Added ability to specify SSL certificate in DER format (fixes #67).

2017-06-21 23:21:03 -04:00 · 2017-06-21 23:21:03 -04:00 · 254f5bb048
commit 254f5bb048
parent c0af567258
2 changed files with 20 additions and 2 deletions
--- a/src/client/conn.rs
+++ b/src/client/conn.rs
@ -1,5 +1,7 @@
 //! A module providing IRC connections for use by `IrcServer`s.
+use std::fs::File;
 use std::{fmt, io};
+use std::io::Read;
 use error;
 use client::data::Config;
 use client::transport::{IrcTransport, LogView, Logged};
@ -7,7 +9,7 @@ use proto::{IrcCodec, Message};
 use encoding::{EncoderTrap};
 use encoding::label::encoding_from_whatwg_label;
 use futures::{Async, Poll, Future, Sink, StartSend, Stream};
-use native_tls::TlsConnector;
+use native_tls::{Certificate, TlsConnector};
 use tokio_core::reactor::Handle;
 use tokio_core::net::{TcpStream, TcpStreamNew};
 use tokio_io::AsyncRead;
@ -103,7 +105,16 @@ impl Connection {
            Ok(ConnectionFuture::Mock(config))
        } else if config.use_ssl() {
            let domain = format!("{}:{}", config.server(), config.port());
-            let connector = TlsConnector::builder()?.build()?;
+            let mut builder = TlsConnector::builder()?;
+            if let Some(cert_path) = config.cert_path() {
+                let mut file = File::open(cert_path)?;
+                let mut cert_data = vec![];
+                file.read_to_end(&mut cert_data)?;
+                let cert = Certificate::from_der(&cert_data)?;
+                builder.add_root_certificate(cert)?;
+                println!("Added {} to trusted certificates.", cert_path);
+            }
+            let connector = builder.build()?;
            let stream = TcpStream::connect(&config.socket_addr(), handle)
                .map_err(|e| {
                    let res: error::Error = e.into();
--- a/src/client/data/config.rs
+++ b/src/client/data/config.rs
@ -33,6 +33,8 @@ pub struct Config {
    /// Whether or not to use SSL.
    /// Clients will automatically panic if this is enabled without SSL support.
    pub use_ssl: Option<bool>,
+    /// The path to the SSL certificate for this server in DER format.
+    pub cert_path: Option<String>,
    /// The encoding type used for this connection.
    /// This is typically UTF-8, but could be something else.
    pub encoding: Option<String>,
@ -176,6 +178,11 @@ impl Config {
        self.use_ssl.as_ref().cloned().unwrap_or(false)
    }

+    /// Gets the path to the SSL certificate in DER format if specified.
+    pub fn cert_path(&self) -> Option<&str> {
+        self.cert_path.as_ref().map(|s| &s[..])
+    }
+
    /// Gets the encoding to use for this connection. This requires the encode feature to work.
    /// This defaults to UTF-8 when not specified.
    pub fn encoding(&self) -> &str {