Only need a reference to OutgoingVerifierConfig
Some checks failed
moparisthebest/xmpp-proxy/pipeline/head There was a failure building this commit
Some checks failed
moparisthebest/xmpp-proxy/pipeline/head There was a failure building this commit
This commit is contained in:
parent
5ae25e8aba
commit
c2e373ef07
@ -7,9 +7,9 @@ use crate::{
|
|||||||
use anyhow::Result;
|
use anyhow::Result;
|
||||||
use log::trace;
|
use log::trace;
|
||||||
|
|
||||||
pub async fn quic_connect(target: SocketAddr, server_name: &str, config: OutgoingVerifierConfig) -> Result<(StanzaWrite, StanzaRead)> {
|
pub async fn quic_connect(target: SocketAddr, server_name: &str, config: &OutgoingVerifierConfig) -> Result<(StanzaWrite, StanzaRead)> {
|
||||||
let bind_addr = "0.0.0.0:0".parse().unwrap();
|
let bind_addr = "0.0.0.0:0".parse().unwrap();
|
||||||
let client_cfg = config.config_alpn;
|
let client_cfg = config.config_alpn.clone();
|
||||||
|
|
||||||
let mut endpoint = quinn::Endpoint::client(bind_addr)?;
|
let mut endpoint = quinn::Endpoint::client(bind_addr)?;
|
||||||
endpoint.set_default_client_config(quinn::ClientConfig::new(client_cfg));
|
endpoint.set_default_client_config(quinn::ClientConfig::new(client_cfg));
|
||||||
|
14
src/srv.rs
14
src/srv.rs
@ -190,7 +190,7 @@ impl XmppConnection {
|
|||||||
stream_open: &[u8],
|
stream_open: &[u8],
|
||||||
in_filter: &mut StanzaFilter,
|
in_filter: &mut StanzaFilter,
|
||||||
client_addr: &mut Context<'_>,
|
client_addr: &mut Context<'_>,
|
||||||
config: OutgoingVerifierConfig,
|
config: &OutgoingVerifierConfig,
|
||||||
) -> Result<(StanzaWrite, StanzaRead, SocketAddr, &'static str)> {
|
) -> Result<(StanzaWrite, StanzaRead, SocketAddr, &'static str)> {
|
||||||
debug!("{} attempting connection to SRV: {:?}", client_addr.log_from(), self);
|
debug!("{} attempting connection to SRV: {:?}", client_addr.log_from(), self);
|
||||||
// todo: for DNSSEC we need to optionally allow target in addition to domain, but what for SNI
|
// todo: for DNSSEC we need to optionally allow target in addition to domain, but what for SNI
|
||||||
@ -207,28 +207,28 @@ impl XmppConnection {
|
|||||||
debug!("{} trying ip {}", client_addr.log_from(), to_addr);
|
debug!("{} trying ip {}", client_addr.log_from(), to_addr);
|
||||||
match self.conn_type {
|
match self.conn_type {
|
||||||
#[cfg(feature = "tls")]
|
#[cfg(feature = "tls")]
|
||||||
XmppConnectionType::StartTLS => match crate::tls::outgoing::starttls_connect(to_addr, domain, stream_open, in_filter, config.clone()).await {
|
XmppConnectionType::StartTLS => match crate::tls::outgoing::starttls_connect(to_addr, domain, stream_open, in_filter, config).await {
|
||||||
Ok((wr, rd)) => return Ok((wr, rd, to_addr, "starttls-out")),
|
Ok((wr, rd)) => return Ok((wr, rd, to_addr, "starttls-out")),
|
||||||
Err(e) => error!("starttls connection failed to IP {} from SRV {}, error: {}", to_addr, self.target, e),
|
Err(e) => error!("starttls connection failed to IP {} from SRV {}, error: {}", to_addr, self.target, e),
|
||||||
},
|
},
|
||||||
#[cfg(feature = "tls")]
|
#[cfg(feature = "tls")]
|
||||||
XmppConnectionType::DirectTLS => match crate::tls::outgoing::tls_connect(to_addr, domain, config.clone()).await {
|
XmppConnectionType::DirectTLS => match crate::tls::outgoing::tls_connect(to_addr, domain, config).await {
|
||||||
Ok((wr, rd)) => return Ok((wr, rd, to_addr, "directtls-out")),
|
Ok((wr, rd)) => return Ok((wr, rd, to_addr, "directtls-out")),
|
||||||
Err(e) => error!("direct tls connection failed to IP {} from SRV {}, error: {}", to_addr, self.target, e),
|
Err(e) => error!("direct tls connection failed to IP {} from SRV {}, error: {}", to_addr, self.target, e),
|
||||||
},
|
},
|
||||||
#[cfg(feature = "quic")]
|
#[cfg(feature = "quic")]
|
||||||
XmppConnectionType::QUIC => match crate::quic::outgoing::quic_connect(to_addr, domain, config.clone()).await {
|
XmppConnectionType::QUIC => match crate::quic::outgoing::quic_connect(to_addr, domain, config).await {
|
||||||
Ok((wr, rd)) => return Ok((wr, rd, to_addr, "quic-out")),
|
Ok((wr, rd)) => return Ok((wr, rd, to_addr, "quic-out")),
|
||||||
Err(e) => error!("quic connection failed to IP {} from SRV {}, error: {}", to_addr, self.target, e),
|
Err(e) => error!("quic connection failed to IP {} from SRV {}, error: {}", to_addr, self.target, e),
|
||||||
},
|
},
|
||||||
#[cfg(feature = "websocket")]
|
#[cfg(feature = "websocket")]
|
||||||
// todo: when websocket is found via DNS, we need to validate cert against domain, *not* target, this is a security problem with XEP-0156, we are doing it the secure but likely unexpected way here for now
|
// todo: when websocket is found via DNS, we need to validate cert against domain, *not* target, this is a security problem with XEP-0156, we are doing it the secure but likely unexpected way here for now
|
||||||
XmppConnectionType::WebSocket(ref url, ref origin) => match crate::websocket::outgoing::websocket_connect(to_addr, domain, url, origin, config.clone()).await {
|
XmppConnectionType::WebSocket(ref url, ref origin) => match crate::websocket::outgoing::websocket_connect(to_addr, domain, url, origin, config).await {
|
||||||
Ok((wr, rd)) => return Ok((wr, rd, to_addr, "websocket-out")),
|
Ok((wr, rd)) => return Ok((wr, rd, to_addr, "websocket-out")),
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
if self.secure && self.target != orig_domain {
|
if self.secure && self.target != orig_domain {
|
||||||
// https is a special case, as target is sent in the Host: header, so we have to literally try twice in case this is set for the other on the server
|
// https is a special case, as target is sent in the Host: header, so we have to literally try twice in case this is set for the other on the server
|
||||||
match crate::websocket::outgoing::websocket_connect(to_addr, orig_domain, url, origin, config.clone()).await {
|
match crate::websocket::outgoing::websocket_connect(to_addr, orig_domain, url, origin, config).await {
|
||||||
Ok((wr, rd)) => return Ok((wr, rd, to_addr, "websocket-out")),
|
Ok((wr, rd)) => return Ok((wr, rd, to_addr, "websocket-out")),
|
||||||
Err(e2) => error!("websocket connection failed to IP {} from TXT {}, error try 1: {}, error try 2: {}", to_addr, url, e, e2),
|
Err(e2) => error!("websocket connection failed to IP {} from TXT {}, error try 1: {}, error try 2: {}", to_addr, url, e, e2),
|
||||||
}
|
}
|
||||||
@ -466,7 +466,7 @@ pub async fn srv_connect(
|
|||||||
let (srvs, cert_verifier) = get_xmpp_connections(domain, is_c2s).await?;
|
let (srvs, cert_verifier) = get_xmpp_connections(domain, is_c2s).await?;
|
||||||
let config = config.with_custom_certificate_verifier(is_c2s, Arc::new(cert_verifier));
|
let config = config.with_custom_certificate_verifier(is_c2s, Arc::new(cert_verifier));
|
||||||
for srv in srvs {
|
for srv in srvs {
|
||||||
let connect = srv.connect(domain, stream_open, in_filter, client_addr, config.clone()).await;
|
let connect = srv.connect(domain, stream_open, in_filter, client_addr, &config).await;
|
||||||
if connect.is_err() {
|
if connect.is_err() {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -9,7 +9,7 @@ use rustls::ServerName;
|
|||||||
use std::{convert::TryFrom, net::SocketAddr};
|
use std::{convert::TryFrom, net::SocketAddr};
|
||||||
use tokio::io::AsyncWriteExt;
|
use tokio::io::AsyncWriteExt;
|
||||||
|
|
||||||
pub async fn tls_connect(target: SocketAddr, server_name: &str, config: OutgoingVerifierConfig) -> Result<(StanzaWrite, StanzaRead)> {
|
pub async fn tls_connect(target: SocketAddr, server_name: &str, config: &OutgoingVerifierConfig) -> Result<(StanzaWrite, StanzaRead)> {
|
||||||
let dnsname = ServerName::try_from(server_name)?;
|
let dnsname = ServerName::try_from(server_name)?;
|
||||||
let stream = tokio::net::TcpStream::connect(target).await?;
|
let stream = tokio::net::TcpStream::connect(target).await?;
|
||||||
let stream = config.connector_alpn.connect(dnsname, stream).await?;
|
let stream = config.connector_alpn.connect(dnsname, stream).await?;
|
||||||
@ -17,7 +17,7 @@ pub async fn tls_connect(target: SocketAddr, server_name: &str, config: Outgoing
|
|||||||
Ok((StanzaWrite::new(wrt), StanzaRead::new(rd)))
|
Ok((StanzaWrite::new(wrt), StanzaRead::new(rd)))
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn starttls_connect(target: SocketAddr, server_name: &str, stream_open: &[u8], in_filter: &mut StanzaFilter, config: OutgoingVerifierConfig) -> Result<(StanzaWrite, StanzaRead)> {
|
pub async fn starttls_connect(target: SocketAddr, server_name: &str, stream_open: &[u8], in_filter: &mut StanzaFilter, config: &OutgoingVerifierConfig) -> Result<(StanzaWrite, StanzaRead)> {
|
||||||
let dnsname = ServerName::try_from(server_name)?;
|
let dnsname = ServerName::try_from(server_name)?;
|
||||||
let mut stream = tokio::net::TcpStream::connect(target).await?;
|
let mut stream = tokio::net::TcpStream::connect(target).await?;
|
||||||
let (in_rd, mut in_wr) = stream.split();
|
let (in_rd, mut in_wr) = stream.split();
|
||||||
|
@ -15,7 +15,7 @@ use tokio_tungstenite::tungstenite::{
|
|||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
pub async fn websocket_connect(target: SocketAddr, server_name: &str, url: &Uri, origin: &str, config: OutgoingVerifierConfig) -> Result<(StanzaWrite, StanzaRead)> {
|
pub async fn websocket_connect(target: SocketAddr, server_name: &str, url: &Uri, origin: &str, config: &OutgoingVerifierConfig) -> Result<(StanzaWrite, StanzaRead)> {
|
||||||
let mut request = url.into_client_request()?;
|
let mut request = url.into_client_request()?;
|
||||||
request.headers_mut().append(SEC_WEBSOCKET_PROTOCOL, "xmpp".parse()?);
|
request.headers_mut().append(SEC_WEBSOCKET_PROTOCOL, "xmpp".parse()?);
|
||||||
request.headers_mut().append(ORIGIN, origin.parse()?);
|
request.headers_mut().append(ORIGIN, origin.parse()?);
|
||||||
|
Loading…
Reference in New Issue
Block a user