Add support for reading key/cert from stdin, better OpenSSL error messages
This commit is contained in:
parent
1650cefa0d
commit
7be828efdf
@ -44,6 +44,10 @@ usage: wireguard-proxy [options...]
|
|||||||
requires --tls-cert also
|
requires --tls-cert also
|
||||||
-tc, --tls-cert <ip:port> TLS cert to listen with,
|
-tc, --tls-cert <ip:port> TLS cert to listen with,
|
||||||
requires --tls-key also
|
requires --tls-key also
|
||||||
|
Note: with both --tls-key and --tls-cert,
|
||||||
|
- means stdin,
|
||||||
|
also the same file can work for both if you combine them into
|
||||||
|
one pem file
|
||||||
|
|
||||||
Common Options:
|
Common Options:
|
||||||
-h, --help print this usage text
|
-h, --help print this usage text
|
||||||
|
@ -124,6 +124,10 @@ fn main() {
|
|||||||
sha256 hashes preceded by "sha256//"
|
sha256 hashes preceded by "sha256//"
|
||||||
and separated by ";". Identical to curl's
|
and separated by ";". Identical to curl's
|
||||||
--pinnedpubkey and CURLOPT_PINNEDPUBLICKEY
|
--pinnedpubkey and CURLOPT_PINNEDPUBLICKEY
|
||||||
|
Note: with both --tls-key and --tls-cert,
|
||||||
|
only for -is (not -s) - means stdin,
|
||||||
|
also the same file can work for both if you combine them into
|
||||||
|
one pem file
|
||||||
|
|
||||||
Environment variable support:
|
Environment variable support:
|
||||||
For every command line option, short and long, if you replace all
|
For every command line option, short and long, if you replace all
|
||||||
|
@ -49,6 +49,10 @@ fn main() {
|
|||||||
requires --tls-cert also
|
requires --tls-cert also
|
||||||
-tc, --tls-cert <ip:port> TLS cert to listen with,
|
-tc, --tls-cert <ip:port> TLS cert to listen with,
|
||||||
requires --tls-key also
|
requires --tls-key also
|
||||||
|
Note: with both --tls-key and --tls-cert,
|
||||||
|
- means stdin,
|
||||||
|
also the same file can work for both if you combine them into
|
||||||
|
one pem file
|
||||||
|
|
||||||
Common Options:
|
Common Options:
|
||||||
-h, --help print this usage text
|
-h, --help print this usage text
|
||||||
|
@ -13,6 +13,9 @@ impl Error {
|
|||||||
pub fn new(msg: &str) -> Error {
|
pub fn new(msg: &str) -> Error {
|
||||||
Error(msg.to_owned())
|
Error(msg.to_owned())
|
||||||
}
|
}
|
||||||
|
pub fn new_owned(msg: String) -> Error {
|
||||||
|
Error(msg)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl std::fmt::Display for Error {
|
impl std::fmt::Display for Error {
|
||||||
|
@ -103,8 +103,32 @@ pub struct TlsListener {
|
|||||||
impl TlsListener {
|
impl TlsListener {
|
||||||
pub fn new(tls_key: &str, tls_cert: &str) -> Result<TlsListener> {
|
pub fn new(tls_key: &str, tls_cert: &str) -> Result<TlsListener> {
|
||||||
let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls())?;
|
let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls())?;
|
||||||
acceptor.set_private_key_file(tls_key, SslFiletype::PEM)?;
|
|
||||||
acceptor.set_certificate_chain_file(tls_cert)?;
|
if tls_key == "-" || tls_cert == "-" {
|
||||||
|
let mut key_and_or_cert = Vec::new();
|
||||||
|
println!("fully reading stdin...");
|
||||||
|
std::io::stdin().read_to_end(&mut key_and_or_cert)?;
|
||||||
|
println!("finished reading stdin");
|
||||||
|
|
||||||
|
if tls_key == "-" {
|
||||||
|
let tls_key = openssl::pkey::PKey::private_key_from_pem(&key_and_or_cert)?;
|
||||||
|
acceptor.set_private_key(&tls_key)?;
|
||||||
|
} else {
|
||||||
|
acceptor.set_private_key_file(tls_key, SslFiletype::PEM)?;
|
||||||
|
}
|
||||||
|
if tls_cert == "-" {
|
||||||
|
// todo: read whole chain here or???
|
||||||
|
let tls_cert = openssl::x509::X509::from_pem(&key_and_or_cert)?;
|
||||||
|
acceptor.set_certificate(&tls_cert)?;
|
||||||
|
} else {
|
||||||
|
acceptor.set_certificate_chain_file(tls_cert)?;
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
// set from files
|
||||||
|
acceptor.set_private_key_file(tls_key, SslFiletype::PEM)?;
|
||||||
|
acceptor.set_certificate_chain_file(tls_cert)?;
|
||||||
|
}
|
||||||
acceptor.check_private_key()?;
|
acceptor.check_private_key()?;
|
||||||
let acceptor = acceptor.build();
|
let acceptor = acceptor.build();
|
||||||
Ok(TlsListener {
|
Ok(TlsListener {
|
||||||
@ -118,7 +142,7 @@ impl TlsListener {
|
|||||||
|
|
||||||
impl From<openssl::error::ErrorStack> for Error {
|
impl From<openssl::error::ErrorStack> for Error {
|
||||||
fn from(value: openssl::error::ErrorStack) -> Self {
|
fn from(value: openssl::error::ErrorStack) -> Self {
|
||||||
Error::new(value.description())
|
Error::new_owned(format!("{}", value))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user