tls/SSL support
This commit is contained in:
parent
eda07ac2ad
commit
684ed3acb0
|
|
@ -143,6 +143,12 @@ version = "1.3.4"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "08c48aae112d48ed9f069b33538ea9e3e90aa263cfa3d1c24309612b1f7472de"
|
||||
|
||||
[[package]]
|
||||
name = "cc"
|
||||
version = "1.0.61"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ed67cbde08356238e75fc4656be4749481eeffb09e19f320a25237d5221c985d"
|
||||
|
||||
[[package]]
|
||||
name = "cfg-if"
|
||||
version = "0.1.10"
|
||||
|
|
@ -317,6 +323,18 @@ dependencies = [
|
|||
"url",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "hyper-sync-rustls"
|
||||
version = "0.3.0-rc.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "6d1a443a90413a118ac6739e024f6a5180aa3b3f43f7de65f9d388a961cff19b"
|
||||
dependencies = [
|
||||
"hyper",
|
||||
"rustls",
|
||||
"webpki",
|
||||
"webpki-roots",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "idna"
|
||||
version = "0.1.5"
|
||||
|
|
@ -344,6 +362,12 @@ version = "0.2.2"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a91d884b6667cd606bb5a69aa0c99ba811a115fc68915e7056ec08a46e93199a"
|
||||
|
||||
[[package]]
|
||||
name = "lazy_static"
|
||||
version = "1.4.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
|
||||
|
||||
[[package]]
|
||||
name = "libc"
|
||||
version = "0.2.80"
|
||||
|
|
@ -514,6 +538,18 @@ dependencies = [
|
|||
"rand_core",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ring"
|
||||
version = "0.13.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "2c4db68a2e35f3497146b7e4563df7d4773a2433230c5e4b448328e31740458a"
|
||||
dependencies = [
|
||||
"cc",
|
||||
"lazy_static",
|
||||
"libc",
|
||||
"untrusted",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rocket"
|
||||
version = "0.4.5"
|
||||
|
|
@ -558,21 +594,47 @@ checksum = "1aff5a5480175f2f553a876b251e9350c74196128806d176da3a51c82aab5428"
|
|||
dependencies = [
|
||||
"cookie",
|
||||
"hyper",
|
||||
"hyper-sync-rustls",
|
||||
"indexmap",
|
||||
"pear",
|
||||
"percent-encoding 1.0.1",
|
||||
"rustls",
|
||||
"smallvec",
|
||||
"state",
|
||||
"time",
|
||||
"unicode-xid",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rustls"
|
||||
version = "0.14.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8b7891791343c75b73ed9a18cadcafd8c8563d11a88ebe2d87f5b8a3182654d9"
|
||||
dependencies = [
|
||||
"base64 0.9.3",
|
||||
"log 0.4.11",
|
||||
"ring",
|
||||
"sct",
|
||||
"untrusted",
|
||||
"webpki",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "safemem"
|
||||
version = "0.3.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ef703b7cb59335eae2eb93ceb664c0eb7ea6bf567079d843e09420219668e072"
|
||||
|
||||
[[package]]
|
||||
name = "sct"
|
||||
version = "0.4.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "cb8f61f9e6eadd062a71c380043d28036304a4706b3c4dd001ff3387ed00745a"
|
||||
dependencies = [
|
||||
"ring",
|
||||
"untrusted",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "serde"
|
||||
version = "1.0.117"
|
||||
|
|
@ -713,6 +775,12 @@ dependencies = [
|
|||
"subtle 2.3.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "untrusted"
|
||||
version = "0.6.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "55cd1f4b4e96b46aeb8d4855db4a7a9bd96eeeb5c6a1ab54593328761642ce2f"
|
||||
|
||||
[[package]]
|
||||
name = "url"
|
||||
version = "1.7.2"
|
||||
|
|
@ -748,6 +816,26 @@ version = "0.10.0+wasi-snapshot-preview1"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f"
|
||||
|
||||
[[package]]
|
||||
name = "webpki"
|
||||
version = "0.18.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "17d7967316d8411ca3b01821ee6c332bde138ba4363becdb492f12e514daa17f"
|
||||
dependencies = [
|
||||
"ring",
|
||||
"untrusted",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "webpki-roots"
|
||||
version = "0.15.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "85d1f408918fd590908a70d36b7ac388db2edc221470333e4d6e5b598e44cabf"
|
||||
dependencies = [
|
||||
"untrusted",
|
||||
"webpki",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "winapi"
|
||||
version = "0.3.9"
|
||||
|
|
|
|||
|
|
@ -7,4 +7,4 @@ edition = "2018"
|
|||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||
|
||||
[dependencies]
|
||||
rocket = "0.4.5"
|
||||
rocket = {version="0.4", features=["tls"]}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,12 @@
|
|||
# Fly me a rocket
|
||||
|
||||
This is a basic rocket web app. It uses tls to serve content, signing itself
|
||||
with keys that are in `private`, along with a generation script. A tryout use
|
||||
case would bring :
|
||||
|
||||
( cd private && bash gen_cert.sh )
|
||||
cargo run
|
||||
|
||||
One should use Let'sEncrypt keys for a specific domain. See `Rocket.toml` for
|
||||
adding specific keys for production binaries. Self-generated keys are useful for
|
||||
developement environments.
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
|
||||
# Global configuration of TLS:
|
||||
[global.tls]
|
||||
certs = "private/cert.pem"
|
||||
key = "private/key.pem"
|
||||
|
||||
|
||||
# Per Environment Configuration of TLS:
|
||||
#[development]
|
||||
#tls = { certs = "c:\\code\\lang\\rust\\proj\\rocket-auth-login\\examples\\tls_example\\private\\certs.pem", key = "c:\\code\\lang\\rust\\proj\\rocket-auth-login\\examples\\tls_example\\private\\key.pem" }
|
||||
#[production]
|
||||
#tls = { certs = "c:\\code\\lang\\rust\\proj\\rocket-auth-login\\examples\\tls_example\\private\\certs.pem", key = "c:\\code\\lang\\rust\\proj\\rocket-auth-login\\examples\\tls_example\\private\\key.pem" }
|
||||
|
||||
# Or relative paths:
|
||||
|
||||
# Per Environment Configuration of TLS:
|
||||
# [development]
|
||||
# tls = { certs = "private\\certs.pem", key = "private\\key.pem" }
|
||||
# [production]
|
||||
# tls = { certs = "private\\certs.pem", key = "private\\key.pem" }
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
#! /bin/bash
|
||||
|
||||
# TODO: `rustls` (really, `webpki`) doesn't currently use the CN in the subject
|
||||
# to check if a certificate is valid for a server name sent via SNI. It's not
|
||||
# clear if this is intended, since certificates _should_ have a `subjectAltName`
|
||||
# with a DNS name, or if it simply hasn't been implemented yet. See
|
||||
# https://bugzilla.mozilla.org/show_bug.cgi?id=552346 for a bit more info.
|
||||
|
||||
CA_SUBJECT="/C=US/ST=CA/O=Rocket CA/CN=Rocket Root CA"
|
||||
SUBJECT="/C=US/ST=CA/O=Rocket/CN=localhost"
|
||||
ALT="DNS:localhost"
|
||||
|
||||
openssl genrsa -out ca_key.pem 4096
|
||||
openssl req -new -x509 -days 3650 -key ca_key.pem -subj "${CA_SUBJECT}" -out ca_cert.pem
|
||||
|
||||
openssl req -newkey rsa:4096 -nodes -sha256 -keyout key.pem -subj "${SUBJECT}" -out server.csr
|
||||
openssl x509 -req -sha256 -extfile <(printf "subjectAltName=${ALT}") -days 3650 \
|
||||
-CA ca_cert.pem -CAkey ca_key.pem -CAcreateserial \
|
||||
-in server.csr -out cert.pem
|
||||
|
||||
rm ca_cert.srl server.csr
|
||||
Loading…
Reference in New Issue