mirror of
https://github.com/LemmyNet/lemmy.git
synced 2024-05-18 01:42:39 +00:00
Update rustls
This commit is contained in:
SleeplessOne1917
parent
db2ce81fc4
commit
acd541a0e9
661
Cargo.lock
generated
661
Cargo.lock
generated
File diff suppressed because it is too large
Load diff
|
|
@ -157,10 +157,10 @@ ts-rs = { version = "7.1.1", features = [
|
|||
"chrono-impl",
|
||||
"no-serde-warnings",
|
||||
] }
|
||||
rustls = { version = "0.21.11", features = ["dangerous_configuration"] }
|
||||
rustls = { version = "0.23.5", features = ["ring"] }
|
||||
futures-util = "0.3.30"
|
||||
tokio-postgres = "0.7.10"
|
||||
tokio-postgres-rustls = "0.10.0"
|
||||
tokio-postgres-rustls = "0.12.0"
|
||||
urlencoding = "2.1.3"
|
||||
enum-map = "2.7"
|
||||
moka = { version = "0.12.7", features = ["future"] }
|
||||
|
|
|
|||
|
|
@ -7,20 +7,17 @@ use diesel::{
|
|||
query_builder::{Query, QueryFragment},
|
||||
query_dsl::methods::LimitDsl,
|
||||
result::{
|
||||
ConnectionError,
|
||||
ConnectionResult,
|
||||
ConnectionError, ConnectionResult,
|
||||
Error::{self as DieselError, QueryBuilderError},
|
||||
},
|
||||
sql_types::{self, Timestamptz},
|
||||
IntoSql,
|
||||
OptionalExtension,
|
||||
IntoSql, OptionalExtension,
|
||||
};
|
||||
use diesel_async::{
|
||||
pg::AsyncPgConnection,
|
||||
pooled_connection::{
|
||||
deadpool::{Hook, HookError, Object as PooledConnection, Pool},
|
||||
AsyncDieselConnectionManager,
|
||||
ManagerConfig,
|
||||
AsyncDieselConnectionManager, ManagerConfig,
|
||||
},
|
||||
SimpleAsyncConnection,
|
||||
};
|
||||
|
|
@ -33,13 +30,17 @@ use lemmy_utils::{
|
|||
use once_cell::sync::Lazy;
|
||||
use regex::Regex;
|
||||
use rustls::{
|
||||
client::{ServerCertVerified, ServerCertVerifier},
|
||||
ServerName,
|
||||
client::danger::{
|
||||
DangerousClientConfigBuilder, HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier,
|
||||
},
|
||||
crypto::{self, verify_tls12_signature, verify_tls13_signature},
|
||||
pki_types::{CertificateDer, ServerName, UnixTime},
|
||||
ClientConfig, DigitallySignedStruct, SignatureScheme,
|
||||
};
|
||||
use std::{
|
||||
ops::{Deref, DerefMut},
|
||||
sync::Arc,
|
||||
time::{Duration, SystemTime},
|
||||
time::Duration,
|
||||
};
|
||||
use tracing::error;
|
||||
use url::Url;
|
||||
|
|
@ -312,10 +313,11 @@ pub fn diesel_option_overwrite_to_url_create(opt: &Option<String>) -> LemmyResul
|
|||
|
||||
fn establish_connection(config: &str) -> BoxFuture<ConnectionResult<AsyncPgConnection>> {
|
||||
let fut = async {
|
||||
let rustls_config = rustls::ClientConfig::builder()
|
||||
.with_safe_defaults()
|
||||
.with_custom_certificate_verifier(Arc::new(NoCertVerifier {}))
|
||||
.with_no_client_auth();
|
||||
let rustls_config = DangerousClientConfigBuilder {
|
||||
cfg: ClientConfig::builder(),
|
||||
}
|
||||
.with_custom_certificate_verifier(Arc::new(NoCertVerifier {}))
|
||||
.with_no_client_auth();
|
||||
|
||||
let tls = tokio_postgres_rustls::MakeRustlsConnect::new(rustls_config);
|
||||
let (client, conn) = tokio_postgres::connect(config, tls)
|
||||
|
|
@ -338,21 +340,55 @@ fn establish_connection(config: &str) -> BoxFuture<ConnectionResult<AsyncPgConne
|
|||
fut.boxed()
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
struct NoCertVerifier {}
|
||||
|
||||
impl ServerCertVerifier for NoCertVerifier {
|
||||
fn verify_server_cert(
|
||||
&self,
|
||||
_end_entity: &rustls::Certificate,
|
||||
_intermediates: &[rustls::Certificate],
|
||||
_end_entity: &CertificateDer,
|
||||
_intermediates: &[CertificateDer],
|
||||
_server_name: &ServerName,
|
||||
_scts: &mut dyn Iterator<Item = &[u8]>,
|
||||
_ocsp_response: &[u8],
|
||||
_now: SystemTime,
|
||||
_ocsp: &[u8],
|
||||
_now: UnixTime,
|
||||
) -> Result<ServerCertVerified, rustls::Error> {
|
||||
// Will verify all (even invalid) certs without any checks (sslmode=require)
|
||||
Ok(ServerCertVerified::assertion())
|
||||
}
|
||||
|
||||
fn verify_tls12_signature(
|
||||
&self,
|
||||
message: &[u8],
|
||||
cert: &CertificateDer,
|
||||
dss: &DigitallySignedStruct,
|
||||
) -> Result<HandshakeSignatureValid, rustls::Error> {
|
||||
verify_tls12_signature(
|
||||
message,
|
||||
cert,
|
||||
dss,
|
||||
&crypto::ring::default_provider().signature_verification_algorithms,
|
||||
)
|
||||
}
|
||||
|
||||
fn verify_tls13_signature(
|
||||
&self,
|
||||
message: &[u8],
|
||||
cert: &CertificateDer,
|
||||
dss: &DigitallySignedStruct,
|
||||
) -> Result<HandshakeSignatureValid, rustls::Error> {
|
||||
verify_tls13_signature(
|
||||
message,
|
||||
cert,
|
||||
dss,
|
||||
&crypto::ring::default_provider().signature_verification_algorithms,
|
||||
)
|
||||
}
|
||||
|
||||
fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
|
||||
crypto::ring::default_provider()
|
||||
.signature_verification_algorithms
|
||||
.supported_schemes()
|
||||
}
|
||||
}
|
||||
|
||||
pub async fn build_db_pool() -> LemmyResult<ActualDbPool> {
|
||||
|
|
|
|||
Loading…
Reference in a new issue