Added ability to specify SSL certificate in DER format (fixes #67).

This commit is contained in:
Aaron Weiss 2017-06-21 23:21:03 -04:00
parent c0af567258
commit 254f5bb048
No known key found for this signature in database
GPG key ID: 0237035D9BF03AE2
2 changed files with 20 additions and 2 deletions

View file

@ -1,5 +1,7 @@
//! A module providing IRC connections for use by `IrcServer`s. //! A module providing IRC connections for use by `IrcServer`s.
use std::fs::File;
use std::{fmt, io}; use std::{fmt, io};
use std::io::Read;
use error; use error;
use client::data::Config; use client::data::Config;
use client::transport::{IrcTransport, LogView, Logged}; use client::transport::{IrcTransport, LogView, Logged};
@ -7,7 +9,7 @@ use proto::{IrcCodec, Message};
use encoding::{EncoderTrap}; use encoding::{EncoderTrap};
use encoding::label::encoding_from_whatwg_label; use encoding::label::encoding_from_whatwg_label;
use futures::{Async, Poll, Future, Sink, StartSend, Stream}; use futures::{Async, Poll, Future, Sink, StartSend, Stream};
use native_tls::TlsConnector; use native_tls::{Certificate, TlsConnector};
use tokio_core::reactor::Handle; use tokio_core::reactor::Handle;
use tokio_core::net::{TcpStream, TcpStreamNew}; use tokio_core::net::{TcpStream, TcpStreamNew};
use tokio_io::AsyncRead; use tokio_io::AsyncRead;
@ -103,7 +105,16 @@ impl Connection {
Ok(ConnectionFuture::Mock(config)) Ok(ConnectionFuture::Mock(config))
} else if config.use_ssl() { } else if config.use_ssl() {
let domain = format!("{}:{}", config.server(), config.port()); let domain = format!("{}:{}", config.server(), config.port());
let connector = TlsConnector::builder()?.build()?; let mut builder = TlsConnector::builder()?;
if let Some(cert_path) = config.cert_path() {
let mut file = File::open(cert_path)?;
let mut cert_data = vec![];
file.read_to_end(&mut cert_data)?;
let cert = Certificate::from_der(&cert_data)?;
builder.add_root_certificate(cert)?;
println!("Added {} to trusted certificates.", cert_path);
}
let connector = builder.build()?;
let stream = TcpStream::connect(&config.socket_addr(), handle) let stream = TcpStream::connect(&config.socket_addr(), handle)
.map_err(|e| { .map_err(|e| {
let res: error::Error = e.into(); let res: error::Error = e.into();

View file

@ -33,6 +33,8 @@ pub struct Config {
/// Whether or not to use SSL. /// Whether or not to use SSL.
/// Clients will automatically panic if this is enabled without SSL support. /// Clients will automatically panic if this is enabled without SSL support.
pub use_ssl: Option<bool>, pub use_ssl: Option<bool>,
/// The path to the SSL certificate for this server in DER format.
pub cert_path: Option<String>,
/// The encoding type used for this connection. /// The encoding type used for this connection.
/// This is typically UTF-8, but could be something else. /// This is typically UTF-8, but could be something else.
pub encoding: Option<String>, pub encoding: Option<String>,
@ -176,6 +178,11 @@ impl Config {
self.use_ssl.as_ref().cloned().unwrap_or(false) self.use_ssl.as_ref().cloned().unwrap_or(false)
} }
/// Gets the path to the SSL certificate in DER format if specified.
pub fn cert_path(&self) -> Option<&str> {
self.cert_path.as_ref().map(|s| &s[..])
}
/// Gets the encoding to use for this connection. This requires the encode feature to work. /// Gets the encoding to use for this connection. This requires the encode feature to work.
/// This defaults to UTF-8 when not specified. /// This defaults to UTF-8 when not specified.
pub fn encoding(&self) -> &str { pub fn encoding(&self) -> &str {