Last active
December 25, 2019 08:49
Revisions
-
davidB revised this gist
Dec 25, 2019 . No changes.There are no files selected for viewing
-
Dec 25, 2019 . 1 changed file with 20 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,8 +2,23 @@ // ``` // --- with curl --- // {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"forbidden: User \"system:anonymous\" cannot get path \"/\"","reason":"Forbidden","details":{},"code":403} // [src/main.rs:51] main_with_curl().await = Ok( // (), // ) // --- with reqwest --- // [src/main.rs:53] main_with_reqwest().await = Err( // reqwest::Error { // kind: Request, // url: "https://35.232.6.83/", // source: hyper::Error( // Connect, // Error { // code: -67843, // message: "The certificate was not trusted.", // }, // ), // }, // ) // ``` // // Linux: @@ -46,17 +61,16 @@ o098cHJLzIFII9icY8n1dQ== "#; #[tokio::main] async fn main() { println!("--- with curl ---"); dbg!(main_with_curl().await); println!("--- with reqwest ---"); dbg!(main_with_reqwest().await); } async fn main_with_reqwest() -> Result<(), Box<dyn std::error::Error>> { use openssl::x509::X509; // use reqwest; let ca = X509::from_pem(CACERT_PEM.as_bytes())?; let cert = reqwest::Certificate::from_der(&ca.to_der()?)?; -
Dec 25, 2019 . 2 changed files with 30 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -9,6 +9,12 @@ edition = "2018" [dependencies] openssl = { version = "^0.10", features = ["vendored"] } tokio = { version = "^0.2.5", features = ["full"]} # curl = "0.4.25" # ok # curl = {version = "0.4.25", features = ["static-ssl"] } # ok curl = {version = "0.4.25", features = ["mesalink"] } # ok # curl = {version = "0.4.25", features = ["static-curl"] } # failed # curl = {version = "0.4.25", features = ["static-curl", "mesalink"] } # failed # curl = {version = "0.4.25", features = ["static-curl", "static-ssl"] } # failed [dependencies.reqwest] #version = "0.10.0" @@ -17,4 +23,4 @@ git = "https://github.com/seanmonstar/reqwest" rev = "18fd9a63b0eb7bf51d2e2b7fe31b4567f0b05779" features = ["json", "gzip", "rustls-tls"] # features = ["rustls-tls"] # # TODO: rustls This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,23 @@ cat >ca.x509.crt <<EOF -----BEGIN CERTIFICATE----- MIIDDDCCAfSgAwIBAgIRANMRvVXXaTbXyxpbqXtlgyEwDQYJKoZIhvcNAQELBQAw LzEtMCsGA1UEAxMkMzg1NTM1MzEtOTgwNS00NzcwLTllMzItMmY1MmM1NDU3NWY4 MB4XDTE5MTIxOTA3NTM1OVoXDTI0MTIxNzA4NTM1OVowLzEtMCsGA1UEAxMkMzg1 NTM1MzEtOTgwNS00NzcwLTllMzItMmY1MmM1NDU3NWY4MIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAmX8Eg6r6tygSiIM3nMS4VwnYoXrrIuixlCGqsI4L sw5j9oTslbNvsOjfFnRGyMK6wPm7x/htMC5B44Jyh2BedZbfcp7WXZJr7Dq/9SgR /TPZmb1GwqVvqfE4RmzwK6wcaMSEkF/mqc9+IWiEpmMRmkdsvj2/8fydQM2+Wj8y qSzaIgMopsaNuA4EWIKABeQH8vzIMjiEsvSpGDRRF14G6OMeCUypa780HCUwNKkc BaAUc1VzAcQYTNzx78Y4IZCJjkwtBfKYWUibIWWeJaDAzNEbYGeBNtc6/kbvUuCL VmibQ5+Qo6kgjchElRECZU4dhz8FKOMWh3YFyNpE7hZqrwIDAQABoyMwITAOBgNV HQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEA b0qhFcv4LriftJrB5RX0XHjEjGiEirv4Xq9rUgGOTYGnrtKtqu7DPIoZagYgByTX VnpqGJczQ/ZGZyAeE502uH6np6ftmQi98NFNe5W7btv/U4ZHN8VzQ2+77uBw/orY YuVKNMMcc+CfO8pX2rv8Z4YUUvBz3/YO9h5K1IBjXuLCI+PM6+2OMFfaoSI0Iz8q sazWeeT8orW1/LdJMokCkGqgPZC8X15j2/E6YlzPeebAQK/QgpMYg9XoHWJcuhSx RgGI71iQAaYoBYSxSgV2cteECEiJlMoInkU0HCX7JlZlR/ypZl+ybPFVQigsAfpu o098cHJLzIFII9icY8n1dQ== -----END CERTIFICATE----- EOF openssl x509 -in ca.x509.crt -noout -text curl -i -v https://35.232.6.83 --cacert ./ca.x509.crt -
Dec 22, 2019 . 1 changed file with 40 additions and 8 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,8 @@ // Mac OSX (Catalina 10.15.2): // ``` // --- with curl --- // {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"forbidden: User \"system:anonymous\" cannot get path \"/\"","reason":"Forbidden","details":{},"code":403} // --- with reqwest --- // Error: reqwest::Error { kind: Request, url: "https://35.232.6.83/", source: hyper::Error(Connect, Error { code: -67843, message: "The certificate was not trusted." }) } // ``` // @@ -17,13 +20,10 @@ // }, // } ///``` /// const SERVERAPI_URL: &str = "https://35.232.6.83"; const CACERT_PEM: &str = r#" -----BEGIN CERTIFICATE----- MIIDDDCCAfSgAwIBAgIRANMRvVXXaTbXyxpbqXtlgyEwDQYJKoZIhvcNAQELBQAw LzEtMCsGA1UEAxMkMzg1NTM1MzEtOTgwNS00NzcwLTllMzItMmY1MmM1NDU3NWY4 @@ -44,7 +44,21 @@ RgGI71iQAaYoBYSxSgV2cteECEiJlMoInkU0HCX7JlZlR/ypZl+ybPFVQigsAfpu o098cHJLzIFII9icY8n1dQ== -----END CERTIFICATE----- "#; #[tokio::main] async fn main() -> Result<(), Box<dyn std::error::Error>> { println!("--- with curl ---"); main_with_curl().await?; println!("--- with reqwest ---"); main_with_reqwest().await?; Ok(()) } async fn main_with_reqwest() -> Result<(), Box<dyn std::error::Error>> { use openssl::x509::X509; use reqwest; let ca = X509::from_pem(CACERT_PEM.as_bytes())?; let cert = reqwest::Certificate::from_der(&ca.to_der()?)?; // dbg!(&ca.subject_name()); // dbg!(&ca.subject_name()); @@ -55,8 +69,26 @@ o098cHJLzIFII9icY8n1dQ== // .danger_accept_invalid_certs(true) ; let client = client_builder.build()?; let resp = client.get(SERVERAPI_URL).send().await?; println!("{:#?}", resp); Ok(()) } // curl -i -v https://35.232.6.83 --cacert ./cert3.x509.crt async fn main_with_curl() -> Result<(), Box<dyn std::error::Error>> { use curl::easy::Easy; use std::io::{stdout, Write}; // Write the contents of rust-lang.org to stdout let mut easy = Easy::new(); let cacert = std::path::Path::new("ca.x509.crt"); std::fs::write(cacert, CACERT_PEM)?; easy.cainfo(cacert)?; easy.url(SERVERAPI_URL)?; easy.write_function(|data| { stdout().write_all(data).unwrap(); Ok(data.len()) })?; easy.perform()?; Ok(()) } -
Dec 22, 2019 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Dec 22, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,20 @@ [package] name = "test_gke_cert" version = "0.1.0" authors = ["David Bernard"] edition = "2018" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] openssl = { version = "^0.10", features = ["vendored"] } tokio = { version = "^0.2.5", features = ["full"]} [dependencies.reqwest] #version = "0.10.0" # version = " 0.10.0-alpha.2" git = "https://github.com/seanmonstar/reqwest" rev = "18fd9a63b0eb7bf51d2e2b7fe31b4567f0b05779" features = ["json", "gzip", "rustls-tls"] # features = ["rustls-tls"] # # TODO: rustls This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,62 @@ // Mac OSX (Catalina 10.15.2): // ``` // Error: reqwest::Error { kind: Request, url: "https://35.232.6.83/", source: hyper::Error(Connect, Error { code: -67843, message: "The certificate was not trusted." }) } // ``` // // Linux: // ``` // Response { // url: "https://35.232.6.83/", // status: 403, // headers: { // "audit-id": "83ac14e8-8beb-4456-b495-35c81ba9b348", // "content-type": "application/json", // "x-content-type-options": "nosniff", // "date": "Sat, 21 Dec 2019 18:21:52 GMT", // "content-length": "185", // }, // } ///``` use openssl::x509::X509; use reqwest; #[tokio::main] async fn main() -> Result<(), Box<dyn std::error::Error>> { let pem = r#" -----BEGIN CERTIFICATE----- MIIDDDCCAfSgAwIBAgIRANMRvVXXaTbXyxpbqXtlgyEwDQYJKoZIhvcNAQELBQAw LzEtMCsGA1UEAxMkMzg1NTM1MzEtOTgwNS00NzcwLTllMzItMmY1MmM1NDU3NWY4 MB4XDTE5MTIxOTA3NTM1OVoXDTI0MTIxNzA4NTM1OVowLzEtMCsGA1UEAxMkMzg1 NTM1MzEtOTgwNS00NzcwLTllMzItMmY1MmM1NDU3NWY4MIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAmX8Eg6r6tygSiIM3nMS4VwnYoXrrIuixlCGqsI4L sw5j9oTslbNvsOjfFnRGyMK6wPm7x/htMC5B44Jyh2BedZbfcp7WXZJr7Dq/9SgR /TPZmb1GwqVvqfE4RmzwK6wcaMSEkF/mqc9+IWiEpmMRmkdsvj2/8fydQM2+Wj8y qSzaIgMopsaNuA4EWIKABeQH8vzIMjiEsvSpGDRRF14G6OMeCUypa780HCUwNKkc BaAUc1VzAcQYTNzx78Y4IZCJjkwtBfKYWUibIWWeJaDAzNEbYGeBNtc6/kbvUuCL VmibQ5+Qo6kgjchElRECZU4dhz8FKOMWh3YFyNpE7hZqrwIDAQABoyMwITAOBgNV HQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEA b0qhFcv4LriftJrB5RX0XHjEjGiEirv4Xq9rUgGOTYGnrtKtqu7DPIoZagYgByTX VnpqGJczQ/ZGZyAeE502uH6np6ftmQi98NFNe5W7btv/U4ZHN8VzQ2+77uBw/orY YuVKNMMcc+CfO8pX2rv8Z4YUUvBz3/YO9h5K1IBjXuLCI+PM6+2OMFfaoSI0Iz8q sazWeeT8orW1/LdJMokCkGqgPZC8X15j2/E6YlzPeebAQK/QgpMYg9XoHWJcuhSx RgGI71iQAaYoBYSxSgV2cteECEiJlMoInkU0HCX7JlZlR/ypZl+ybPFVQigsAfpu o098cHJLzIFII9icY8n1dQ== -----END CERTIFICATE----- "#; let ca = X509::from_pem(pem.as_bytes())?; let cert = reqwest::Certificate::from_der(&ca.to_der()?)?; // dbg!(&ca.subject_name()); // dbg!(&ca.subject_name()); // dbg!(&cert); let mut client_builder = reqwest::Client::builder(); client_builder = client_builder .add_root_certificate(cert) // .danger_accept_invalid_certs(true) ; let client = client_builder.build()?; let resp = client.get("https://35.232.6.83").send().await?; println!("{:#?}", resp); Ok(()) }