mirror of
https://github.com/warp-tech/warpgate.git
synced 2024-09-20 06:46:17 +08:00
use rustls-native-certs for mysql
This commit is contained in:
parent
38bf63e278
commit
6e4835739c
16
Cargo.lock
generated
16
Cargo.lock
generated
|
@ -2246,9 +2246,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "once_cell"
|
||||
version = "1.10.0"
|
||||
version = "1.13.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "87f3e037eac156d1775da914196f0f37741a274155e34a0b7e427c35d2a2ecb9"
|
||||
checksum = "18a6dbe30758c9f83eb00cbea4ac95966305f5a7772f3f42ebfc7fc7eddbd8e1"
|
||||
|
||||
[[package]]
|
||||
name = "opaque-debug"
|
||||
|
@ -4503,9 +4503,11 @@ dependencies = [
|
|||
"bytes",
|
||||
"delegate",
|
||||
"mysql_common",
|
||||
"once_cell",
|
||||
"password-hash 0.2.3",
|
||||
"rand",
|
||||
"rustls",
|
||||
"rustls-native-certs",
|
||||
"rustls-pemfile",
|
||||
"sha1",
|
||||
"thiserror",
|
||||
|
@ -4518,7 +4520,6 @@ dependencies = [
|
|||
"warpgate-database-protocols",
|
||||
"warpgate-db-entities",
|
||||
"webpki",
|
||||
"webpki-roots",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
@ -4653,15 +4654,6 @@ dependencies = [
|
|||
"untrusted",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "webpki-roots"
|
||||
version = "0.22.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f1c760f0d366a6c24a02ed7816e23e691f5d92291f94d15e836006fd11b04daf"
|
||||
dependencies = [
|
||||
"webpki",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wepoll-ffi"
|
||||
version = "0.1.2"
|
||||
|
|
|
@ -106,22 +106,17 @@ pub struct TargetHTTPOptions {
|
|||
pub headers: Option<HashMap<String, String>>,
|
||||
}
|
||||
|
||||
#[derive(Debug, Deserialize, Serialize, Clone, Enum, PartialEq, Eq)]
|
||||
#[derive(Debug, Deserialize, Serialize, Clone, Enum, PartialEq, Eq, Default)]
|
||||
pub enum TlsMode {
|
||||
#[serde(rename = "disabled")]
|
||||
Disabled,
|
||||
#[serde(rename = "preferred")]
|
||||
#[default]
|
||||
Preferred,
|
||||
#[serde(rename = "required")]
|
||||
Required,
|
||||
}
|
||||
|
||||
impl Default for TlsMode {
|
||||
fn default() -> Self {
|
||||
TlsMode::Preferred
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Deserialize, Serialize, Clone, Object)]
|
||||
pub struct Tls {
|
||||
#[serde(default)]
|
||||
|
|
|
@ -25,4 +25,5 @@ rustls-pemfile = "1.0"
|
|||
tokio-rustls = "0.23"
|
||||
thiserror = "1.0"
|
||||
webpki = "0.22"
|
||||
webpki-roots = "0.22"
|
||||
once_cell = "1.13"
|
||||
rustls-native-certs = "0.6"
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
mod maybe_tls_stream;
|
||||
mod rustls_helpers;
|
||||
mod rustls_root_certs;
|
||||
|
||||
pub use maybe_tls_stream::{MaybeTlsStream, MaybeTlsStreamError, UpgradableStream};
|
||||
pub use rustls_helpers::{configure_tls_connector, FromCertificateAndKey, RustlsSetupError};
|
||||
pub use rustls_root_certs::ROOT_CERT_STORE;
|
||||
|
|
|
@ -6,10 +6,12 @@ use rustls::client::{ServerCertVerified, ServerCertVerifier, WebPkiVerifier};
|
|||
use rustls::server::{ClientHello, NoClientAuth, ResolvesServerCert};
|
||||
use rustls::sign::CertifiedKey;
|
||||
use rustls::{
|
||||
Certificate, ClientConfig, Error as TlsError, OwnedTrustAnchor, PrivateKey, RootCertStore,
|
||||
Certificate, ClientConfig, Error as TlsError, PrivateKey,
|
||||
ServerConfig, ServerName,
|
||||
};
|
||||
|
||||
use super::ROOT_CERT_STORE;
|
||||
|
||||
#[derive(thiserror::Error, Debug)]
|
||||
pub enum RustlsSetupError {
|
||||
#[error("rustls")]
|
||||
|
@ -92,14 +94,7 @@ pub async fn configure_tls_connector(
|
|||
.with_custom_certificate_verifier(Arc::new(DummyTlsVerifier))
|
||||
.with_no_client_auth()
|
||||
} else {
|
||||
let mut cert_store = RootCertStore::empty();
|
||||
cert_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
|
||||
OwnedTrustAnchor::from_subject_spki_name_constraints(
|
||||
ta.subject,
|
||||
ta.spki,
|
||||
ta.name_constraints,
|
||||
)
|
||||
}));
|
||||
let mut cert_store = ROOT_CERT_STORE.clone();
|
||||
|
||||
if let Some(data) = root_cert {
|
||||
let mut cursor = Cursor::new(data);
|
||||
|
|
10
warpgate-protocol-mysql/src/tls/rustls_root_certs.rs
Normal file
10
warpgate-protocol-mysql/src/tls/rustls_root_certs.rs
Normal file
|
@ -0,0 +1,10 @@
|
|||
use once_cell::sync::Lazy;
|
||||
use rustls::RootCertStore;
|
||||
|
||||
pub static ROOT_CERT_STORE: Lazy<RootCertStore> = Lazy::new(|| {
|
||||
let mut roots = RootCertStore::empty();
|
||||
for cert in rustls_native_certs::load_native_certs().expect("could not load root TLS certificates") {
|
||||
roots.add(&rustls::Certificate(cert.0)).unwrap();
|
||||
}
|
||||
return roots;
|
||||
});
|
Loading…
Reference in a new issue