = [ "fastrand", - "getrandom 0.4.2", + "getrandom 0.3.4", "once_cell", "rustix", - "windows-sys 0.61.2", + "windows-sys 0.59.0", ] [[package]] @@ -2303,12 +2239,6 @@ version = "1.0.24" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" -[[package]] -name = "unicode-xid" -version = "0.2.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" - [[package]] name = "untrusted" version = "0.9.0" @@ -2372,16 +2302,7 @@ version = "1.0.3+wasi-0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "20064672db26d7cdc89c7798c48a0fdfac8213434a1186e5ef29fd560ae223d6" dependencies = [ - "wit-bindgen 0.57.1", -] - -[[package]] -name = "wasip3" -version = "0.4.0+wasi-0.3.0-rc-2026-01-06" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5" -dependencies = [ - "wit-bindgen 0.51.0", + "wit-bindgen", ] [[package]] @@ -2439,40 +2360,6 @@ dependencies = [ "unicode-ident", ] -[[package]] -name = "wasm-encoder" -version = "0.244.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319" -dependencies = [ - "leb128fmt", - "wasmparser", -] - -[[package]] -name = "wasm-metadata" -version = "0.244.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909" -dependencies = [ - "anyhow", - "indexmap", - "wasm-encoder", - "wasmparser", -] - -[[package]] -name = "wasmparser" -version = "0.244.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" -dependencies = [ - "bitflags", - "hashbrown 0.15.5", - "indexmap", - "semver", -] - [[package]] name = "web-sys" version = "0.3.100" @@ -2626,6 +2513,15 @@ dependencies = [ "windows-targets", ] +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets", +] + [[package]] name = "windows-sys" version = "0.61.2" @@ -2708,100 +2604,12 @@ dependencies = [ "memchr", ] -[[package]] -name = "wit-bindgen" -version = "0.51.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" -dependencies = [ - "wit-bindgen-rust-macro", -] - [[package]] name = "wit-bindgen" version = "0.57.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1ebf944e87a7c253233ad6766e082e3cd714b5d03812acc24c318f549614536e" -[[package]] -name = "wit-bindgen-core" -version = "0.51.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc" -dependencies = [ - "anyhow", - "heck", - "wit-parser", -] - -[[package]] -name = "wit-bindgen-rust" -version = "0.51.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21" -dependencies = [ - "anyhow", - "heck", - "indexmap", - "prettyplease", - "syn", - "wasm-metadata", - "wit-bindgen-core", - "wit-component", -] - -[[package]] -name = "wit-bindgen-rust-macro" -version = "0.51.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a" -dependencies = [ - "anyhow", - "prettyplease", - "proc-macro2", - "quote", - "syn", - "wit-bindgen-core", - "wit-bindgen-rust", -] - -[[package]] -name = "wit-component" -version = "0.244.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" -dependencies = [ - "anyhow", - "bitflags", - "indexmap", - "log", - "serde", - "serde_derive", - "serde_json", - "wasm-encoder", - "wasm-metadata", - "wasmparser", - "wit-parser", -] - -[[package]] -name = "wit-parser" -version = "0.244.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736" -dependencies = [ - "anyhow", - "id-arena", - "indexmap", - "log", - "semver", - "serde", - "serde_derive", - "serde_json", - "unicode-xid", - "wasmparser", -] - [[package]] name = "writeable" version = "0.6.3" diff --git a/Cargo.toml b/Cargo.toml index 21eb462..8f6ca51 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -36,4 +36,4 @@ futures = "=0.3.31" [dev-dependencies] rcgen = "=0.13" reqwest = { version = "=0.12", features = ["json"] } -tempfile = "=3" +tempfile = "=3.20" diff --git a/src/tls/config.rs b/src/tls/config.rs index 261a066..a6c917e 100644 --- a/src/tls/config.rs +++ b/src/tls/config.rs @@ -34,7 +34,6 @@ pub(crate) fn crypto_provider() -> Arc { }) } -#[allow(dead_code)] pub fn load_certs(path: &str) -> Result>> { let file = File::open(path).with_context(|| format!("failed to open certificate file: {path}"))?; @@ -48,7 +47,6 @@ pub fn load_certs(path: &str) -> Result>> { Ok(certs) } -#[allow(dead_code)] pub fn load_private_key(path: &str) -> Result> { let file = File::open(path).with_context(|| format!("failed to open private key file: {path}"))?; @@ -58,7 +56,6 @@ pub fn load_private_key(path: &str) -> Result> { key.context(format!("no private key found in {path}")) } -#[allow(dead_code)] pub fn build_manual_server_config(cert_path: &str, key_path: &str) -> Result { let certs = load_certs(cert_path)?; let key = load_private_key(key_path)?; @@ -74,7 +71,6 @@ pub fn build_manual_server_config(cert_path: &str, key_path: &str) -> Result>, PrivateKeyDer<'static>)>, ) -> Result { @@ -203,35 +199,46 @@ mod tests { #[test] fn test_cipher_suite_restriction() { let provider = crypto_provider(); + assert_eq!(provider.cipher_suites.len(), 7); + let cipher_suites: Vec = provider .cipher_suites .iter() - .map(|cs| format!("{:?}", cs)) + .map(|cs| format!("{cs:?}")) .collect(); - assert!(cipher_suites - .iter() - .any(|cs| cs.contains("AES_256_GCM_SHA384"))); - assert!(cipher_suites - .iter() - .any(|cs| cs.contains("AES_128_GCM_SHA256"))); - assert!(cipher_suites - .iter() - .any(|cs| cs.contains("CHACHA20_POLY1305_SHA256"))); - assert!(cipher_suites - .iter() - .any(|cs| cs.contains("ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"))); - assert!(cipher_suites - .iter() - .any(|cs| cs.contains("ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"))); - assert!(cipher_suites - .iter() - .any(|cs| cs.contains("ECDHE_RSA_WITH_AES_256_GCM_SHA384"))); - assert!(cipher_suites - .iter() - .any(|cs| cs.contains("ECDHE_RSA_WITH_AES_128_GCM_SHA256"))); + assert!(cipher_suites.iter().any(|cs| cs.contains("AES_256_GCM_SHA384"))); + assert!(cipher_suites.iter().any(|cs| cs.contains("AES_128_GCM_SHA256"))); + assert!(cipher_suites.iter().any(|cs| cs.contains("CHACHA20_POLY1305_SHA256"))); + assert!(cipher_suites.iter().any(|cs| cs.contains("ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"))); + assert!(cipher_suites.iter().any(|cs| cs.contains("ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"))); + assert!(cipher_suites.iter().any(|cs| cs.contains("ECDHE_RSA_WITH_AES_256_GCM_SHA384"))); + assert!(cipher_suites.iter().any(|cs| cs.contains("ECDHE_RSA_WITH_AES_128_GCM_SHA256"))); + } - assert_eq!(provider.cipher_suites.len(), 7); + #[test] + fn test_no_chacha20_for_tls12() { + let provider = crypto_provider(); + let tls12_chacha = provider.cipher_suites.iter().any(|cs| { + let dbg = format!("{cs:?}"); + dbg.contains("ECDHE") && dbg.contains("CHACHA20") + }); + assert!( + !tls12_chacha, + "TLS 1.2 ChaCha20 suites should not be present" + ); + } + + #[test] + fn test_protocol_versions_configured() { + let (certs, key) = generate_test_cert("test.example.com"); + let provider = crypto_provider(); + let _config = ServerConfig::builder_with_provider(provider) + .with_protocol_versions(&[&TLS12, &TLS13]) + .unwrap() + .with_no_client_auth() + .with_single_cert(certs, key) + .unwrap(); } #[test] @@ -266,7 +273,8 @@ mod tests { let mut resolver = SniCertResolver::new(); resolver.add("Example.COM", Arc::new(certified_key)); - assert!(resolver.entries.get("example.com").is_some()); + assert!(resolver.entries.contains_key("example.com")); + assert!(!resolver.entries.contains_key("Example.COM")); } #[test] @@ -302,4 +310,4 @@ mod tests { let result = load_private_key("/nonexistent/path/key.pem"); assert!(result.is_err()); } -} +} \ No newline at end of file