From 6d06a43db8a77ba8c36df321b5d54838a50871eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joakim=20Frosteg=C3=A5rd?= Date: Wed, 13 May 2020 16:43:23 +0200 Subject: [PATCH] aquatic_ws: add setting for using tls; update TODO --- TODO.md | 4 +--- aquatic_ws/src/lib/config.rs | 10 ++++++---- aquatic_ws/src/lib/lib.rs | 1 - aquatic_ws/src/lib/network/mod.rs | 3 +-- aquatic_ws/src/lib/network/utils.rs | 4 ++-- 5 files changed, 10 insertions(+), 12 deletions(-) diff --git a/TODO.md b/TODO.md index 5fa7e05..f6c33b5 100644 --- a/TODO.md +++ b/TODO.md @@ -2,10 +2,8 @@ ## aquatic_ws * network - * actually run tls. maybe add config fields for number of tls and non-tls - workers, then run that amount of each. or add tls section to config, with - bool key use_tls and the tls cert things, then use that for all workers * test tls! + * handle tls certificate parse errors etc better * send/recv buffer size config * limit ws message sizes? * test diff --git a/aquatic_ws/src/lib/config.rs b/aquatic_ws/src/lib/config.rs index 54a5308..4559d51 100644 --- a/aquatic_ws/src/lib/config.rs +++ b/aquatic_ws/src/lib/config.rs @@ -22,6 +22,9 @@ pub struct Config { pub struct NetworkConfig { /// Bind to this address pub address: SocketAddr, + pub use_tls: bool, + pub tls_pkcs12_path: String, + pub tls_pkcs12_password: String, /// Maximum number of torrents to accept in scrape request pub max_scrape_torrents: usize, // FIXME: should this really be in NetworkConfig? /// Maximum number of offers to accept in announce request @@ -30,8 +33,6 @@ pub struct NetworkConfig { pub peer_announce_interval: usize, // FIXME: should this really be in NetworkConfig? pub poll_event_capacity: usize, pub poll_timeout_milliseconds: u64, - pub pkcs12_path: String, - pub pkcs12_password: String, } @@ -87,13 +88,14 @@ impl Default for NetworkConfig { fn default() -> Self { Self { address: SocketAddr::from(([127, 0, 0, 1], 3000)), + use_tls: false, + tls_pkcs12_path: "".into(), + tls_pkcs12_password: "".into(), max_scrape_torrents: 255, // FIXME: what value is reasonable? max_offers: 10, peer_announce_interval: 120, poll_event_capacity: 4096, poll_timeout_milliseconds: 50, - pkcs12_path: "".into(), - pkcs12_password: "".into(), } } } diff --git a/aquatic_ws/src/lib/lib.rs b/aquatic_ws/src/lib/lib.rs index 515e79b..d81b803 100644 --- a/aquatic_ws/src/lib/lib.rs +++ b/aquatic_ws/src/lib/lib.rs @@ -35,7 +35,6 @@ pub fn run(config: Config){ i, in_message_sender, out_message_receiver, - false ); }); } diff --git a/aquatic_ws/src/lib/network/mod.rs b/aquatic_ws/src/lib/network/mod.rs index 3aa9bb5..816a4bd 100644 --- a/aquatic_ws/src/lib/network/mod.rs +++ b/aquatic_ws/src/lib/network/mod.rs @@ -25,7 +25,6 @@ pub fn run_socket_worker( socket_worker_index: usize, in_message_sender: InMessageSender, out_message_receiver: OutMessageReceiver, - use_tls: bool ){ let poll_timeout = Duration::from_millis( config.network.poll_timeout_milliseconds @@ -39,7 +38,7 @@ pub fn run_socket_worker( .register(&mut listener, Token(0), Interest::READABLE) .unwrap(); - let opt_tls_acceptor = if use_tls { + let opt_tls_acceptor = if config.network.use_tls { Some(create_tls_acceptor(&config)) } else { None diff --git a/aquatic_ws/src/lib/network/utils.rs b/aquatic_ws/src/lib/network/utils.rs index 218d695..c7fdce5 100644 --- a/aquatic_ws/src/lib/network/utils.rs +++ b/aquatic_ws/src/lib/network/utils.rs @@ -40,14 +40,14 @@ pub fn create_tls_acceptor( config: &Config, ) -> TlsAcceptor { let mut identity_bytes = Vec::new(); - let mut file = File::open(&config.network.pkcs12_path) + let mut file = File::open(&config.network.tls_pkcs12_path) .expect("open pkcs12 file"); file.read_to_end(&mut identity_bytes).expect("read pkcs12 file"); let identity = Identity::from_pkcs12( &mut identity_bytes, - &config.network.pkcs12_password + &config.network.tls_pkcs12_password ).expect("create pkcs12 identity"); let acceptor = TlsAcceptor::new(identity)