diff --git a/aquatic_http/Cargo.toml b/aquatic_http/Cargo.toml index 86b4b5a..1cd7f3f 100644 --- a/aquatic_http/Cargo.toml +++ b/aquatic_http/Cargo.toml @@ -20,7 +20,7 @@ cpu-pinning = ["aquatic_common/cpu-pinning"] [dependencies] aquatic_cli_helpers = "0.2.0" -aquatic_common = "0.2.0" +aquatic_common = { version = "0.2.0", features = ["rustls-config"] } aquatic_http_protocol = "0.2.0" aquatic_toml_config = "0.2.0" diff --git a/aquatic_http/src/common.rs b/aquatic_http/src/common.rs index 5bfa9b1..8088f03 100644 --- a/aquatic_http/src/common.rs +++ b/aquatic_http/src/common.rs @@ -10,8 +10,6 @@ use aquatic_http_protocol::{ response::{AnnounceResponse, ScrapeResponse}, }; -pub type TlsConfig = futures_rustls::rustls::ServerConfig; - #[derive(Copy, Clone, Debug)] pub struct ConsumerId(pub usize); diff --git a/aquatic_http/src/lib.rs b/aquatic_http/src/lib.rs index b484a53..0f92da5 100644 --- a/aquatic_http/src/lib.rs +++ b/aquatic_http/src/lib.rs @@ -2,15 +2,12 @@ use aquatic_common::cpu_pinning::{pin_current_if_configured_to, WorkerIndex}; use aquatic_common::{ access_list::update_access_list, privileges::drop_privileges_after_socket_binding, + rustls_config::create_rustls_config, }; -use common::{State, TlsConfig}; +use common::State; use glommio::{channels::channel_mesh::MeshBuilder, prelude::*}; use signal_hook::{consts::SIGUSR1, iterator::Signals}; -use std::{ - fs::File, - io::BufReader, - sync::{atomic::AtomicUsize, Arc}, -}; +use std::sync::{atomic::AtomicUsize, Arc}; use crate::config::Config; @@ -64,7 +61,10 @@ pub fn run_inner(config: Config, state: State) -> anyhow::Result<()> { let num_bound_sockets = Arc::new(AtomicUsize::new(0)); - let tls_config = Arc::new(create_tls_config(&config).unwrap()); + let tls_config = Arc::new(create_rustls_config( + &config.network.tls_certificate_path, + &config.network.tls_private_key_path, + )?); let mut executors = Vec::new(); @@ -151,32 +151,3 @@ pub fn run_inner(config: Config, state: State) -> anyhow::Result<()> { Ok(()) } - -fn create_tls_config(config: &Config) -> anyhow::Result { - let certs = { - let f = File::open(&config.network.tls_certificate_path)?; - let mut f = BufReader::new(f); - - rustls_pemfile::certs(&mut f)? - .into_iter() - .map(|bytes| futures_rustls::rustls::Certificate(bytes)) - .collect() - }; - - let private_key = { - let f = File::open(&config.network.tls_private_key_path)?; - let mut f = BufReader::new(f); - - rustls_pemfile::pkcs8_private_keys(&mut f)? - .first() - .map(|bytes| futures_rustls::rustls::PrivateKey(bytes.clone())) - .ok_or(anyhow::anyhow!("No private keys in file"))? - }; - - let tls_config = futures_rustls::rustls::ServerConfig::builder() - .with_safe_defaults() - .with_no_client_auth() - .with_single_cert(certs, private_key)?; - - Ok(tls_config) -} diff --git a/aquatic_http/src/workers/socket.rs b/aquatic_http/src/workers/socket.rs index 56e91bd..3992551 100644 --- a/aquatic_http/src/workers/socket.rs +++ b/aquatic_http/src/workers/socket.rs @@ -7,6 +7,7 @@ use std::sync::Arc; use std::time::{Duration, Instant}; use aquatic_common::access_list::{create_access_list_cache, AccessListArcSwap, AccessListCache}; +use aquatic_common::rustls_config::RustlsConfig; use aquatic_common::CanonicalSocketAddr; use aquatic_http_protocol::common::InfoHash; use aquatic_http_protocol::request::{Request, RequestParseError, ScrapeRequest}; @@ -54,7 +55,7 @@ struct ConnectionReference { pub async fn run_socket_worker( config: Config, state: State, - tls_config: Arc, + tls_config: Arc, request_mesh_builder: MeshBuilder, response_mesh_builder: MeshBuilder, num_bound_sockets: Arc, @@ -195,7 +196,7 @@ impl Connection { response_receiver: LocalReceiver, response_consumer_id: ConsumerId, connection_id: ConnectionId, - tls_config: Arc, + tls_config: Arc, connection_slab: Rc>>, stream: TcpStream, ) -> anyhow::Result<()> {