Skip to content

Commit

Permalink
bump quinn & rustls (#1086)
Browse files Browse the repository at this point in the history
* bump quinn & rustls

* fix ci windows check

* add comments
  • Loading branch information
JLerxky authored Jun 11, 2024
1 parent d8e66de commit 9d09742
Show file tree
Hide file tree
Showing 8 changed files with 231 additions and 256 deletions.
206 changes: 108 additions & 98 deletions Cargo.lock

Large diffs are not rendered by default.

10 changes: 7 additions & 3 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ petgraph = "0.6.3"
pnet = "0.34"
pnet_datalink = "0.34"
proc-macro2 = "1.0.51"
quinn = "0.10.1"
quinn = "0.11.1"
quote = "1.0.23"
rand = { version = "0.8.5", default-features = false } # Default features are disabled due to usage in no_std crates
rand_chacha = "0.3.1"
Expand All @@ -132,7 +132,11 @@ ron = "0.8.1"
ringbuffer-spsc = "0.1.9"
rsa = "0.9"
rustc_version = "0.4.0"
rustls = "0.22.2"
rustls = { version = "0.23.9", default-features = false, features = [
"logging",
"tls12",
"ring",
] }
rustls-native-certs = "0.7.0"
rustls-pemfile = "2.0.0"
rustls-webpki = "0.102.0"
Expand All @@ -155,7 +159,7 @@ token-cell = { version = "1.4.2", default-features = false }
tokio = { version = "1.35.1", default-features = false } # Default features are disabled due to some crates' requirements
tokio-util = "0.7.10"
tokio-tungstenite = "0.21"
tokio-rustls = "0.25.0"
tokio-rustls = { version = "0.26.0", default-features = false }
# tokio-vsock = see: io/zenoh-links/zenoh-link-vsock/Cargo.toml (workspaces does not support platform dependent dependencies)
console-subscriber = "0.2"
typenum = "1.16.0"
Expand Down
10 changes: 4 additions & 6 deletions io/zenoh-links/zenoh-link-quic/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,9 @@ async-trait = { workspace = true }
base64 = { workspace = true }
futures = { workspace = true }
quinn = { workspace = true }
rustls-native-certs = { workspace = true }
rustls-pki-types = { workspace = true }
rustls = { workspace = true }
rustls-pemfile = { workspace = true }
rustls-pki-types = { workspace = true }
rustls-webpki = { workspace = true }
secrecy = { workspace = true }
tokio = { workspace = true, features = [
Expand All @@ -40,6 +41,7 @@ tokio = { workspace = true, features = [
"sync",
"time",
] }
tokio-rustls = { workspace = true }
tokio-util = { workspace = true, features = ["rt"] }
tracing = { workspace = true }
webpki-roots = { workspace = true }
Expand All @@ -51,7 +53,3 @@ zenoh-result = { workspace = true }
zenoh-runtime = { workspace = true }
zenoh-sync = { workspace = true }
zenoh-util = { workspace = true }
# Lock due to quinn not supporting rustls 0.22 yet
rustls = { version = "0.21", features = ["dangerous_configuration", "quic"] }
tokio-rustls = "0.24.1"
rustls-pemfile = { version = "1" }
1 change: 0 additions & 1 deletion io/zenoh-links/zenoh-link-quic/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ use zenoh_result::ZResult;

mod unicast;
mod utils;
mod verify;
pub use unicast::*;
pub use utils::TlsConfigurator as QuicConfigurator;

Expand Down
40 changes: 24 additions & 16 deletions io/zenoh-links/zenoh-link-quic/src/unicast.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@
//

use crate::{
config::*,
utils::{get_quic_addr, TlsClientConfig, TlsServerConfig},
ALPN_QUIC_HTTP, QUIC_ACCEPT_THROTTLE_TIME, QUIC_DEFAULT_MTU, QUIC_LOCATOR_PREFIX,
};
use async_trait::async_trait;
use quinn::crypto::rustls::{QuicClientConfig, QuicServerConfig};
use std::fmt;
use std::net::IpAddr;
use std::net::{Ipv4Addr, Ipv6Addr, SocketAddr};
Expand Down Expand Up @@ -68,7 +68,7 @@ impl LinkUnicastTrait for LinkUnicastQuic {
tracing::trace!("Closing QUIC link: {}", self);
// Flush the QUIC stream
let mut guard = zasynclock!(self.send);
if let Err(e) = guard.finish().await {
if let Err(e) = guard.finish() {
tracing::trace!("Error closing QUIC stream {}: {}", self, e);
}
self.connection.close(quinn::VarInt::from_u32(0), &[0]);
Expand Down Expand Up @@ -206,15 +206,6 @@ impl LinkManagerUnicastTrait for LinkManagerUnicastQuic {

let addr = get_quic_addr(&epaddr).await?;

let server_name_verification: bool = epconf
.get(TLS_SERVER_NAME_VERIFICATION)
.unwrap_or(TLS_SERVER_NAME_VERIFICATION_DEFAULT)
.parse()?;

if !server_name_verification {
tracing::warn!("Skipping name verification of servers");
}

// Initialize the QUIC connection
let mut client_crypto = TlsClientConfig::new(&epconf)
.await
Expand All @@ -230,9 +221,12 @@ impl LinkManagerUnicastTrait for LinkManagerUnicastQuic {
};
let mut quic_endpoint = quinn::Endpoint::client(SocketAddr::new(ip_addr, 0))
.map_err(|e| zerror!("Can not create a new QUIC link bound to {}: {}", host, e))?;
quic_endpoint.set_default_client_config(quinn::ClientConfig::new(Arc::new(
client_crypto.client_config,
)));

let quic_config: QuicClientConfig = client_crypto
.client_config
.try_into()
.map_err(|e| zerror!("Can not create a new QUIC link bound to {host}: {e}"))?;
quic_endpoint.set_default_client_config(quinn::ClientConfig::new(Arc::new(quic_config)));

let src_addr = quic_endpoint
.local_addr()
Expand Down Expand Up @@ -276,8 +270,22 @@ impl LinkManagerUnicastTrait for LinkManagerUnicastQuic {
.map_err(|e| zerror!("Cannot create a new QUIC listener on {addr}: {e}"))?;
server_crypto.server_config.alpn_protocols =
ALPN_QUIC_HTTP.iter().map(|&x| x.into()).collect();
let mut server_config =
quinn::ServerConfig::with_crypto(Arc::new(server_crypto.server_config));

// Install ring based rustls CryptoProvider.
rustls::crypto::ring::default_provider()
// This can be called successfully at most once in any process execution.
// Call this early in your process to configure which provider is used for the provider.
// The configuration should happen before any use of ClientConfig::builder() or ServerConfig::builder().
.install_default()
// Ignore the error here, because `rustls::crypto::ring::default_provider().install_default()` will inevitably be executed multiple times
// when there are multiple quic links, and all but the first execution will fail.
.ok();

let quic_config: QuicServerConfig = server_crypto
.server_config
.try_into()
.map_err(|e| zerror!("Can not create a new QUIC listener on {addr}: {e}"))?;
let mut server_config = quinn::ServerConfig::with_crypto(Arc::new(quic_config));

// We do not accept unidireactional streams.
Arc::get_mut(&mut server_config.transport)
Expand Down
Loading

0 comments on commit 9d09742

Please sign in to comment.