Modify: optimal
This commit is contained in:
parent
dbfc557cc5
commit
83d20abd80
@ -41,9 +41,9 @@ enum Level {
|
|||||||
Trace,
|
Trace,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Level {
|
impl From<Level> for log::LevelFilter {
|
||||||
fn to_level_filter(&self) -> log::LevelFilter {
|
fn from(level: Level) -> log::LevelFilter {
|
||||||
match self {
|
match level {
|
||||||
Level::Off => log::LevelFilter::Off,
|
Level::Off => log::LevelFilter::Off,
|
||||||
Level::Error => log::LevelFilter::Error,
|
Level::Error => log::LevelFilter::Error,
|
||||||
Level::Warn => log::LevelFilter::Warn,
|
Level::Warn => log::LevelFilter::Warn,
|
||||||
@ -54,6 +54,19 @@ impl Level {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// impl Level {
|
||||||
|
// fn to_level_filter(self) -> log::LevelFilter {
|
||||||
|
// match self {
|
||||||
|
// Level::Off => log::LevelFilter::Off,
|
||||||
|
// Level::Error => log::LevelFilter::Error,
|
||||||
|
// Level::Warn => log::LevelFilter::Warn,
|
||||||
|
// Level::Info => log::LevelFilter::Info,
|
||||||
|
// Level::Debug => log::LevelFilter::Debug,
|
||||||
|
// Level::Trace => log::LevelFilter::Trace,
|
||||||
|
// }
|
||||||
|
// }
|
||||||
|
// }
|
||||||
|
|
||||||
// 모든 인증서를 신뢰하는 인증서 검증기 (모든 인증서 PASS)
|
// 모든 인증서를 신뢰하는 인증서 검증기 (모든 인증서 PASS)
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
struct NoCertificateVerification;
|
struct NoCertificateVerification;
|
||||||
@ -85,7 +98,7 @@ impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
|
|||||||
_: &[u8],
|
_: &[u8],
|
||||||
_: rustls::pki_types::UnixTime,
|
_: rustls::pki_types::UnixTime,
|
||||||
) -> Result<rustls::client::danger::ServerCertVerified, rustls::Error> {
|
) -> Result<rustls::client::danger::ServerCertVerified, rustls::Error> {
|
||||||
let ret_deserial = X509Certificate::from_der(&end_entity.iter().as_slice());
|
let ret_deserial = X509Certificate::from_der(end_entity.iter().as_slice());
|
||||||
let x509 = match ret_deserial {
|
let x509 = match ret_deserial {
|
||||||
Ok((_, x509)) => x509,
|
Ok((_, x509)) => x509,
|
||||||
_ => panic!("wtf"),
|
_ => panic!("wtf"),
|
||||||
@ -105,7 +118,7 @@ impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
|
|||||||
|
|
||||||
// end_entity
|
// end_entity
|
||||||
for (idx, ica) in intermediates.iter().enumerate() {
|
for (idx, ica) in intermediates.iter().enumerate() {
|
||||||
let ret_deserial = X509Certificate::from_der(&ica.iter().as_slice());
|
let ret_deserial = X509Certificate::from_der(ica.iter().as_slice());
|
||||||
let x509 = match ret_deserial {
|
let x509 = match ret_deserial {
|
||||||
Ok((_, x509)) => x509,
|
Ok((_, x509)) => x509,
|
||||||
_ => continue,
|
_ => continue,
|
||||||
@ -114,12 +127,8 @@ impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
|
|||||||
.subject()
|
.subject()
|
||||||
.iter_common_name()
|
.iter_common_name()
|
||||||
.next()
|
.next()
|
||||||
.and_then(|cn| cn.as_str().ok());
|
.and_then(|cn| cn.as_str().ok())
|
||||||
let cn = match cn {
|
.unwrap_or_default();
|
||||||
Some(name) => name,
|
|
||||||
_ => "",
|
|
||||||
};
|
|
||||||
|
|
||||||
info!("[{idx}] CN: {}, CA: {}", cn, x509.is_ca());
|
info!("[{idx}] CN: {}, CA: {}", cn, x509.is_ca());
|
||||||
}
|
}
|
||||||
info!("verify cert done");
|
info!("verify cert done");
|
||||||
@ -127,31 +136,25 @@ impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
|
|||||||
}
|
}
|
||||||
|
|
||||||
fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
|
fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
|
||||||
let mut ss = Vec::<rustls::SignatureScheme>::new();
|
vec![
|
||||||
ss.push(rustls::SignatureScheme::RSA_PKCS1_SHA1);
|
rustls::SignatureScheme::RSA_PKCS1_SHA1,
|
||||||
ss.push(rustls::SignatureScheme::ECDSA_SHA1_Legacy);
|
rustls::SignatureScheme::ECDSA_SHA1_Legacy,
|
||||||
ss.push(rustls::SignatureScheme::RSA_PKCS1_SHA256);
|
rustls::SignatureScheme::RSA_PKCS1_SHA256,
|
||||||
ss.push(rustls::SignatureScheme::ECDSA_NISTP256_SHA256);
|
rustls::SignatureScheme::ECDSA_NISTP256_SHA256,
|
||||||
ss.push(rustls::SignatureScheme::RSA_PKCS1_SHA384);
|
rustls::SignatureScheme::RSA_PKCS1_SHA384,
|
||||||
ss.push(rustls::SignatureScheme::ECDSA_NISTP384_SHA384);
|
rustls::SignatureScheme::ECDSA_NISTP384_SHA384,
|
||||||
ss.push(rustls::SignatureScheme::RSA_PKCS1_SHA512);
|
rustls::SignatureScheme::RSA_PKCS1_SHA512,
|
||||||
ss.push(rustls::SignatureScheme::ECDSA_NISTP521_SHA512);
|
rustls::SignatureScheme::ECDSA_NISTP521_SHA512,
|
||||||
ss.push(rustls::SignatureScheme::RSA_PSS_SHA256);
|
rustls::SignatureScheme::RSA_PSS_SHA256,
|
||||||
ss.push(rustls::SignatureScheme::RSA_PSS_SHA384);
|
rustls::SignatureScheme::RSA_PSS_SHA384,
|
||||||
ss.push(rustls::SignatureScheme::RSA_PSS_SHA512);
|
rustls::SignatureScheme::RSA_PSS_SHA512,
|
||||||
ss.push(rustls::SignatureScheme::ED25519);
|
rustls::SignatureScheme::ED25519,
|
||||||
ss.push(rustls::SignatureScheme::ED448);
|
rustls::SignatureScheme::ED448,
|
||||||
|
]
|
||||||
ss
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn initialize_log(options: &Cli) {
|
fn initialize_log(options: &Cli) {
|
||||||
let level = match options.level {
|
|
||||||
Some(level) => level.to_level_filter(),
|
|
||||||
None => log::LevelFilter::Debug,
|
|
||||||
};
|
|
||||||
|
|
||||||
pretty_env_logger::formatted_timed_builder()
|
pretty_env_logger::formatted_timed_builder()
|
||||||
.format(|buf, record| {
|
.format(|buf, record| {
|
||||||
// We are reusing `anstyle` but there are `anstyle-*` crates to adapt it to your
|
// We are reusing `anstyle` but there are `anstyle-*` crates to adapt it to your
|
||||||
@ -170,7 +173,7 @@ fn initialize_log(options: &Cli) {
|
|||||||
)
|
)
|
||||||
})
|
})
|
||||||
.format_timestamp_micros()
|
.format_timestamp_micros()
|
||||||
.filter_level(level)
|
.filter_level(options.level.unwrap_or(Level::Debug).into())
|
||||||
.init();
|
.init();
|
||||||
|
|
||||||
info!("Hi -");
|
info!("Hi -");
|
||||||
@ -191,11 +194,8 @@ fn load_use_certificate(crt_name: &str, store: &mut RootCertStore) {
|
|||||||
.iter_common_name()
|
.iter_common_name()
|
||||||
.next()
|
.next()
|
||||||
.and_then(|cn| cn.as_str().ok());
|
.and_then(|cn| cn.as_str().ok());
|
||||||
match cn {
|
if let Some(name) = cn {
|
||||||
Some(name) => {
|
info!("[{}] CA's CN: {}", i, name);
|
||||||
info!("[{}] CA's CN: {}", i, name);
|
|
||||||
}
|
|
||||||
None => (),
|
|
||||||
}
|
}
|
||||||
store.add(cert.clone()).unwrap();
|
store.add(cert.clone()).unwrap();
|
||||||
}
|
}
|
||||||
@ -217,6 +217,25 @@ fn main() -> Result<(), Box<dyn StdError>> {
|
|||||||
load_use_certificate(&crt_name, &mut store);
|
load_use_certificate(&crt_name, &mut store);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if let Ok(certs) = rustls_native_certs::load_native_certs() {
|
||||||
|
let _ = certs
|
||||||
|
.iter()
|
||||||
|
.map(|cert| {
|
||||||
|
if let Err(e) = store.add(cert.clone()) {
|
||||||
|
error!("push cert error: {}", e.to_string());
|
||||||
|
}
|
||||||
|
})
|
||||||
|
.collect::<Vec<_>>();
|
||||||
|
}
|
||||||
|
|
||||||
|
if let Ok(certs) = rustls_native_certs::load_native_certs() {
|
||||||
|
certs.iter().for_each(|cert| {
|
||||||
|
if let Err(e) = store.add(cert.clone()) {
|
||||||
|
error!("push cert error: {}", e.to_string());
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
for cert in rustls_native_certs::load_native_certs()? {
|
for cert in rustls_native_certs::load_native_certs()? {
|
||||||
if let Err(e) = store.add(cert) {
|
if let Err(e) = store.add(cert) {
|
||||||
error!("push cert error: {}", e.to_string());
|
error!("push cert error: {}", e.to_string());
|
||||||
@ -240,8 +259,6 @@ fn main() -> Result<(), Box<dyn StdError>> {
|
|||||||
let mut tls_conn = rustls::Stream::new(&mut conn, &mut sock);
|
let mut tls_conn = rustls::Stream::new(&mut conn, &mut sock);
|
||||||
let mut rbuf: [u8; 1024] = [0; 1024];
|
let mut rbuf: [u8; 1024] = [0; 1024];
|
||||||
|
|
||||||
tls_conn.
|
|
||||||
|
|
||||||
let wstring = "Hello Rust!";
|
let wstring = "Hello Rust!";
|
||||||
let wsize = match tls_conn.write(wstring.as_bytes()) {
|
let wsize = match tls_conn.write(wstring.as_bytes()) {
|
||||||
Ok(size) => size,
|
Ok(size) => size,
|
||||||
|
21
src/main.rs
21
src/main.rs
@ -40,7 +40,7 @@ enum Level {
|
|||||||
}
|
}
|
||||||
|
|
||||||
impl Level {
|
impl Level {
|
||||||
fn to_level_filter(&self) -> log::LevelFilter {
|
fn to_level_filter(self) -> log::LevelFilter {
|
||||||
match self {
|
match self {
|
||||||
Level::Off => log::LevelFilter::Off,
|
Level::Off => log::LevelFilter::Off,
|
||||||
Level::Error => log::LevelFilter::Error,
|
Level::Error => log::LevelFilter::Error,
|
||||||
@ -91,23 +91,22 @@ fn initialize_log(options: &Cli) {
|
|||||||
fn parse_args() -> Vec<String> {
|
fn parse_args() -> Vec<String> {
|
||||||
let cli = Cli::parse();
|
let cli = Cli::parse();
|
||||||
|
|
||||||
let mut key_path = Vec::<String>::new();
|
|
||||||
key_path.push(cli.cert.clone());
|
|
||||||
key_path.push(cli.key.clone());
|
|
||||||
|
|
||||||
initialize_log(&cli);
|
initialize_log(&cli);
|
||||||
|
|
||||||
key_path
|
vec![cli.cert.clone(), cli.key.clone()]
|
||||||
}
|
}
|
||||||
|
|
||||||
fn main() -> Result<(), Box<dyn StdError>> {
|
fn main() -> Result<(), Box<dyn StdError>> {
|
||||||
let key_path = parse_args();
|
let key_path = parse_args();
|
||||||
|
|
||||||
let certs = rustls_pemfile::certs(&mut BufReader::new(&mut File::open(&key_path[KeyPath::Cert as usize][0..])?))
|
let certs = rustls_pemfile::certs(&mut BufReader::new(&mut File::open(
|
||||||
.collect::<Result<Vec<_>, _>>()?;
|
&key_path[KeyPath::Cert as usize][0..],
|
||||||
let private_key =
|
)?))
|
||||||
rustls_pemfile::private_key(&mut BufReader::new(&mut File::open(&key_path[KeyPath::Pkey as usize][0..])?))?
|
.collect::<Result<Vec<_>, _>>()?;
|
||||||
.unwrap();
|
let private_key = rustls_pemfile::private_key(&mut BufReader::new(&mut File::open(
|
||||||
|
&key_path[KeyPath::Pkey as usize][0..],
|
||||||
|
)?))?
|
||||||
|
.unwrap();
|
||||||
let config = rustls::ServerConfig::builder()
|
let config = rustls::ServerConfig::builder()
|
||||||
.with_no_client_auth()
|
.with_no_client_auth()
|
||||||
.with_single_cert(certs, private_key)?;
|
.with_single_cert(certs, private_key)?;
|
||||||
|
Loading…
Reference in New Issue
Block a user