Back to rustls
parent
3aa8364f47
commit
56add49645
|
@ -1 +1,3 @@
|
||||||
/target
|
/target
|
||||||
|
keylog
|
||||||
|
wireshark_log
|
|
@ -365,6 +365,7 @@ version = "0.1.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"anyhow",
|
"anyhow",
|
||||||
"native-tls",
|
"native-tls",
|
||||||
|
"rustls 0.20.2",
|
||||||
"trust-dns-resolver",
|
"trust-dns-resolver",
|
||||||
"uuid",
|
"uuid",
|
||||||
"webpki-roots 0.22.2",
|
"webpki-roots 0.22.2",
|
||||||
|
@ -411,9 +412,9 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "openssl-probe"
|
name = "openssl-probe"
|
||||||
version = "0.1.4"
|
version = "0.1.5"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "28988d872ab76095a6e6ac88d99b54fd267702734fd7ffe610ca27f533ddb95a"
|
checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "openssl-sys"
|
name = "openssl-sys"
|
||||||
|
@ -599,10 +600,22 @@ dependencies = [
|
||||||
"base64",
|
"base64",
|
||||||
"log",
|
"log",
|
||||||
"ring",
|
"ring",
|
||||||
"sct",
|
"sct 0.6.1",
|
||||||
"webpki 0.21.4",
|
"webpki 0.21.4",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "rustls"
|
||||||
|
version = "0.20.2"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "d37e5e2290f3e040b594b1a9e04377c2c671f1a1cfd9bfdef82106ac1c113f84"
|
||||||
|
dependencies = [
|
||||||
|
"log",
|
||||||
|
"ring",
|
||||||
|
"sct 0.7.0",
|
||||||
|
"webpki 0.22.0",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "schannel"
|
name = "schannel"
|
||||||
version = "0.1.19"
|
version = "0.1.19"
|
||||||
|
@ -629,6 +642,16 @@ dependencies = [
|
||||||
"untrusted",
|
"untrusted",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "sct"
|
||||||
|
version = "0.7.0"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
|
||||||
|
dependencies = [
|
||||||
|
"ring",
|
||||||
|
"untrusted",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "security-framework"
|
name = "security-framework"
|
||||||
version = "2.4.2"
|
version = "2.4.2"
|
||||||
|
@ -762,7 +785,7 @@ version = "0.22.0"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "bc6844de72e57df1980054b38be3a9f4702aba4858be64dd700181a8a6d0e1b6"
|
checksum = "bc6844de72e57df1980054b38be3a9f4702aba4858be64dd700181a8a6d0e1b6"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"rustls",
|
"rustls 0.19.1",
|
||||||
"tokio",
|
"tokio",
|
||||||
"webpki 0.21.4",
|
"webpki 0.21.4",
|
||||||
]
|
]
|
||||||
|
@ -806,7 +829,7 @@ dependencies = [
|
||||||
"lru-cache",
|
"lru-cache",
|
||||||
"parking_lot",
|
"parking_lot",
|
||||||
"resolv-conf",
|
"resolv-conf",
|
||||||
"rustls",
|
"rustls 0.19.1",
|
||||||
"smallvec",
|
"smallvec",
|
||||||
"thiserror",
|
"thiserror",
|
||||||
"tokio",
|
"tokio",
|
||||||
|
@ -826,7 +849,7 @@ dependencies = [
|
||||||
"futures-io",
|
"futures-io",
|
||||||
"futures-util",
|
"futures-util",
|
||||||
"log",
|
"log",
|
||||||
"rustls",
|
"rustls 0.19.1",
|
||||||
"tokio",
|
"tokio",
|
||||||
"tokio-rustls",
|
"tokio-rustls",
|
||||||
"trust-dns-proto",
|
"trust-dns-proto",
|
||||||
|
|
|
@ -8,7 +8,7 @@ edition = "2021"
|
||||||
[dependencies]
|
[dependencies]
|
||||||
anyhow = "1.0.52"
|
anyhow = "1.0.52"
|
||||||
native-tls = "0.2.8"
|
native-tls = "0.2.8"
|
||||||
#rustls = "0.20.2"
|
rustls = { version = "0.20.2", features = ["dangerous_configuration"] }
|
||||||
trust-dns-resolver = { version = "0.20.3", features = ["dns-over-rustls"] }
|
trust-dns-resolver = { version = "0.20.3", features = ["dns-over-rustls"] }
|
||||||
uuid = { version = "0.8.2", features = ["v4"] }
|
uuid = { version = "0.8.2", features = ["v4"] }
|
||||||
webpki-roots = "0.22.2"
|
webpki-roots = "0.22.2"
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
```powershell
|
||||||
|
$Env:SSLKEYLOGFILE="keylog"
|
||||||
|
cargo run
|
||||||
|
```
|
||||||
|
|
||||||
|
`tls.record.content_type == 23 && tcp.port == 12345` in wireshark
|
||||||
|
|
||||||
|
point `Preferences > Prototcols > TLS > (Pre)-Master log filename` to KEYLOG
|
132
src/main.rs
132
src/main.rs
|
@ -1,13 +1,16 @@
|
||||||
use std::{
|
use std::{
|
||||||
io::{Read, Write},
|
io::{Read, Write},
|
||||||
net::TcpStream,
|
net::TcpStream,
|
||||||
str::FromStr,
|
|
||||||
sync::Arc,
|
sync::Arc,
|
||||||
};
|
};
|
||||||
|
|
||||||
use anyhow::{bail, Context, Result};
|
use anyhow::{Context, Result};
|
||||||
use native_tls::{TlsConnector, TlsConnectorBuilder};
|
// use native_tls::TlsConnector;
|
||||||
// use rustls::{ClientConfig, ClientConnection, OwnedTrustAnchor, RootCertStore, StreamOwned};
|
// use native_tls::TlsConnector;
|
||||||
|
use rustls::{
|
||||||
|
client::{ServerCertVerified, ServerCertVerifier},
|
||||||
|
ClientConfig, ClientConnection, KeyLogFile, OwnedTrustAnchor, RootCertStore, StreamOwned,
|
||||||
|
};
|
||||||
use trust_dns_resolver::{
|
use trust_dns_resolver::{
|
||||||
config::{ResolverConfig, ResolverOpts},
|
config::{ResolverConfig, ResolverOpts},
|
||||||
Resolver,
|
Resolver,
|
||||||
|
@ -16,27 +19,32 @@ use uuid::Uuid;
|
||||||
|
|
||||||
fn main() -> Result<()> {
|
fn main() -> Result<()> {
|
||||||
let (port, host) = resolve_dns("daeken.dev")?;
|
let (port, host) = resolve_dns("daeken.dev")?;
|
||||||
|
let port = 12345;
|
||||||
|
let host = "localhost";
|
||||||
|
|
||||||
dbg!(&port);
|
dbg!(&port);
|
||||||
dbg!(&host);
|
dbg!(&host);
|
||||||
|
|
||||||
// let tls_conf = Arc::new(make_tls_config());
|
let tls_conf = Arc::new(make_tls_config());
|
||||||
let mut tls_conn = make_tls_connection(&host, port)
|
let mut tls_conn = make_tls_connection(tls_conf, &host, port)
|
||||||
.with_context(|| format!("Can't connect to {}:{}", host, port))?;
|
.with_context(|| format!("Can't connect to {}:{}", host, port))?;
|
||||||
|
|
||||||
// let uuid =// Uuid::new_v4();
|
let uuid = Uuid::new_v4();
|
||||||
|
|
||||||
let uuid = [b'a'; 16];
|
|
||||||
dbg!(&uuid);
|
dbg!(&uuid);
|
||||||
tls_conn.write_all(&uuid).context("Can't write UUID")?;
|
tls_conn
|
||||||
|
.write_all(uuid.as_bytes())
|
||||||
|
.context("Can't write UUID")?;
|
||||||
|
|
||||||
let mut serv_uuid = [0; 16];
|
let mut serv_uuid = [0; 16];
|
||||||
tls_conn.read_exact(&mut serv_uuid)?;
|
tls_conn.read_exact(&mut serv_uuid)?;
|
||||||
|
let serv_uuid = Uuid::from_bytes(serv_uuid);
|
||||||
dbg!(serv_uuid);
|
dbg!(serv_uuid);
|
||||||
|
|
||||||
// Hangs ATM
|
// Hangs ATM
|
||||||
let mut new = [0; 100];
|
let mut new = [0; 100];
|
||||||
|
tls_conn.write_all(&new)?;
|
||||||
let len = tls_conn.read(&mut new)?;
|
let len = tls_conn.read(&mut new)?;
|
||||||
|
|
||||||
dbg!(&new[..len]);
|
dbg!(&new[..len]);
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
|
@ -69,57 +77,81 @@ fn make_dns_client() -> Result<Resolver> {
|
||||||
)?)
|
)?)
|
||||||
}
|
}
|
||||||
|
|
||||||
// fn make_tls_config() -> ClientConfig {
|
fn make_tls_config() -> ClientConfig {
|
||||||
// let mut root_store = RootCertStore::empty();
|
let mut root_store = RootCertStore::empty();
|
||||||
// root_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
|
root_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
|
||||||
// OwnedTrustAnchor::from_subject_spki_name_constraints(
|
OwnedTrustAnchor::from_subject_spki_name_constraints(
|
||||||
// ta.subject,
|
ta.subject,
|
||||||
// ta.spki,
|
ta.spki,
|
||||||
// ta.name_constraints,
|
ta.name_constraints,
|
||||||
// )
|
)
|
||||||
// }));
|
}));
|
||||||
|
|
||||||
// let cert_dir = include_bytes!("../cert.der");
|
// let cert_dir = include_bytes!("../cert.der");
|
||||||
|
|
||||||
// assert_eq!(
|
// assert_eq!(
|
||||||
// root_store.add_parsable_certificates(&[cert_dir.to_vec()]),
|
// root_store.add_parsable_certificates(&[cert_dir.to_vec()]),
|
||||||
// (1, 0)
|
// (1, 0)
|
||||||
// );
|
// );
|
||||||
|
|
||||||
// let config = rustls::ClientConfig::builder()
|
let mut config = rustls::ClientConfig::builder()
|
||||||
// .with_safe_defaults()
|
.with_safe_defaults()
|
||||||
// .with_root_certificates(root_store)
|
.with_root_certificates(root_store)
|
||||||
// .with_no_client_auth();
|
.with_no_client_auth();
|
||||||
|
|
||||||
// config
|
struct DontValidate;
|
||||||
// }
|
|
||||||
|
impl ServerCertVerifier for DontValidate {
|
||||||
|
fn verify_server_cert(
|
||||||
|
&self,
|
||||||
|
_: &rustls::Certificate,
|
||||||
|
_: &[rustls::Certificate],
|
||||||
|
_: &rustls::ServerName,
|
||||||
|
_: &mut dyn Iterator<Item = &[u8]>,
|
||||||
|
_: &[u8],
|
||||||
|
_: std::time::SystemTime,
|
||||||
|
) -> Result<rustls::client::ServerCertVerified, rustls::Error> {
|
||||||
|
Ok(ServerCertVerified::assertion())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
config
|
||||||
|
.dangerous()
|
||||||
|
.set_certificate_verifier(Arc::new(DontValidate));
|
||||||
|
|
||||||
|
config.key_log = Arc::new(KeyLogFile::new());
|
||||||
|
|
||||||
|
config
|
||||||
|
}
|
||||||
|
|
||||||
|
fn make_tls_connection(
|
||||||
|
config: Arc<ClientConfig>,
|
||||||
|
server: &str,
|
||||||
|
port: u16,
|
||||||
|
) -> Result<impl Read + Write> {
|
||||||
|
let server_name = server
|
||||||
|
.try_into()
|
||||||
|
.with_context(|| format!("Invalid server name: `{}`", server))?;
|
||||||
|
|
||||||
|
let conn = ClientConnection::new(config, server_name)?;
|
||||||
|
let sock = TcpStream::connect((server, port))?;
|
||||||
|
|
||||||
|
let stream = StreamOwned::new(conn, sock);
|
||||||
|
|
||||||
|
Ok(stream)
|
||||||
|
}
|
||||||
|
|
||||||
// fn make_tls_connection(
|
// fn make_tls_connection(
|
||||||
// config: Arc<ClientConfig>,
|
// config: Arc<ClientConfig>,
|
||||||
// server: &str,
|
// server: &str,
|
||||||
// port: u16,
|
// port: u16,
|
||||||
// ) -> Result<impl Read + Write> {
|
// ) -> Result<impl Read + Write> {
|
||||||
// let server_name = server.try_into()?;
|
// let connector = TlsConnector::builder()
|
||||||
|
// .danger_accept_invalid_certs(true)
|
||||||
|
// .build()?;
|
||||||
|
|
||||||
// let conn = ClientConnection::new(config, server_name)?;
|
|
||||||
// let sock = TcpStream::connect((server, port))?;
|
// let sock = TcpStream::connect((server, port))?;
|
||||||
|
// let conn = connector.connect(server, sock)?;
|
||||||
|
|
||||||
// let stream = StreamOwned::new(conn, sock);
|
// Ok(conn)
|
||||||
|
|
||||||
// Ok(stream)
|
|
||||||
// }
|
// }
|
||||||
|
|
||||||
fn make_tls_connection(
|
|
||||||
// config: Arc<ClientConfig>,
|
|
||||||
server: &str,
|
|
||||||
port: u16,
|
|
||||||
) -> Result<impl Read + Write> {
|
|
||||||
let connector = TlsConnector::builder()
|
|
||||||
.danger_accept_invalid_certs(true)
|
|
||||||
.build()?;
|
|
||||||
|
|
||||||
let sock = TcpStream::connect((server, port))?;
|
|
||||||
let conn = connector.connect(server, sock)?;
|
|
||||||
|
|
||||||
Ok(conn)
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in New Issue