From fe4bb9b80e91877932ec4216d73ef8e7cd2a65c4 Mon Sep 17 00:00:00 2001 From: FranciscaOrtegaG Date: Mon, 19 Aug 2024 11:25:42 -0400 Subject: [PATCH] change: tcp connection to tls type --- Cargo.lock | 10 ++++++++++ Cargo.toml | 1 + src/client/tcp_connection.rs | 28 ++++++++++++++++++---------- 3 files changed, 29 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d50f7f98..dfff0d30 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -411,6 +411,7 @@ dependencies = [ "tokio-stream", "tokio-tls", "webpki", + "webpki-roots", ] [[package]] @@ -1482,6 +1483,15 @@ dependencies = [ "untrusted", ] +[[package]] +name = "webpki-roots" +version = "0.26.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd7c23921eeb1713a4e851530e9b9756e4fb0e89978582942612524cf09f01cd" +dependencies = [ + "rustls-pki-types", +] + [[package]] name = "which" version = "4.4.2" diff --git a/Cargo.toml b/Cargo.toml index f88c0de6..b4799936 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -26,5 +26,6 @@ rustls = "0.23.12" openssl = "0.10.66" tokio-rustls = "0.26.0" webpki = "0.22.4" +webpki-roots = "0.26.3" [lib] doctest = false diff --git a/src/client/tcp_connection.rs b/src/client/tcp_connection.rs index 0df8ca02..cfdcd784 100644 --- a/src/client/tcp_connection.rs +++ b/src/client/tcp_connection.rs @@ -5,9 +5,12 @@ use crate::message::rdata::a_rdata::ARdata; use crate::message::resource_record::ResourceRecord; use super::client_error::ClientError; use async_trait::async_trait; -use webpki::DNSNameRef; +use rustls::pki_types::ServerName; +use webpki::DnsNameRef; +use std::convert::TryFrom; use std::io::Error as IoError; use std::io::ErrorKind; +use std::iter::FromIterator; use tokio::io::AsyncWriteExt; use tokio::io::AsyncReadExt; use tokio::net::TcpStream; @@ -18,7 +21,6 @@ use tokio::time::timeout; use tokio_rustls::rustls::ClientConfig; use tokio_rustls::TlsConnector; use std::sync::Arc; -use webpki::DnsNameRef; #[derive(Clone, Copy, Debug, PartialEq, Eq)] pub struct ClientTCPConnection { @@ -66,18 +68,24 @@ impl ClientConnection for ClientTCPConnection { let full_msg: Vec = [&tcp_bytes_length, bytes.as_slice()].concat(); //get domain name - let server_name = dns_query.get_question().get_qname().get_name(); - let dns_name = DnsNameRef::try_from_ascii_str(&server_name); + let domain_name = dns_query.get_question().get_qname().get_name(); + let dns_name = DnsNameRef::try_from_ascii_str(&domain_name); if dns_name.is_err() { return Err(ClientError::Io(IoError::new(ErrorKind::InvalidInput, format!("Error: invalid domain name"))).into()); } - let mut config = ClientConfig::builder(); - config.root_hint_subjects.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS); - let config = Arc::new(config); - - let dns_name = dns_name.unwrap(); - let connector = TlsConnector::from(Arc::new(config)); + let root_store = rustls::RootCertStore::from_iter( + webpki_roots::TLS_SERVER_ROOTS + .iter() + .cloned(), + ); + let config = rustls::ClientConfig::builder().with_root_certificates(root_store).with_no_client_auth(); + let rc_config = Arc::new(config); + + + let dns_name = domain_name; + let server_name =ServerName::try_from(dns_name).expect("invalid DNS name"); + let connector = rustls::ClientConnection::new(rc_config, server_name); // stream.set_read_timeout(Some(timeout))?; //-> Se hace con tokio // stream.write(&full_msg)?;