mirror of
https://github.com/htrefil/rkvm.git
synced 2025-01-19 10:26:13 +01:00
Implement TLS for server
This commit is contained in:
parent
416e213478
commit
4d52e9809b
3 changed files with 27 additions and 3 deletions
|
@ -15,3 +15,4 @@ toml = "0.5.7"
|
|||
structopt = "0.3.20"
|
||||
log = "0.4.11"
|
||||
env_logger = "0.8.1"
|
||||
tokio-native-tls = "0.2.0"
|
||||
|
|
|
@ -1,10 +1,13 @@
|
|||
use serde::{Deserialize, Serialize};
|
||||
use std::collections::HashSet;
|
||||
use std::net::SocketAddr;
|
||||
use std::path::PathBuf;
|
||||
|
||||
#[derive(Serialize, Deserialize)]
|
||||
#[serde(rename_all = "kebab-case")]
|
||||
pub struct Config {
|
||||
pub listen_address: SocketAddr,
|
||||
pub switch_keys: HashSet<u16>,
|
||||
pub identity_path: PathBuf,
|
||||
pub identity_password: String,
|
||||
}
|
||||
|
|
|
@ -7,7 +7,7 @@ use std::collections::{HashMap, HashSet};
|
|||
use std::convert::Infallible;
|
||||
use std::io::{Error, ErrorKind};
|
||||
use std::net::SocketAddr;
|
||||
use std::path::PathBuf;
|
||||
use std::path::{Path, PathBuf};
|
||||
use std::process;
|
||||
use std::time::Duration;
|
||||
use structopt::StructOpt;
|
||||
|
@ -16,6 +16,7 @@ use tokio::io::{AsyncRead, AsyncWrite};
|
|||
use tokio::net::TcpListener;
|
||||
use tokio::sync::mpsc::{self, UnboundedReceiver, UnboundedSender};
|
||||
use tokio::time;
|
||||
use tokio_native_tls::native_tls::{Identity, TlsAcceptor};
|
||||
|
||||
async fn handle_connection<T>(
|
||||
mut stream: T,
|
||||
|
@ -48,7 +49,18 @@ where
|
|||
}
|
||||
}
|
||||
|
||||
async fn run(listen_address: SocketAddr, switch_keys: &HashSet<u16>) -> Result<Infallible, Error> {
|
||||
async fn run(
|
||||
listen_address: SocketAddr,
|
||||
switch_keys: &HashSet<u16>,
|
||||
identity_path: &Path,
|
||||
identity_password: &str,
|
||||
) -> Result<Infallible, Error> {
|
||||
let identity = fs::read(identity_path).await?;
|
||||
let identity = Identity::from_pkcs12(&identity, identity_password)
|
||||
.map_err(|err| Error::new(ErrorKind::InvalidData, err))?;
|
||||
let acceptor: tokio_native_tls::TlsAcceptor = TlsAcceptor::new(identity)
|
||||
.map_err(|err| Error::new(ErrorKind::InvalidData, err))
|
||||
.map(Into::into)?;
|
||||
let listener = TcpListener::bind(listen_address).await?;
|
||||
|
||||
log::info!("Listening on {}", listen_address);
|
||||
|
@ -64,6 +76,14 @@ async fn run(listen_address: SocketAddr, switch_keys: &HashSet<u16>) -> Result<I
|
|||
}
|
||||
};
|
||||
|
||||
let stream = match acceptor.accept(stream).await {
|
||||
Ok(stream) => stream,
|
||||
Err(err) => {
|
||||
log::error!("{}: TLS error: {}", address, err);
|
||||
continue;
|
||||
}
|
||||
};
|
||||
|
||||
let (sender, receiver) = mpsc::unbounded_channel();
|
||||
if client_sender.send(Ok(sender)).is_err() {
|
||||
return;
|
||||
|
@ -163,7 +183,7 @@ async fn main() {
|
|||
};
|
||||
|
||||
tokio::select! {
|
||||
result = run(config.listen_address, &config.switch_keys) => {
|
||||
result = run(config.listen_address, &config.switch_keys, &config.identity_path, &config.identity_password) => {
|
||||
if let Err(err) = result {
|
||||
log::error!("Error: {}", err);
|
||||
process::exit(1);
|
||||
|
|
Loading…
Reference in a new issue