From ef120047c99343f0b4b3bfbed225324eb4456fb5 Mon Sep 17 00:00:00 2001 From: amesgen Date: Mon, 8 Apr 2024 23:43:32 +0200 Subject: [PATCH 1/6] Add rustls-platform-verifier binding --- Cargo.lock | 377 ++++++++++++++++++++++++++++++++++++++++++++++++-- Cargo.toml | 1 + src/cipher.rs | 22 ++- src/rustls.h | 15 +- 4 files changed, 402 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 12dc3354..8ea89ebd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -11,12 +11,30 @@ dependencies = [ "memchr", ] +[[package]] +name = "autocfg" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1fdabc7756949593fe60f30ec81974b613357de856987752631dea1e3394c80" + [[package]] name = "base64" version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9475866fec1451be56a3c2400fd081ff546538961565ccb5b7142cbd22bc7a51" +[[package]] +name = "bitflags" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" + +[[package]] +name = "bytes" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" + [[package]] name = "cc" version = "1.0.83" @@ -26,12 +44,44 @@ dependencies = [ "libc", ] +[[package]] +name = "cesu8" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c" + [[package]] name = "cfg-if" version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +[[package]] +name = "combine" +version = "4.6.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "35ed6e9d84f0b51a7f52daf1c7d71dd136fd7a3f41a8462b8cdb8c78d920fad4" +dependencies = [ + "bytes", + "memchr", +] + +[[package]] +name = "core-foundation" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "core-foundation-sys" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f" + [[package]] name = "getrandom" version = "0.2.11" @@ -43,6 +93,26 @@ dependencies = [ "wasi", ] +[[package]] +name = "jni" +version = "0.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c6df18c2e3db7e453d3c6ac5b3e9d5182664d28788126d39b91f2d1e22b017ec" +dependencies = [ + "cesu8", + "combine", + "jni-sys", + "log", + "thiserror", + "walkdir", +] + +[[package]] +name = "jni-sys" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8eaf4bc02d17cbdd7ff4c7438cafcdf7fb9a4613313ad11b4f8fefe7d3fa0130" + [[package]] name = "libc" version = "0.2.153" @@ -61,12 +131,65 @@ version = "2.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" +[[package]] +name = "num-bigint" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "608e7659b5c3d7cba262d894801b9ec9d00de989e8a82bd4bef91d08da45cdc0" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a" +dependencies = [ + "autocfg", +] + [[package]] name = "once_cell" version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" +[[package]] +name = "openssl-probe" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" + +[[package]] +name = "proc-macro2" +version = "1.0.79" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e835ff2298f5721608eb1a980ecaee1aef2c132bf95ecc026a11b7bf3c01c02e" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +dependencies = [ + "proc-macro2", +] + [[package]] name = "regex" version = "1.9.6" @@ -107,7 +230,7 @@ dependencies = [ "libc", "spin", "untrusted", - "windows-sys", + "windows-sys 0.48.0", ] [[package]] @@ -135,9 +258,23 @@ dependencies = [ "rustls", "rustls-pemfile", "rustls-pki-types", + "rustls-platform-verifier", "rustls-webpki", ] +[[package]] +name = "rustls-native-certs" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f1fb85efa936c42c6d5fc28d2629bb51e4b2f4b8a5211e297d599cc5a093792" +dependencies = [ + "openssl-probe", + "rustls-pemfile", + "rustls-pki-types", + "schannel", + "security-framework", +] + [[package]] name = "rustls-pemfile" version = "2.1.2" @@ -154,6 +291,33 @@ version = "1.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5ede67b28608b4c60685c7d54122d4400d90f62b40caee7700e700380a390fa8" +[[package]] +name = "rustls-platform-verifier" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5f0d26fa1ce3c790f9590868f0109289a044acb954525f933e2aa3b871c157d" +dependencies = [ + "core-foundation", + "core-foundation-sys", + "jni", + "log", + "once_cell", + "rustls", + "rustls-native-certs", + "rustls-platform-verifier-android", + "rustls-webpki", + "security-framework", + "security-framework-sys", + "webpki-roots", + "winapi", +] + +[[package]] +name = "rustls-platform-verifier-android" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "84e217e7fdc8466b5b35d30f8c0a30febd29173df4a3a0c2115d306b9c4117ad" + [[package]] name = "rustls-webpki" version = "0.102.2" @@ -171,6 +335,48 @@ version = "1.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4" +[[package]] +name = "same-file" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "schannel" +version = "0.1.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fbc91545643bcf3a0bbb6569265615222618bdf33ce4ffbbd13c4bbd4c093534" +dependencies = [ + "windows-sys 0.52.0", +] + +[[package]] +name = "security-framework" +version = "2.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "770452e37cad93e0a50d5abc3990d2bc351c36d0328f86cefec2f2fb206eaef6" +dependencies = [ + "bitflags", + "core-foundation", + "core-foundation-sys", + "libc", + "num-bigint", + "security-framework-sys", +] + +[[package]] +name = "security-framework-sys" +version = "2.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41f3cc463c0ef97e11c3461a9d3787412d30e8e7eb907c79180c4a57bf7c04ef" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "spin" version = "0.9.8" @@ -183,25 +389,121 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +[[package]] +name = "syn" +version = "2.0.58" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44cfb93f38070beee36b3fef7d4f5a16f27751d94b187b666a5cc5e9b0d30687" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "thiserror" +version = "1.0.58" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "03468839009160513471e86a034bb2c5c0e4baae3b43f79ffc55c4a5427b3297" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.58" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c61f3ba182994efc43764a46c018c347bc492c79f024e705f46567b418f6d4f7" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + [[package]] name = "untrusted" version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" +[[package]] +name = "walkdir" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" +dependencies = [ + "same-file", + "winapi-util", +] + [[package]] name = "wasi" version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" +[[package]] +name = "webpki-roots" +version = "0.26.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b3de34ae270483955a94f4b21bdaaeb83d508bb84a01435f393818edb0012009" +dependencies = [ + "rustls-pki-types", +] + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-util" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" +dependencies = [ + "winapi", +] + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + [[package]] name = "windows-sys" version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" dependencies = [ - "windows-targets", + "windows-targets 0.48.5", +] + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets 0.52.4", ] [[package]] @@ -210,13 +512,28 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" dependencies = [ - "windows_aarch64_gnullvm", - "windows_aarch64_msvc", - "windows_i686_gnu", - "windows_i686_msvc", - "windows_x86_64_gnu", - "windows_x86_64_gnullvm", - "windows_x86_64_msvc", + "windows_aarch64_gnullvm 0.48.5", + "windows_aarch64_msvc 0.48.5", + "windows_i686_gnu 0.48.5", + "windows_i686_msvc 0.48.5", + "windows_x86_64_gnu 0.48.5", + "windows_x86_64_gnullvm 0.48.5", + "windows_x86_64_msvc 0.48.5", +] + +[[package]] +name = "windows-targets" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7dd37b7e5ab9018759f893a1952c9420d060016fc19a472b4bb20d1bdd694d1b" +dependencies = [ + "windows_aarch64_gnullvm 0.52.4", + "windows_aarch64_msvc 0.52.4", + "windows_i686_gnu 0.52.4", + "windows_i686_msvc 0.52.4", + "windows_x86_64_gnu 0.52.4", + "windows_x86_64_gnullvm 0.52.4", + "windows_x86_64_msvc 0.52.4", ] [[package]] @@ -225,42 +542,84 @@ version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bcf46cf4c365c6f2d1cc93ce535f2c8b244591df96ceee75d8e83deb70a9cac9" + [[package]] name = "windows_aarch64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da9f259dd3bcf6990b55bffd094c4f7235817ba4ceebde8e6d11cd0c5633b675" + [[package]] name = "windows_i686_gnu" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" +[[package]] +name = "windows_i686_gnu" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b474d8268f99e0995f25b9f095bc7434632601028cf86590aea5c8a5cb7801d3" + [[package]] name = "windows_i686_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" +[[package]] +name = "windows_i686_msvc" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1515e9a29e5bed743cb4415a9ecf5dfca648ce85ee42e15873c3cd8610ff8e02" + [[package]] name = "windows_x86_64_gnu" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5eee091590e89cc02ad514ffe3ead9eb6b660aedca2183455434b93546371a03" + [[package]] name = "windows_x86_64_gnullvm" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77ca79f2451b49fa9e2af39f0747fe999fcda4f5e241b2898624dca97a1f2177" + [[package]] name = "windows_x86_64_msvc" version = "0.48.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32b752e52a2da0ddfbdbcc6fceadfeede4c939ed16d13e648833a61dfb611ed8" + [[package]] name = "zeroize" version = "1.7.0" diff --git a/Cargo.toml b/Cargo.toml index f6cc700e..5fbd2029 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -30,6 +30,7 @@ webpki = { package = "rustls-webpki", version = "0.102.0", default-features = fa libc = "0.2" rustls-pemfile = "2" log = "0.4.17" +rustls-platform-verifier = "0.3.1" [lib] name = "rustls_ffi" diff --git a/src/cipher.rs b/src/cipher.rs index 71f78988..06dd96a4 100644 --- a/src/cipher.rs +++ b/src/cipher.rs @@ -1161,9 +1161,27 @@ impl Castable for rustls_server_cert_verifier { } impl rustls_server_cert_verifier { + /// Create a new server certificate verifier that uses the system's root store and WebPKI via + /// [`rustls-platform-verifier`][]. + /// + /// The verifier can be used in several `rustls_client_config` instances and must be freed by + /// the application using `rustls_server_cert_verifier_free` when no longer needed. + /// + /// [`rustls-platform-verifier`]: https://github.com/rustls/rustls-platform-verifier + #[no_mangle] + pub extern "C" fn rustls_platform_server_cert_verifier() -> *mut rustls_server_cert_verifier { + ffi_panic_boundary! { + let verifier: Arc = Arc::new( + rustls_platform_verifier::Verifier::new() + .with_provider(rustls::crypto::ring::default_provider().into()), + ); + to_boxed_mut_ptr(verifier) + } + } + /// Free a `rustls_server_cert_verifier` previously returned from - /// `rustls_server_cert_verifier_builder_build`. Calling with NULL is fine. Must not be - /// called twice with the same value. + /// `rustls_server_cert_verifier_builder_build` or `rustls_platform_server_cert_verifier`. + /// Calling with NULL is fine. Must not be called twice with the same value. #[no_mangle] pub extern "C" fn rustls_server_cert_verifier_free(verifier: *mut rustls_server_cert_verifier) { ffi_panic_boundary! { diff --git a/src/rustls.h b/src/rustls.h index 87dae8c6..b42c7c9b 100644 --- a/src/rustls.h +++ b/src/rustls.h @@ -1250,10 +1250,21 @@ rustls_result rustls_web_pki_server_cert_verifier_builder_build(struct rustls_we */ void rustls_web_pki_server_cert_verifier_builder_free(struct rustls_web_pki_server_cert_verifier_builder *builder); +/** + * Create a new server certificate verifier that uses the system's root store and WebPKI via + * [`rustls-platform-verifier`][]. + * + * The verifier can be used in several `rustls_client_config` instances and must be freed by + * the application using `rustls_server_cert_verifier_free` when no longer needed. + * + * [`rustls-platform-verifier`]: https://github.com/rustls/rustls-platform-verifier + */ +struct rustls_server_cert_verifier *rustls_platform_server_cert_verifier(void); + /** * Free a `rustls_server_cert_verifier` previously returned from - * `rustls_server_cert_verifier_builder_build`. Calling with NULL is fine. Must not be - * called twice with the same value. + * `rustls_server_cert_verifier_builder_build` or `rustls_platform_server_cert_verifier`. + * Calling with NULL is fine. Must not be called twice with the same value. */ void rustls_server_cert_verifier_free(struct rustls_server_cert_verifier *verifier); From 4917ce3515dc736a72480ff5a6b4743db7571cb7 Mon Sep 17 00:00:00 2001 From: amesgen Date: Mon, 8 Apr 2024 23:43:41 +0200 Subject: [PATCH 2/6] tests: support rustls-platform-verifier in client --- tests/client.c | 17 ++++++++++++----- tests/client_server.rs | 6 ++++++ 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/tests/client.c b/tests/client.c index 612476a4..fe01f1e1 100644 --- a/tests/client.c +++ b/tests/client.c @@ -431,7 +431,15 @@ main(int argc, const char **argv) setmode(STDOUT_FILENO, O_BINARY); #endif - if(getenv("CA_FILE")) { + if(getenv("RUSTLS_PLATFORM_VERIFIER")) { + server_cert_verifier = rustls_platform_server_cert_verifier(); + if(server_cert_verifier == NULL) { + goto cleanup; + } + rustls_client_config_builder_set_server_verifier(config_builder, + server_cert_verifier); + } + else if(getenv("CA_FILE")) { server_cert_root_store_builder = rustls_root_cert_store_builder_new(); result = rustls_root_cert_store_builder_load_roots_from_file( server_cert_root_store_builder, getenv("CA_FILE"), true); @@ -444,7 +452,6 @@ main(int argc, const char **argv) if(result != RUSTLS_RESULT_OK) { goto cleanup; } - server_cert_verifier_builder = rustls_web_pki_server_cert_verifier_builder_new(server_cert_root_store); @@ -461,9 +468,9 @@ main(int argc, const char **argv) config_builder, verify); } else { - fprintf( - stderr, - "client: must set either CA_FILE or NO_CHECK_CERTIFICATE env var\n"); + fprintf(stderr, + "client: must set either RUSTLS_PLATFORM_VERIFIER or CA_FILE or " + "NO_CHECK_CERTIFICATE env var\n"); goto cleanup; } diff --git a/tests/client_server.rs b/tests/client_server.rs index df57504e..1627fc52 100644 --- a/tests/client_server.rs +++ b/tests/client_server.rs @@ -103,6 +103,12 @@ fn client_server_integration() { fn standard_client_tests(valgrind: Option) -> Vec { vec![ + ClientTest { + name: "rustls-platform-verifier", + valgrind: valgrind.clone(), + env: vec![("RUSTLS_PLATFORM_VERIFIER", "1")], + expect_error: true, + }, ClientTest { name: "With CA_FILE", valgrind: valgrind.clone(), From 9f42115ae0c7d1b6482b1e356061dc32c5dabc88 Mon Sep 17 00:00:00 2001 From: amesgen Date: Tue, 9 Apr 2024 00:01:05 +0200 Subject: [PATCH 3/6] tests: update expected MacOS linker parts --- tests/static_libs.rs | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tests/static_libs.rs b/tests/static_libs.rs index 18110910..3d2d2af1 100644 --- a/tests/static_libs.rs +++ b/tests/static_libs.rs @@ -46,7 +46,16 @@ fn expected_linker_parts() -> &'static [&'static str] { } #[cfg(target_os = "macos")] { - &["-liconv", "-lSystem", "-lc", "-lm"] + &[ + "-framework", + "Security", + "-framework", + "CoreFoundation", + "-liconv", + "-lSystem", + "-lc", + "-lm", + ] } #[cfg(target_os = "windows")] { From 07d41f3dc636d6df01d93153f11b248887862e83 Mon Sep 17 00:00:00 2001 From: amesgen Date: Mon, 8 Apr 2024 23:45:48 +0200 Subject: [PATCH 4/6] project: bump MSRV to 1.64 for rustls-platform-verifier --- .github/workflows/test.yaml | 4 +++- Cargo.toml | 2 +- README.md | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index d70dfc88..f2048b58 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -22,7 +22,9 @@ jobs: - stable - beta - nightly - - 1.61.0 # MSRV - keep in sync with what rustls considers MSRV + # MSRV - keep in sync with what rustls and rustls-platform-verifier + # consider MSRV + - 1.64.0 os: [ubuntu-latest] # but only stable on macos/windows (slower platforms) include: diff --git a/Cargo.toml b/Cargo.toml index 5fbd2029..2f5711c2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,7 @@ repository = "https://github.com/rustls/rustls-ffi" categories = ["network-programming", "cryptography"] edition = "2021" links = "rustls_ffi" -rust-version = "1.61" +rust-version = "1.64" [features] # Enable this feature when building as Rust dependency. It inhibits the diff --git a/README.md b/README.md index 721aa70d..9c81462e 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ to provide the cryptographic primitives. # Build -You'll need to [install the Rust toolchain](https://rustup.rs/) (version 1.61 +You'll need to [install the Rust toolchain](https://rustup.rs/) (version 1.64 or above) and a C compiler (`gcc` and `clang` should both work). ## Static Library From ad994b5945c9c5f6dac2b2ed7c36a079cc10c5b4 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 11 Apr 2024 17:45:22 -0400 Subject: [PATCH 5/6] tests: update Win expected libs, target_link_libraries --- tests/CMakeLists.txt | 4 ++-- tests/static_libs.rs | 10 +++++++--- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 6f24e019..cd30a772 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -15,7 +15,7 @@ IF(WIN32) client debug "${CMAKE_SOURCE_DIR}/target/debug/rustls_ffi.lib" optimized "${CMAKE_SOURCE_DIR}/target/release/rustls_ffi.lib" - advapi32.lib credui.lib kernel32.lib secur32.lib legacy_stdio_definitions.lib kernel32.lib advapi32.lib userenv.lib kernel32.lib kernel32.lib ws2_32.lib bcrypt.lib msvcrt.lib legacy_stdio_definitions.lib userenv.lib kernel32.lib msvcrt.lib ntdll.lib Synchronization.lib + advapi32.lib bcrypt.lib crypt32.lib cryptnet.lib kernel32.lib ncrypt.lib bcrypt.lib advapi32.lib legacy_stdio_definitions.lib kernel32.lib advapi32.lib kernel32.lib ntdll.lib userenv.lib ws2_32.lib synchronization.lib kernel32.lib ws2_32.lib kernel32.lib msvcrt.lib ) set_property(TARGET client PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreadedDLL") ENDIF(WIN32) @@ -34,7 +34,7 @@ IF(WIN32) server debug "${CMAKE_SOURCE_DIR}/target/debug/rustls_ffi.lib" optimized "${CMAKE_SOURCE_DIR}/target/release/rustls_ffi.lib" - advapi32.lib credui.lib kernel32.lib secur32.lib legacy_stdio_definitions.lib kernel32.lib advapi32.lib userenv.lib kernel32.lib kernel32.lib ws2_32.lib bcrypt.lib msvcrt.lib legacy_stdio_definitions.lib userenv.lib kernel32.lib msvcrt.lib ntdll.lib Synchronization.lib + advapi32.lib bcrypt.lib crypt32.lib cryptnet.lib kernel32.lib ncrypt.lib bcrypt.lib advapi32.lib legacy_stdio_definitions.lib kernel32.lib advapi32.lib kernel32.lib ntdll.lib userenv.lib ws2_32.lib synchronization.lib kernel32.lib ws2_32.lib kernel32.lib msvcrt.lib ) set_property(TARGET server PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreadedDLL") ENDIF(WIN32) diff --git a/tests/static_libs.rs b/tests/static_libs.rs index 3d2d2af1..a4f46f20 100644 --- a/tests/static_libs.rs +++ b/tests/static_libs.rs @@ -60,21 +60,25 @@ fn expected_linker_parts() -> &'static [&'static str] { #[cfg(target_os = "windows")] { &[ + "advapi32.lib", + "bcrypt.lib", + "crypt32.lib", + "cryptnet.lib", + "kernel32.lib", + "ncrypt.lib", "bcrypt.lib", "advapi32.lib", "legacy_stdio_definitions.lib", "kernel32.lib", "advapi32.lib", - "bcrypt.lib", "kernel32.lib", "ntdll.lib", "userenv.lib", "ws2_32.lib", + "synchronization.lib", "kernel32.lib", "ws2_32.lib", "kernel32.lib", - "ntdll.lib", - "kernel32.lib", "msvcrt.lib", ] } From 4d65d5a79f83d5ec76554127175d1e122eaaad8b Mon Sep 17 00:00:00 2001 From: amesgen Date: Sat, 13 Apr 2024 22:24:15 +0200 Subject: [PATCH 6/6] tests: connect to example.com via platform verifier --- .github/workflows/test.yaml | 2 ++ Makefile | 3 +++ 2 files changed, 5 insertions(+) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index f2048b58..a2babf2c 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -44,6 +44,8 @@ jobs: - env: CARGO_UNSTABLE_HTTP_REGISTRY: true run: make CC=${{ matrix.cc }} PROFILE=release test integration + - name: Platform verifier connect test + run: make connect-test valgrind: name: Valgrind diff --git a/Makefile b/Makefile index 1ae8e3df..ed373a57 100644 --- a/Makefile +++ b/Makefile @@ -34,6 +34,9 @@ test: all integration: all ${CARGO} test --locked -- --ignored +connect-test: target/client + RUSTLS_PLATFORM_VERIFIER=1 target/client example.com 443 / + target: mkdir -p $@