Created
March 27, 2024 22:31
-
-
Save alexliesenfeld/1c366c8d30cff769a59cf74c6aaba9cc to your computer and use it in GitHub Desktop.
Rustls IP Address as SNI Example Project
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [package] | |
| name = "rustls-sni" | |
| version = "0.1.0" | |
| edition = "2021" | |
| [dev-dependencies] | |
| rustls = "0.22" | |
| tokio-rustls = "0.25" | |
| curl = "0.4" | |
| reqwest = "0.11" | |
| tokio = { version = "1.35", features = ["full"]} | |
| isahc = "1.7" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| use std::net::SocketAddr; | |
| use std::sync::Arc; | |
| use rustls::server::{ClientHello, ResolvesServerCert}; | |
| use rustls::ServerConfig; | |
| use rustls::sign::CertifiedKey; | |
| use tokio::net::TcpListener; | |
| use tokio_rustls::TlsAcceptor; | |
| #[derive(Debug)] | |
| struct Resolver {} | |
| impl ResolvesServerCert for Resolver { | |
| fn resolve(&self, _: ClientHello) -> Option<Arc<CertifiedKey>> { | |
| panic!("we will not get here") | |
| } | |
| } | |
| async fn run_server(addr: &str) { | |
| let addr: SocketAddr = addr.parse().unwrap(); | |
| let listener = TcpListener::bind(addr).await.unwrap(); | |
| let (tcp_stream,_) = listener.accept().await.unwrap(); | |
| let server_config = ServerConfig::builder() | |
| .with_no_client_auth() | |
| .with_cert_resolver(Arc::new(Resolver{})); | |
| let tls_acceptor = TlsAcceptor::from(Arc::new(server_config)); | |
| tls_acceptor.accept(tcp_stream).await.unwrap(); // <-- This will fail! | |
| } | |
| mod tests { | |
| use crate::run_server; | |
| #[tokio::test] | |
| #[should_panic(expected = "decoding error")] | |
| async fn test_with_reqwest() { | |
| tokio::task::spawn(async { | |
| run_server("127.0.0.1:65431").await | |
| }); | |
| tokio::time::sleep(tokio::time::Duration::from_secs(1)).await; | |
| reqwest::get("https://127.0.0.1:65431").await.unwrap(); | |
| } | |
| #[tokio::test] | |
| #[should_panic(expected = "SSL connect error")] | |
| async fn test_with_isahc() { | |
| tokio::task::spawn(async { | |
| run_server("127.0.0.1:65432").await | |
| }); | |
| tokio::time::sleep(tokio::time::Duration::from_secs(1)).await; | |
| // Internally, isahc uses curl, similar to test_with_curl. | |
| isahc::get_async("https://127.0.0.1:65432").await.unwrap(); | |
| } | |
| #[tokio::test] | |
| #[should_panic] | |
| async fn test_with_curl() { | |
| tokio::task::spawn(async { | |
| run_server("127.0.0.1:65433").await | |
| }); | |
| tokio::time::sleep(tokio::time::Duration::from_secs(1)).await; | |
| tokio::task::spawn_blocking(|| { | |
| let mut easy = curl::easy::Easy::new(); | |
| easy.url("https://127.0.0.1:65433").unwrap(); | |
| easy.perform().unwrap(); | |
| }).await.unwrap(); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment