Reload cert/key on SIGHUP

This commit is contained in:
Travis Burtrum 2022-03-09 23:40:17 -05:00
parent a8487a4f1e
commit a5b93b10be
8 changed files with 213 additions and 161 deletions

238
Cargo.lock generated
View File

@ -19,9 +19,9 @@ dependencies = [
[[package]] [[package]]
name = "anyhow" name = "anyhow"
version = "1.0.52" version = "1.0.56"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "84450d0b4a8bd1ba4144ce8ce718fbc5d071358b1e5384bace6536b3d1f2d5b3" checksum = "4361135be9122e0870de935d7c439aef945b9f9ddd4199a553b5270b49c82a27"
[[package]] [[package]]
name = "async-compression" name = "async-compression"
@ -105,9 +105,9 @@ checksum = "c4872d67bab6358e59559027aa3b9157c53d9358c51423c17554809a8858e0f8"
[[package]] [[package]]
name = "cc" name = "cc"
version = "1.0.72" version = "1.0.73"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "22a9137b95ea06864e018375b72adfb7db6e6f68cfc8df5a04d00288050485ee" checksum = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11"
[[package]] [[package]]
name = "cfg-if" name = "cfg-if"
@ -117,9 +117,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]] [[package]]
name = "core-foundation" name = "core-foundation"
version = "0.9.2" version = "0.9.3"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6888e10551bb93e424d8df1d07f1a8b4fceb0001a3a4b048bfc47554946f47b3" checksum = "194a7a9e6de53fa55116934067c844d9d749312f75c6f6d0980e8c252f8c2146"
dependencies = [ dependencies = [
"core-foundation-sys", "core-foundation-sys",
"libc", "libc",
@ -181,9 +181,9 @@ dependencies = [
[[package]] [[package]]
name = "enum-as-inner" name = "enum-as-inner"
version = "0.3.3" version = "0.3.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7c5f0096a91d210159eceb2ff5e1c4da18388a170e1e3ce948aac9c8fdbbf595" checksum = "570d109b813e904becc80d8d5da38376818a143348413f7149f1340fe04754d4"
dependencies = [ dependencies = [
"heck", "heck",
"proc-macro2", "proc-macro2",
@ -234,9 +234,9 @@ dependencies = [
[[package]] [[package]]
name = "futures" name = "futures"
version = "0.3.19" version = "0.3.21"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "28560757fe2bb34e79f907794bb6b22ae8b0e5c669b638a1132f2592b19035b4" checksum = "f73fe65f54d1e12b726f517d3e2135ca3125a437b6d998caf1962961f7172d9e"
dependencies = [ dependencies = [
"futures-channel", "futures-channel",
"futures-core", "futures-core",
@ -249,9 +249,9 @@ dependencies = [
[[package]] [[package]]
name = "futures-channel" name = "futures-channel"
version = "0.3.19" version = "0.3.21"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ba3dda0b6588335f360afc675d0564c17a77a2bda81ca178a4b6081bd86c7f0b" checksum = "c3083ce4b914124575708913bca19bfe887522d6e2e6d0952943f5eac4a74010"
dependencies = [ dependencies = [
"futures-core", "futures-core",
"futures-sink", "futures-sink",
@ -259,15 +259,15 @@ dependencies = [
[[package]] [[package]]
name = "futures-core" name = "futures-core"
version = "0.3.19" version = "0.3.21"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d0c8ff0461b82559810cdccfde3215c3f373807f5e5232b71479bff7bb2583d7" checksum = "0c09fd04b7e4073ac7156a9539b57a484a8ea920f79c7c675d05d289ab6110d3"
[[package]] [[package]]
name = "futures-executor" name = "futures-executor"
version = "0.3.19" version = "0.3.21"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "29d6d2ff5bb10fb95c85b8ce46538a2e5f5e7fdc755623a7d4529ab8a4ed9d2a" checksum = "9420b90cfa29e327d0429f19be13e7ddb68fa1cccb09d65e5706b8c7a749b8a6"
dependencies = [ dependencies = [
"futures-core", "futures-core",
"futures-task", "futures-task",
@ -276,15 +276,15 @@ dependencies = [
[[package]] [[package]]
name = "futures-io" name = "futures-io"
version = "0.3.19" version = "0.3.21"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b1f9d34af5a1aac6fb380f735fe510746c38067c5bf16c7fd250280503c971b2" checksum = "fc4045962a5a5e935ee2fdedaa4e08284547402885ab326734432bed5d12966b"
[[package]] [[package]]
name = "futures-macro" name = "futures-macro"
version = "0.3.19" version = "0.3.21"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6dbd947adfffb0efc70599b3ddcf7b5597bb5fa9e245eb99f62b3a5f7bb8bd3c" checksum = "33c1e13800337f4d4d7a316bf45a567dbcb6ffe087f16424852d97e97a91f512"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
@ -293,21 +293,21 @@ dependencies = [
[[package]] [[package]]
name = "futures-sink" name = "futures-sink"
version = "0.3.19" version = "0.3.21"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e3055baccb68d74ff6480350f8d6eb8fcfa3aa11bdc1a1ae3afdd0514617d508" checksum = "21163e139fa306126e6eedaf49ecdb4588f939600f0b1e770f4205ee4b7fa868"
[[package]] [[package]]
name = "futures-task" name = "futures-task"
version = "0.3.19" version = "0.3.21"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6ee7c6485c30167ce4dfb83ac568a849fe53274c831081476ee13e0dce1aad72" checksum = "57c66a976bf5909d801bbef33416c41372779507e7a6b3a5e25e4749c58f776a"
[[package]] [[package]]
name = "futures-util" name = "futures-util"
version = "0.3.19" version = "0.3.21"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d9b5cf40b47a271f77a8b1bec03ca09044d99d2372c0de244e66430761127164" checksum = "d8b7abd5d659d9b90c8cba917f6ec750a74e2dc23902ef9cd4cc8c8b22e6036a"
dependencies = [ dependencies = [
"futures-channel", "futures-channel",
"futures-core", "futures-core",
@ -342,9 +342,9 @@ dependencies = [
[[package]] [[package]]
name = "getrandom" name = "getrandom"
version = "0.2.4" version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "418d37c8b1d42553c93648be529cb70f920d3baf8ef469b74b9638df426e0b4c" checksum = "d39cd93900197114fa1fcb7ae84ca742095eed9442088988ae74fa744e930e77"
dependencies = [ dependencies = [
"cfg-if", "cfg-if",
"libc", "libc",
@ -353,9 +353,9 @@ dependencies = [
[[package]] [[package]]
name = "h2" name = "h2"
version = "0.3.11" version = "0.3.12"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d9f1f717ddc7b2ba36df7e871fd88db79326551d3d6f1fc406fbfd28b582ff8e" checksum = "62eeb471aa3e3c9197aa4bfeabfe02982f6dc96f750486c0bb0009ac58b26d2b"
dependencies = [ dependencies = [
"bytes", "bytes",
"fnv", "fnv",
@ -378,12 +378,9 @@ checksum = "ab5ef0d4909ef3724cc8cce6ccc8572c5c817592e9285f5464f8e86f8bd3726e"
[[package]] [[package]]
name = "heck" name = "heck"
version = "0.3.3" version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6d621efb26863f0e9924c6ac577e8275e5e6b77455db64ffa6c65c904e9e132c" checksum = "2540771e65fc8cb83cd6e8a237f70c319bd5c29f78ed1084ba5d50eeac86f7f9"
dependencies = [
"unicode-segmentation",
]
[[package]] [[package]]
name = "hermit-abi" name = "hermit-abi"
@ -413,7 +410,7 @@ checksum = "31f4c6746584866f0feabcc69893c5b51beef3831656a968ed7ae254cdc4fd03"
dependencies = [ dependencies = [
"bytes", "bytes",
"fnv", "fnv",
"itoa 1.0.1", "itoa",
] ]
[[package]] [[package]]
@ -429,9 +426,9 @@ dependencies = [
[[package]] [[package]]
name = "httparse" name = "httparse"
version = "1.5.1" version = "1.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "acd94fdbe1d4ff688b67b04eee2e17bd50995534a61539e45adfefb45e5e5503" checksum = "9100414882e15fb7feccb4897e5f0ff0ff1ca7d1a86a23208ada4d7a18e6c6c4"
[[package]] [[package]]
name = "httpdate" name = "httpdate"
@ -447,9 +444,9 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
[[package]] [[package]]
name = "hyper" name = "hyper"
version = "0.14.16" version = "0.14.17"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b7ec3e62bdc98a2f0393a5048e4c30ef659440ea6e0e572965103e72bd836f55" checksum = "043f0e083e9901b6cc658a77d1eb86f4fc650bbb977a4337dd63192826aa85dd"
dependencies = [ dependencies = [
"bytes", "bytes",
"futures-channel", "futures-channel",
@ -460,9 +457,9 @@ dependencies = [
"http-body", "http-body",
"httparse", "httparse",
"httpdate", "httpdate",
"itoa 0.4.8", "itoa",
"pin-project-lite", "pin-project-lite",
"socket2 0.4.2", "socket2 0.4.4",
"tokio", "tokio",
"tower-service", "tower-service",
"tracing", "tracing",
@ -526,15 +523,9 @@ dependencies = [
[[package]] [[package]]
name = "ipnet" name = "ipnet"
version = "2.3.1" version = "2.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "68f2d64f2edebec4ce84ad108148e67e1064789bee435edc5b60ad398714a3a9" checksum = "35e70ee094dc02fd9c13fdad4940090f22dbd6ac7c9e7094a46cf0232a50bc7c"
[[package]]
name = "itoa"
version = "0.4.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4"
[[package]] [[package]]
name = "itoa" name = "itoa"
@ -559,9 +550,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
[[package]] [[package]]
name = "libc" name = "libc"
version = "0.2.112" version = "0.2.119"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1b03d17f364a3a042d5e5d46b053bbbf82c92c9430c592dd4c064dc6ee997125" checksum = "1bf2e165bb3457c8e098ea76f3e3bc9db55f87aa90d52d0e6be741470916aaa4"
[[package]] [[package]]
name = "linked-hash-map" name = "linked-hash-map"
@ -571,9 +562,9 @@ checksum = "7fb9b38af92608140b86b693604b9ffcc5824240a484d1ecd4795bacb2fe88f3"
[[package]] [[package]]
name = "lock_api" name = "lock_api"
version = "0.4.5" version = "0.4.6"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "712a4d093c9976e24e7dbca41db895dabcbac38eb5f4045393d17a95bdfb1109" checksum = "88943dd7ef4a2e5a4bfa2753aaab3013e34ce2533d1996fb18ef591e315e2b3b"
dependencies = [ dependencies = [
"scopeguard", "scopeguard",
] ]
@ -643,6 +634,19 @@ dependencies = [
"winapi", "winapi",
] ]
[[package]]
name = "mio"
version = "0.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ba272f85fa0b41fc91872be579b3bbe0f56b792aa361a380eb669469f68dafb2"
dependencies = [
"libc",
"log",
"miow",
"ntapi",
"winapi",
]
[[package]] [[package]]
name = "miow" name = "miow"
version = "0.3.7" version = "0.3.7"
@ -654,9 +658,9 @@ dependencies = [
[[package]] [[package]]
name = "ntapi" name = "ntapi"
version = "0.3.6" version = "0.3.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3f6bb902e437b6d86e03cce10a7e2af662292c5dfef23b65899ea3ac9354ad44" checksum = "c28774a7fd2fbb4f0babd8237ce554b73af68021b5f695a3cebd6c59bac0980f"
dependencies = [ dependencies = [
"winapi", "winapi",
] ]
@ -673,9 +677,9 @@ dependencies = [
[[package]] [[package]]
name = "once_cell" name = "once_cell"
version = "1.9.0" version = "1.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "da32515d9f6e6e489d7bc9d84c71b060db7247dc035bbe44eac88cf87486d8d5" checksum = "87f3e037eac156d1775da914196f0f37741a274155e34a0b7e427c35d2a2ecb9"
[[package]] [[package]]
name = "opaque-debug" name = "opaque-debug"
@ -755,9 +759,9 @@ checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0"
[[package]] [[package]]
name = "quinn" name = "quinn"
version = "0.8.0" version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "61a84d97630b137463c8e6802adc1dfe9de81457b41bb1ac59189e6761ab9255" checksum = "584865613896a1f644d757e52c45c573441c8b04cac38ac13990b0235203db66"
dependencies = [ dependencies = [
"bytes", "bytes",
"futures-channel", "futures-channel",
@ -774,9 +778,9 @@ dependencies = [
[[package]] [[package]]
name = "quinn-proto" name = "quinn-proto"
version = "0.8.0" version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "063dedf7983c8d57db474218f258daa85b627de6f2dbc458b690a93b1de790e8" checksum = "d2b1562bf4998b0c6d1841a4742b7103bb82cdde61374833de826bab9e8ad498"
dependencies = [ dependencies = [
"bytes", "bytes",
"fxhash", "fxhash",
@ -794,38 +798,37 @@ dependencies = [
[[package]] [[package]]
name = "quinn-udp" name = "quinn-udp"
version = "0.1.0" version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5f7996776e9ee3fc0e5c14476c1a640a17e993c847ae9c81191c2c102fbef903" checksum = "df185e5e5f7611fa6e628ed8f9633df10114b03bbaecab186ec55822c44ac727"
dependencies = [ dependencies = [
"futures-util", "futures-util",
"libc", "libc",
"mio", "mio 0.7.14",
"quinn-proto", "quinn-proto",
"socket2 0.4.2", "socket2 0.4.4",
"tokio", "tokio",
"tracing", "tracing",
] ]
[[package]] [[package]]
name = "quote" name = "quote"
version = "1.0.14" version = "1.0.15"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "47aa80447ce4daf1717500037052af176af5d38cc3e571d9ec1c7353fc10c87d" checksum = "864d3e96a899863136fc6e99f3d7cae289dafe43bf2c5ac19b70df7210c0a145"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
] ]
[[package]] [[package]]
name = "rand" name = "rand"
version = "0.8.4" version = "0.8.5"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2e7573632e6454cf6b99d7aac4ccca54be06da05aca2ef7423d22d27d4d4bcd8" checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
dependencies = [ dependencies = [
"libc", "libc",
"rand_chacha", "rand_chacha",
"rand_core", "rand_core",
"rand_hc",
] ]
[[package]] [[package]]
@ -847,29 +850,20 @@ dependencies = [
"getrandom", "getrandom",
] ]
[[package]]
name = "rand_hc"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d51e9f596de227fda2ea6c84607f5558e196eeaf43c986b724ba4fb8fdf497e7"
dependencies = [
"rand_core",
]
[[package]] [[package]]
name = "redox_syscall" name = "redox_syscall"
version = "0.2.10" version = "0.2.11"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8383f39639269cde97d255a32bdb68c047337295414940c68bdd30c2e13203ff" checksum = "8380fe0152551244f0747b1bf41737e0f8a74f97a14ccefd1148187271634f3c"
dependencies = [ dependencies = [
"bitflags", "bitflags",
] ]
[[package]] [[package]]
name = "regex" name = "regex"
version = "1.5.4" version = "1.5.5"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461" checksum = "1a11647b6b25ff05a515cb92c365cec08801e83423a235b51e231e1808747286"
dependencies = [ dependencies = [
"aho-corasick", "aho-corasick",
"memchr", "memchr",
@ -950,9 +944,9 @@ dependencies = [
[[package]] [[package]]
name = "rustls" name = "rustls"
version = "0.20.2" version = "0.20.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d37e5e2290f3e040b594b1a9e04377c2c671f1a1cfd9bfdef82106ac1c113f84" checksum = "4fbfeb8d0ddb84706bc597a5574ab8912817c52a397f819e5b614e2265206921"
dependencies = [ dependencies = [
"log", "log",
"ring", "ring",
@ -1015,9 +1009,9 @@ dependencies = [
[[package]] [[package]]
name = "security-framework" name = "security-framework"
version = "2.5.0" version = "2.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d09d3c15d814eda1d6a836f2f2b56a6abc1446c8a34351cb3180d3db92ffe4ce" checksum = "2dc14f172faf8a0194a3aded622712b0de276821addc574fa54fc0a1167e10dc"
dependencies = [ dependencies = [
"bitflags", "bitflags",
"core-foundation", "core-foundation",
@ -1028,9 +1022,9 @@ dependencies = [
[[package]] [[package]]
name = "security-framework-sys" name = "security-framework-sys"
version = "2.5.0" version = "2.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e90dd10c41c6bfc633da6e0c659bd25d31e0791e5974ac42970267d59eba87f7" checksum = "0160a13a177a45bfb43ce71c01580998474f556ad854dcbca936dd2841a5c556"
dependencies = [ dependencies = [
"core-foundation-sys", "core-foundation-sys",
"libc", "libc",
@ -1038,18 +1032,18 @@ dependencies = [
[[package]] [[package]]
name = "serde" name = "serde"
version = "1.0.133" version = "1.0.136"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "97565067517b60e2d1ea8b268e59ce036de907ac523ad83a0475da04e818989a" checksum = "ce31e24b01e1e524df96f1c2fdd054405f8d7376249a5110886fb4b658484789"
dependencies = [ dependencies = [
"serde_derive", "serde_derive",
] ]
[[package]] [[package]]
name = "serde_derive" name = "serde_derive"
version = "1.0.133" version = "1.0.136"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ed201699328568d8d08208fdd080e3ff594e6c422e438b6705905da01005d537" checksum = "08597e7152fcd306f41838ed3e37be9eaeed2b61c42e2117266a554fab4662f9"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
@ -1062,7 +1056,7 @@ version = "1.0.79"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e8d9fa5c3b304765ce1fd9c4c8a3de2c8db365a5b91be52f186efc675681d95" checksum = "8e8d9fa5c3b304765ce1fd9c4c8a3de2c8db365a5b91be52f186efc675681d95"
dependencies = [ dependencies = [
"itoa 1.0.1", "itoa",
"ryu", "ryu",
"serde", "serde",
] ]
@ -1074,7 +1068,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd"
dependencies = [ dependencies = [
"form_urlencoded", "form_urlencoded",
"itoa 1.0.1", "itoa",
"ryu", "ryu",
"serde", "serde",
] ]
@ -1092,6 +1086,15 @@ dependencies = [
"opaque-debug", "opaque-debug",
] ]
[[package]]
name = "signal-hook-registry"
version = "1.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e51e73328dc4ac0c7ccbda3a494dfa03df1de2f46018127f60c693f2648455b0"
dependencies = [
"libc",
]
[[package]] [[package]]
name = "slab" name = "slab"
version = "0.4.5" version = "0.4.5"
@ -1117,9 +1120,9 @@ dependencies = [
[[package]] [[package]]
name = "socket2" name = "socket2"
version = "0.4.2" version = "0.4.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5dc90fe6c7be1a323296982db1836d1ea9e47b6839496dde9a541bc496df3516" checksum = "66d72b759436ae32898a2af0a14218dbf55efde3feeb170eb623637db85ee1e0"
dependencies = [ dependencies = [
"libc", "libc",
"winapi", "winapi",
@ -1144,9 +1147,9 @@ dependencies = [
[[package]] [[package]]
name = "termcolor" name = "termcolor"
version = "1.1.2" version = "1.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2dfed899f0eb03f32ee8c6a0aabdb8a7949659e3466561fc0adf54e26d88c5f4" checksum = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755"
dependencies = [ dependencies = [
"winapi-util", "winapi-util",
] ]
@ -1188,16 +1191,19 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c"
[[package]] [[package]]
name = "tokio" name = "tokio"
version = "1.15.0" version = "1.17.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fbbf1c778ec206785635ce8ad57fe52b3009ae9e0c9f574a728f3049d3e55838" checksum = "2af73ac49756f3f7c01172e34a23e5d0216f6c32333757c2c61feb2bbff5a5ee"
dependencies = [ dependencies = [
"bytes", "bytes",
"libc", "libc",
"memchr", "memchr",
"mio", "mio 0.8.0",
"num_cpus", "num_cpus",
"once_cell",
"pin-project-lite", "pin-project-lite",
"signal-hook-registry",
"socket2 0.4.4",
"tokio-macros", "tokio-macros",
"winapi", "winapi",
] ]
@ -1271,9 +1277,9 @@ checksum = "360dfd1d6d30e05fda32ace2c8c70e9c0a9da713275777f5a4dbb8a1893930c6"
[[package]] [[package]]
name = "tracing" name = "tracing"
version = "0.1.29" version = "0.1.32"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "375a639232caf30edfc78e8d89b2d4c375515393e7af7e16f01cd96917fb2105" checksum = "4a1bdf54a7c28a2bbf701e1d2233f6c77f473486b94bee4f9678da5a148dca7f"
dependencies = [ dependencies = [
"cfg-if", "cfg-if",
"pin-project-lite", "pin-project-lite",
@ -1283,9 +1289,9 @@ dependencies = [
[[package]] [[package]]
name = "tracing-attributes" name = "tracing-attributes"
version = "0.1.18" version = "0.1.20"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f4f480b8f81512e825f337ad51e94c1eb5d3bbdf2b363dcd01e2b19a9ffe3f8e" checksum = "2e65ce065b4b5c53e73bb28912318cb8c9e9ad3921f1d669eb0e68b4c8143a2b"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
@ -1294,18 +1300,18 @@ dependencies = [
[[package]] [[package]]
name = "tracing-core" name = "tracing-core"
version = "0.1.21" version = "0.1.23"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1f4ed65637b8390770814083d20756f87bfa2c21bf2f110babdc5438351746e4" checksum = "aa31669fa42c09c34d94d8165dd2012e8ff3c66aca50f3bb226b68f216f2706c"
dependencies = [ dependencies = [
"lazy_static", "lazy_static",
] ]
[[package]] [[package]]
name = "trust-dns-proto" name = "trust-dns-proto"
version = "0.20.3" version = "0.20.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ad0d7f5db438199a6e2609debe3f69f808d074e0a2888ee0bccb45fe234d03f4" checksum = "ca94d4e9feb6a181c690c4040d7a24ef34018d8313ac5044a61d21222ae24e31"
dependencies = [ dependencies = [
"async-trait", "async-trait",
"cfg-if", "cfg-if",
@ -1328,9 +1334,9 @@ dependencies = [
[[package]] [[package]]
name = "trust-dns-resolver" name = "trust-dns-resolver"
version = "0.20.3" version = "0.20.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f6ad17b608a64bd0735e67bde16b0636f8aa8591f831a25d18443ed00a699770" checksum = "ecae383baad9995efaa34ce8e57d12c3f305e545887472a492b838f4b5cfb77a"
dependencies = [ dependencies = [
"cfg-if", "cfg-if",
"futures-util", "futures-util",
@ -1394,12 +1400,6 @@ dependencies = [
"tinyvec", "tinyvec",
] ]
[[package]]
name = "unicode-segmentation"
version = "1.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8895849a949e7845e06bd6dc1aa51731a103c42707010a5b591c0038fb73385b"
[[package]] [[package]]
name = "unicode-xid" name = "unicode-xid"
version = "0.2.2" version = "0.2.2"

View File

@ -26,7 +26,7 @@ serde = { version = "1.0", features = ["derive"] }
futures = "0.3" futures = "0.3"
die = "0.2" die = "0.2"
anyhow = "1.0" anyhow = "1.0"
tokio = { version = "1.9", features = ["net", "rt", "rt-multi-thread", "macros", "io-util"] } tokio = { version = "1.9", features = ["net", "rt", "rt-multi-thread", "macros", "io-util", "signal"] }
ring = "0.16" ring = "0.16"
data-encoding = "2.3" data-encoding = "2.3"

View File

@ -7,7 +7,7 @@ use std::io::{BufReader, Read, Write};
use std::iter::Iterator; use std::iter::Iterator;
use std::net::SocketAddr; use std::net::SocketAddr;
use std::path::Path; use std::path::Path;
use std::sync::Arc; use std::sync::{Arc, RwLock};
use std::time::SystemTime; use std::time::SystemTime;
use die::Die; use die::Die;
@ -29,6 +29,8 @@ use tokio_rustls::{
}; };
use anyhow::{anyhow, bail, Result}; use anyhow::{anyhow, bail, Result};
use rustls::sign::CertifiedKey;
use rustls::SignatureScheme;
mod slicesubsequence; mod slicesubsequence;
use slicesubsequence::*; use slicesubsequence::*;
@ -127,6 +129,62 @@ pub struct CloneableConfig {
proxy: bool, proxy: bool,
} }
struct CertsKey {
inner: Result<RwLock<Arc<rustls::sign::CertifiedKey>>>,
}
impl CertsKey {
fn new(cert_key: Result<rustls::sign::CertifiedKey>) -> Self {
CertsKey {
inner: cert_key.map(|c| RwLock::new(Arc::new(c))),
}
}
#[cfg(unix)]
fn spawn_refresh_task(&'static self, cfg_path: OsString) -> Option<JoinHandle<Result<()>>> {
if self.inner.is_err() {
None
} else {
Some(tokio::spawn(async move {
use tokio::signal::unix::{signal, SignalKind};
let mut stream = signal(SignalKind::hangup())?;
loop {
stream.recv().await;
info!("got SIGHUP");
match Config::parse(&cfg_path).and_then(|c| c.certs_key()) {
Ok(cert_key) => {
if let Ok(rwl) = self.inner.as_ref() {
let cert_key = Arc::new(cert_key);
let mut certs_key = rwl.write().expect("CertKey poisoned?");
*certs_key = cert_key;
drop(certs_key);
info!("reloaded cert/key successfully!");
}
}
Err(e) => error!("invalid config/cert/key on SIGHUP: {}", e),
};
}
}))
}
}
}
impl rustls::server::ResolvesServerCert for CertsKey {
fn resolve(&self, _: rustls::server::ClientHello) -> Option<Arc<rustls::sign::CertifiedKey>> {
self.inner.as_ref().map(|rwl| rwl.read().expect("CertKey poisoned?").clone()).ok()
}
}
impl rustls::client::ResolvesClientCert for CertsKey {
fn resolve(&self, _: &[&[u8]], _: &[SignatureScheme]) -> Option<Arc<CertifiedKey>> {
self.inner.as_ref().map(|rwl| rwl.read().expect("CertKey poisoned?").clone()).ok()
}
fn has_certs(&self) -> bool {
self.inner.is_ok()
}
}
impl Config { impl Config {
fn parse<P: AsRef<Path>>(path: P) -> Result<Config> { fn parse<P: AsRef<Path>>(path: P) -> Result<Config> {
let mut f = File::open(path)?; let mut f = File::open(path)?;
@ -145,21 +203,10 @@ impl Config {
} }
#[cfg(feature = "outgoing")] #[cfg(feature = "outgoing")]
fn get_outgoing_cfg(&self) -> OutgoingConfig { fn get_outgoing_cfg(&self, certs_key: Arc<CertsKey>) -> OutgoingConfig {
let certs_key = match self.certs_key() { if let Err(e) = &certs_key.inner {
Ok((tls_certs, tls_key)) => { debug!("invalid key/cert for s2s client auth: {}", e);
ClientConfig::builder() }
.with_safe_defaults()
.with_root_certificates(root_cert_store())
.with_single_cert(tls_certs.clone(), tls_key.clone())
.die("invalid key for certs");
Some((tls_certs, tls_key))
}
Err(e) => {
debug!("invalid key/cert for s2s client auth: {}", e);
None
}
};
OutgoingConfig { OutgoingConfig {
max_stanza_size_bytes: self.max_stanza_size_bytes, max_stanza_size_bytes: self.max_stanza_size_bytes,
@ -168,7 +215,7 @@ impl Config {
} }
#[cfg(any(feature = "outgoing", feature = "incoming"))] #[cfg(any(feature = "outgoing", feature = "incoming"))]
fn certs_key(&self) -> Result<(Vec<Certificate>, PrivateKey)> { fn certs_key(&self) -> Result<rustls::sign::CertifiedKey> {
let mut tls_key: Vec<PrivateKey> = pkcs8_private_keys(&mut BufReader::new(File::open(&self.tls_key)?)) let mut tls_key: Vec<PrivateKey> = pkcs8_private_keys(&mut BufReader::new(File::open(&self.tls_key)?))
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key")) .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"))
.map(|mut keys| keys.drain(..).map(PrivateKey).collect())?; .map(|mut keys| keys.drain(..).map(PrivateKey).collect())?;
@ -181,17 +228,20 @@ impl Config {
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert")) .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert"))
.map(|mut certs| certs.drain(..).map(Certificate).collect())?; .map(|mut certs| certs.drain(..).map(Certificate).collect())?;
Ok((tls_certs, tls_key)) let tls_key = rustls::sign::any_supported_type(&tls_key)?;
Ok(rustls::sign::CertifiedKey::new(tls_certs, tls_key))
} }
#[cfg(feature = "incoming")] #[cfg(feature = "incoming")]
fn server_config(&self) -> Result<ServerConfig> { fn server_config(&self, certs_key: Arc<CertsKey>) -> Result<ServerConfig> {
let (tls_certs, tls_key) = self.certs_key()?; if let Err(e) = &certs_key.inner {
bail!("invalid cert/key: {}", e);
}
let mut config = ServerConfig::builder() let mut config = ServerConfig::builder()
.with_safe_defaults() .with_safe_defaults()
.with_client_cert_verifier(Arc::new(AllowAnonymousOrAnyCert)) .with_client_cert_verifier(Arc::new(AllowAnonymousOrAnyCert))
.with_single_cert(tls_certs, tls_key)?; .with_cert_resolver(certs_key);
// todo: will connecting without alpn work then? // todo: will connecting without alpn work then?
config.alpn_protocols.push(ALPN_XMPP_CLIENT.to_vec()); config.alpn_protocols.push(ALPN_XMPP_CLIENT.to_vec());
config.alpn_protocols.push(ALPN_XMPP_SERVER.to_vec()); config.alpn_protocols.push(ALPN_XMPP_SERVER.to_vec());
@ -200,8 +250,8 @@ impl Config {
} }
#[cfg(feature = "incoming")] #[cfg(feature = "incoming")]
fn tls_acceptor(&self) -> Result<TlsAcceptor> { fn tls_acceptor(&self, cert_key: Arc<CertsKey>) -> Result<TlsAcceptor> {
Ok(TlsAcceptor::from(Arc::new(self.server_config()?))) Ok(TlsAcceptor::from(Arc::new(self.server_config(cert_key)?)))
} }
} }
@ -209,18 +259,17 @@ impl Config {
#[cfg(feature = "outgoing")] #[cfg(feature = "outgoing")]
pub struct OutgoingConfig { pub struct OutgoingConfig {
max_stanza_size_bytes: usize, max_stanza_size_bytes: usize,
certs_key: Option<(Vec<Certificate>, PrivateKey)>, certs_key: Arc<CertsKey>,
} }
#[cfg(feature = "outgoing")] #[cfg(feature = "outgoing")]
impl OutgoingConfig { impl OutgoingConfig {
pub fn with_custom_certificate_verifier(&self, is_c2s: bool, cert_verifier: XmppServerCertVerifier) -> OutgoingVerifierConfig { pub fn with_custom_certificate_verifier(&self, is_c2s: bool, cert_verifier: XmppServerCertVerifier) -> OutgoingVerifierConfig {
let config = match (is_c2s, self.certs_key.as_ref()) { let config = match is_c2s {
(false, Some((tls_certs, tls_key))) => ClientConfig::builder() false => ClientConfig::builder()
.with_safe_defaults() .with_safe_defaults()
.with_custom_certificate_verifier(Arc::new(cert_verifier)) .with_custom_certificate_verifier(Arc::new(cert_verifier))
.with_single_cert(tls_certs.to_vec(), tls_key.to_owned()) .with_client_cert_resolver(self.certs_key.clone()),
.expect("cannot panic because key was checked for validity in OutgoingConfig constructor"),
_ => ClientConfig::builder() _ => ClientConfig::builder()
.with_safe_defaults() .with_safe_defaults()
.with_custom_certificate_verifier(Arc::new(cert_verifier)) .with_custom_certificate_verifier(Arc::new(cert_verifier))
@ -414,7 +463,8 @@ pub async fn stream_preamble(in_rd: &mut StanzaRead, in_wr: &mut StanzaWrite, cl
#[tokio::main] #[tokio::main]
//#[tokio::main(flavor = "multi_thread", worker_threads = 10)] //#[tokio::main(flavor = "multi_thread", worker_threads = 10)]
async fn main() { async fn main() {
let main_config = Config::parse(std::env::args_os().nth(1).unwrap_or_else(|| OsString::from("/etc/xmpp-proxy/xmpp-proxy.toml"))).die("invalid config file"); let cfg_path = std::env::args_os().nth(1).unwrap_or_else(|| OsString::from("/etc/xmpp-proxy/xmpp-proxy.toml"));
let main_config = Config::parse(&cfg_path).die("invalid config file");
#[cfg(feature = "logging")] #[cfg(feature = "logging")]
{ {
@ -434,28 +484,35 @@ async fn main() {
let config = main_config.get_cloneable_cfg(); let config = main_config.get_cloneable_cfg();
let certs_key = Arc::new(CertsKey::new(main_config.certs_key()));
let mut handles: Vec<JoinHandle<Result<()>>> = Vec::new(); let mut handles: Vec<JoinHandle<Result<()>>> = Vec::new();
#[cfg(feature = "incoming")] #[cfg(feature = "incoming")]
if let Some(ref listeners) = main_config.incoming_listen { if let Some(ref listeners) = main_config.incoming_listen {
let acceptor = main_config.tls_acceptor().die("invalid cert/key ?"); let acceptor = main_config.tls_acceptor(certs_key.clone()).die("invalid cert/key ?");
for listener in listeners { for listener in listeners {
handles.push(spawn_tls_listener(listener.parse().die("invalid listener address"), config.clone(), acceptor.clone())); handles.push(spawn_tls_listener(listener.parse().die("invalid listener address"), config.clone(), acceptor.clone()));
} }
} }
#[cfg(all(feature = "quic", feature = "incoming"))] #[cfg(all(feature = "quic", feature = "incoming"))]
if let Some(ref listeners) = main_config.quic_listen { if let Some(ref listeners) = main_config.quic_listen {
let quic_config = main_config.quic_server_config().die("invalid cert/key ?"); let quic_config = main_config.quic_server_config(certs_key.clone()).die("invalid cert/key ?");
for listener in listeners { for listener in listeners {
handles.push(spawn_quic_listener(listener.parse().die("invalid listener address"), config.clone(), quic_config.clone())); handles.push(spawn_quic_listener(listener.parse().die("invalid listener address"), config.clone(), quic_config.clone()));
} }
} }
#[cfg(feature = "outgoing")] #[cfg(feature = "outgoing")]
if let Some(ref listeners) = main_config.outgoing_listen { if let Some(ref listeners) = main_config.outgoing_listen {
let outgoing_cfg = main_config.get_outgoing_cfg(); let outgoing_cfg = main_config.get_outgoing_cfg(certs_key.clone());
for listener in listeners { for listener in listeners {
handles.push(spawn_outgoing_listener(listener.parse().die("invalid listener address"), outgoing_cfg.clone())); handles.push(spawn_outgoing_listener(listener.parse().die("invalid listener address"), outgoing_cfg.clone()));
} }
} }
#[cfg(unix)]
if let Some(refresh_task) = Box::leak(Box::new(certs_key.clone())).spawn_refresh_task(cfg_path) {
handles.push(refresh_task);
}
info!("xmpp-proxy started"); info!("xmpp-proxy started");
futures::future::join_all(handles).await; futures::future::join_all(handles).await;
info!("xmpp-proxy terminated"); info!("xmpp-proxy terminated");

View File

@ -40,7 +40,5 @@ pub fn spawn_outgoing_listener(local_addr: SocketAddr, config: OutgoingConfig) -
} }
}); });
} }
#[allow(unreachable_code)]
Ok(())
}) })
} }

View File

@ -23,10 +23,10 @@ pub async fn quic_connect(target: SocketAddr, server_name: &str, config: Outgoin
#[cfg(feature = "incoming")] #[cfg(feature = "incoming")]
impl Config { impl Config {
pub fn quic_server_config(&self) -> Result<ServerConfig> { pub fn quic_server_config(&self, cert_key: Arc<CertsKey>) -> Result<ServerConfig> {
let transport_config = TransportConfig::default(); let transport_config = TransportConfig::default();
// todo: configure transport_config here if needed // todo: configure transport_config here if needed
let server_config = self.server_config()?; let server_config = self.server_config(cert_key)?;
let mut server_config = quinn::ServerConfig::with_crypto(Arc::new(server_config)); let mut server_config = quinn::ServerConfig::with_crypto(Arc::new(server_config));
server_config.transport = Arc::new(transport_config); server_config.transport = Arc::new(transport_config);
@ -62,7 +62,6 @@ pub fn spawn_quic_listener(local_addr: SocketAddr, config: CloneableConfig, serv
}); });
} }
error!("quic listener shutting down, should never happen????"); error!("quic listener shutting down, should never happen????");
#[allow(unreachable_code)]
Ok(()) Ok(())
}) })
} }

View File

@ -527,7 +527,7 @@ mod tests {
use crate::srv::*; use crate::srv::*;
fn valid_posh(posh: &[u8], cert: &[u8]) -> bool { fn valid_posh(posh: &[u8], cert: &[u8]) -> bool {
let posh: PoshJson = serde_json::from_slice(&posh[..]).unwrap(); let posh: PoshJson = serde_json::from_slice(posh).unwrap();
let cert = BASE64.decode(cert).unwrap(); let cert = BASE64.decode(cert).unwrap();
println!("posh: {:?}", posh); println!("posh: {:?}", posh);
if let PoshJson::PoshFingerprints { fingerprints, expires } = posh { if let PoshJson::PoshFingerprints { fingerprints, expires } = posh {

View File

@ -74,8 +74,6 @@ pub fn spawn_tls_listener(local_addr: SocketAddr, config: CloneableConfig, accep
} }
}); });
} }
#[allow(unreachable_code)]
Ok(())
}) })
} }

View File

@ -52,7 +52,7 @@ impl ClientCertVerifier for AllowAnonymousOrAnyCert {
Some(Vec::new()) Some(Vec::new())
} }
fn verify_client_cert(&self, end_entity: &Certificate, intermediates: &[Certificate], now: SystemTime) -> Result<ClientCertVerified, Error> { fn verify_client_cert(&self, _: &Certificate, _: &[Certificate], _: SystemTime) -> Result<ClientCertVerified, Error> {
// this is checked only after the first <stream: stanza so we know the from= // this is checked only after the first <stream: stanza so we know the from=
Ok(ClientCertVerified::assertion()) Ok(ClientCertVerified::assertion())
} }