sander/rust-imap
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

bump rustls-connector

Browse source
This commit is contained in:
Jon Gjengset 2024-03-31 10:18:39 +02:00
parent 28faa816a9
commit d57d259288
3 changed files with 106 additions and 131 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

176
Cargo.lock generated
View file

@ -93,9 +93,9 @@ dependencies = [
[[package]] [[package]]
name = "base64" name = "base64"
version = "0.13.0" version = "0.21.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567"
[[package]] [[package]]
name = "base64" name = "base64"
@ -121,17 +121,11 @@ version = "0.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "40e38929add23cdf8a366df9b0e088953150724bcbe5fc330b0d8eb3b328eec8" checksum = "40e38929add23cdf8a366df9b0e088953150724bcbe5fc330b0d8eb3b328eec8"
[[package]]
name = "bumpalo"
version = "3.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535"
[[package]] [[package]]
name = "cc" name = "cc"
version = "1.0.73" version = "1.0.90"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11" checksum = "8cd6604a82acf3039f1144f54b8eb34e91ffba622051189e71b781822d5ee1f5"
[[package]] [[package]]
name = "cfg-if" name = "cfg-if"
@ -370,6 +364,17 @@ dependencies = [
"slab", "slab",
] ]
[[package]]
name = "getrandom"
version = "0.2.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "190092ea657667030ac6a35e305e62fc4dd69fd98ac98631e5d3a2b1575a12b5"
dependencies = [
"cfg-if",
"libc",
"wasi",
]
[[package]] [[package]]
name = "gimli" name = "gimli"
version = "0.26.2" version = "0.26.2"
@ -486,15 +491,6 @@ dependencies = [
"either", "either",
] ]
[[package]]
name = "js-sys"
version = "0.3.60"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "49409df3e3bf0856b916e2ceaca09ee28e6871cf7d9ce97a692cacfdb2a25a47"
dependencies = [
"wasm-bindgen",
]
[[package]] [[package]]
name = "lazy_static" name = "lazy_static"
version = "1.4.0" version = "1.4.0"
@ -847,17 +843,17 @@ dependencies = [
[[package]] [[package]]
name = "ring" name = "ring"
version = "0.16.20" version = "0.17.8"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d"
dependencies = [ dependencies = [
"cc", "cc",
"cfg-if",
"getrandom",
"libc", "libc",
"once_cell",
"spin", "spin",
"untrusted", "untrusted",
"web-sys", "windows-sys 0.52.0",
"winapi",
] ]
[[package]] [[package]]
@ -868,56 +864,68 @@ checksum = "7ef03e0a2b150c7a90d01faf6254c9c48a41e95fb2a8c2ac1c6f0d2b9aefc342"
[[package]] [[package]]
name = "rustls" name = "rustls"
version = "0.21.2" version = "0.22.3"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e32ca28af694bc1bbf399c33a516dbdf1c90090b8ab23c2bc24f834aa2247f5f" checksum = "99008d7ad0bbbea527ec27bddbc0e432c5b87d8175178cee68d2eec9c4a1813c"
dependencies = [ dependencies = [
"log", "log",
"ring", "ring",
"rustls-pki-types",
"rustls-webpki", "rustls-webpki",
"sct", "subtle",
"zeroize",
] ]
[[package]] [[package]]
name = "rustls-connector" name = "rustls-connector"
version = "0.18.1" version = "0.19.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "67c8d6cf0e464eff7cee6ba0419f56a65d29999fc164dd719c8633fbb401365f" checksum = "b5bd40675c79c896f46d0031bf64c448b35e583dd2bc949751ddd800351e453a"
dependencies = [ dependencies = [
"log", "log",
"rustls", "rustls",
"rustls-native-certs", "rustls-native-certs",
"rustls-pki-types",
"rustls-webpki", "rustls-webpki",
] ]
[[package]] [[package]]
name = "rustls-native-certs" name = "rustls-native-certs"
version = "0.6.2" version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0167bac7a9f490495f3c33013e7722b53cb087ecbe082fb0c6387c96f634ea50" checksum = "8f1fb85efa936c42c6d5fc28d2629bb51e4b2f4b8a5211e297d599cc5a093792"
dependencies = [ dependencies = [
"openssl-probe", "openssl-probe",
"rustls-pemfile", "rustls-pemfile",
"rustls-pki-types",
"schannel", "schannel",
"security-framework", "security-framework",
] ]
[[package]] [[package]]
name = "rustls-pemfile" name = "rustls-pemfile"
version = "1.0.1" version = "2.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0864aeff53f8c05aa08d86e5ef839d3dfcf07aeba2db32f12db0ef716e87bd55" checksum = "f48172685e6ff52a556baa527774f61fcaa884f59daf3375c62a3f1cd2549dab"
dependencies = [ dependencies = [
"base64 0.13.0", "base64 0.21.7",
"rustls-pki-types",
] ]
[[package]] [[package]]
name = "rustls-webpki" name = "rustls-pki-types"
version = "0.100.2" version = "1.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e98ff011474fa39949b7e5c0428f9b4937eda7da7848bbb947786b7be0b27dab" checksum = "ecd36cc4259e3e4514335c4a138c6b43171a8d61d8f5c9348f9fc7529416f247"
[[package]]
name = "rustls-webpki"
version = "0.102.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610"
dependencies = [ dependencies = [
"ring", "ring",
"rustls-pki-types",
"untrusted", "untrusted",
] ]
@ -931,16 +939,6 @@ dependencies = [
"windows-sys 0.36.1", "windows-sys 0.36.1",
] ]
[[package]]
name = "sct"
version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
dependencies = [
"ring",
"untrusted",
]
[[package]] [[package]]
name = "security-framework" name = "security-framework"
version = "2.7.0" version = "2.7.0"
@ -995,9 +993,9 @@ dependencies = [
[[package]] [[package]]
name = "spin" name = "spin"
version = "0.5.2" version = "0.9.8"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
[[package]] [[package]]
name = "stacker" name = "stacker"
@ -1048,6 +1046,12 @@ dependencies = [
"syn 1.0.99", "syn 1.0.99",
] ]
[[package]]
name = "subtle"
version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc"
[[package]] [[package]]
name = "syn" name = "syn"
version = "1.0.99" version = "1.0.99"
@ -1176,9 +1180,9 @@ checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c"
[[package]] [[package]]
name = "untrusted" name = "untrusted"
version = "0.7.1" version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
[[package]] [[package]]
name = "url" name = "url"
@ -1215,70 +1219,6 @@ version = "0.11.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
[[package]]
name = "wasm-bindgen"
version = "0.2.83"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "eaf9f5aceeec8be17c128b2e93e031fb8a4d469bb9c4ae2d7dc1888b26887268"
dependencies = [
"cfg-if",
"wasm-bindgen-macro",
]
[[package]]
name = "wasm-bindgen-backend"
version = "0.2.83"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4c8ffb332579b0557b52d268b91feab8df3615f265d5270fec2a8c95b17c1142"
dependencies = [
"bumpalo",
"log",
"once_cell",
"proc-macro2",
"quote",
"syn 1.0.99",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-macro"
version = "0.2.83"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "052be0f94026e6cbc75cdefc9bae13fd6052cdcaf532fa6c45e7ae33a1e6c810"
dependencies = [
"quote",
"wasm-bindgen-macro-support",
]
[[package]]
name = "wasm-bindgen-macro-support"
version = "0.2.83"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "07bc0c051dc5f23e307b13285f9d75df86bfdf816c5721e573dec1f9b8aa193c"
dependencies = [
"proc-macro2",
"quote",
"syn 1.0.99",
"wasm-bindgen-backend",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-shared"
version = "0.2.83"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1c38c045535d93ec4f0b4defec448e4291638ee608530863b1e2ba115d4fff7f"
[[package]]
name = "web-sys"
version = "0.3.60"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bcda906d8be16e728fd5adc5b729afad4e444e106ab28cd1c7256e54fa61510f"
dependencies = [
"js-sys",
"wasm-bindgen",
]
[[package]] [[package]]
name = "winapi" name = "winapi"
version = "0.3.9" version = "0.3.9"
@ -1501,3 +1441,9 @@ dependencies = [
"quote", "quote",
"syn 2.0.43", "syn 2.0.43",
] ]
[[package]]
name = "zeroize"
version = "1.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d"

4
Cargo.toml
View file

@ -23,7 +23,7 @@ test-full-imap = []
[dependencies] [dependencies]
native-tls = { version = "0.2.2", optional = true } native-tls = { version = "0.2.2", optional = true }
rustls-connector = { version = "0.18.0", optional = true, features = ["dangerous-configuration"] } rustls-connector = { version = "0.19.0", optional = true }
regex = "1.0" regex = "1.0"
bufstream = "0.1.3" bufstream = "0.1.3"
imap-proto = "0.16.1" imap-proto = "0.16.1"
@ -35,7 +35,7 @@ ouroboros = "0.18.0"
[dev-dependencies] [dev-dependencies]
lettre = "0.11" lettre = "0.11"
rustls-connector = "0.18.0" rustls-connector = "0.19.0"
structopt = "0.3" structopt = "0.3"
# to make -Zminimal-versions work # to make -Zminimal-versions work

57
src/client_builder.rs
View file

@ -11,7 +11,8 @@ use crate::extensions::idle::SetReadTimeout;
#[cfg(feature = "rustls-tls")] #[cfg(feature = "rustls-tls")]
use rustls_connector::{ use rustls_connector::{
rustls, rustls,
rustls::{Certificate, ClientConfig, RootCertStore, ServerName}, rustls::pki_types::{CertificateDer, ServerName},
rustls::{ClientConfig, RootCertStore},
rustls_native_certs::load_native_certs, rustls_native_certs::load_native_certs,
RustlsConnector, RustlsConnector,
}; };
@ -19,20 +20,43 @@ use rustls_connector::{
use std::sync::Arc; use std::sync::Arc;
#[cfg(feature = "rustls-tls")] #[cfg(feature = "rustls-tls")]
struct NoCertVerification; #[derive(Debug)]
struct NoCertVerification(rustls::client::WebPkiServerVerifier);
#[cfg(feature = "rustls-tls")] #[cfg(feature = "rustls-tls")]
impl rustls::client::ServerCertVerifier for NoCertVerification { impl rustls::client::danger::ServerCertVerifier for NoCertVerification {
fn verify_server_cert( fn verify_server_cert(
&self, &self,
_: &Certificate, _: &CertificateDer<'_>,
_: &[Certificate], _: &[CertificateDer<'_>],
_: &ServerName, _: &ServerName<'_>,
_: &mut dyn Iterator<Item = &[u8]>,
_: &[u8], _: &[u8],
_: std::time::SystemTime, _: rustls::pki_types::UnixTime,
) -> std::result::Result<rustls::client::ServerCertVerified, rustls::Error> { ) -> std::result::Result<rustls::client::danger::ServerCertVerified, rustls::Error> {
Ok(rustls::client::ServerCertVerified::assertion()) Ok(rustls::client::danger::ServerCertVerified::assertion())
}
fn verify_tls12_signature(
&self,
message: &[u8],
cert: &CertificateDer<'_>,
dss: &rustls::DigitallySignedStruct,
) -> std::result::Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
self.0.verify_tls12_signature(message, cert, dss)
}
fn verify_tls13_signature(
&self,
message: &[u8],
cert: &CertificateDer<'_>,
dss: &rustls::DigitallySignedStruct,
) -> std::prelude::v1::Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error>
{
self.0.verify_tls13_signature(message, cert, dss)
}
fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
self.0.supported_verify_schemes()
} }
} }
@ -41,7 +65,7 @@ lazy_static! {
static ref CACERTS: RootCertStore = { static ref CACERTS: RootCertStore = {
let mut store = RootCertStore::empty(); let mut store = RootCertStore::empty();
for cert in load_native_certs().unwrap_or_else(|_| vec![]) { for cert in load_native_certs().unwrap_or_else(|_| vec![]) {
if let Ok(_) = store.add(&Certificate(cert.0)) {} if let Ok(_) = store.add(cert) {}
} }
store store
}; };
@ -335,14 +359,19 @@ where
#[cfg(feature = "rustls-tls")] #[cfg(feature = "rustls-tls")]
fn build_tls_rustls(&self, tcp: TcpStream) -> Result<Connection> { fn build_tls_rustls(&self, tcp: TcpStream) -> Result<Connection> {
let mut config = ClientConfig::builder() let mut config = ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(CACERTS.clone()) .with_root_certificates(CACERTS.clone())
.with_no_client_auth(); .with_no_client_auth();
if self.skip_tls_verify { if self.skip_tls_verify {
let no_cert_verifier = NoCertVerification;
config config
.dangerous() .dangerous()
.set_certificate_verifier(Arc::new(no_cert_verifier)); .set_certificate_verifier(Arc::new(NoCertVerification(
Arc::into_inner(
rustls::client::WebPkiServerVerifier::builder(Arc::new(CACERTS.clone()))
.build()
.expect("can construct standard verifier"),
)
.expect("just constructed, so should only be one"),
)));
} }
let ssl_conn: RustlsConnector = config.into(); let ssl_conn: RustlsConnector = config.into();
Ok(Box::new(ssl_conn.connect(self.domain.as_ref(), tcp)?)) Ok(Box::new(ssl_conn.connect(self.domain.as_ref(), tcp)?))