mirror/libsignal
0
0
Fork 0
mirror of https://github.com/signalapp/libsignal.git synced 2024-09-20 20:03:07 +02:00
Code

Allow specifying certificates when creating CdsiEndpointConnection

Browse Source
This commit is contained in:
moiseev-signal 2023-12-20 15:16:19 -08:00 committed by GitHub
parent e7e9ae5860
commit 931691ffcf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
rust/net/src/env.rs
View File

@ -62,10 +62,24 @@ impl<T: TransportConnector> CdsiEndpointConnection<SingleRouteThrottlingConnecti
cdsi: CdsiEndpoint<'static>,
connect_timeout: Duration,
transport_connector: T,
) -> Self {
Self::with_certs(
cdsi,
connect_timeout,
transport_connector,
RootCertificates::Signal,
)
}
pub fn with_certs(
cdsi: CdsiEndpoint<'static>,
connect_timeout: Duration,
transport_connector: T,
certs: RootCertificates,
) -> Self {
Self {
connection_manager: SingleRouteThrottlingConnectionManager::new(
cdsi.direct_connection(),
cdsi.direct_connection().with_certs(certs),
connect_timeout,
),
connector: WebSocketClientConnector::new(

26
rust/net/src/infra.rs
View File

@ -96,6 +96,11 @@ impl ConnectionParams {
decorators.push(decorator);
self
}
pub fn with_certs(mut self, certs: RootCertificates) -> Self {
self.certs = certs;
self
}
}
impl HttpRequestDecoratorSeq {
@ -167,7 +172,7 @@ impl TransportConnector for TcpSslTransportConnector {
)
.await?;
let ssl_config = client_ssl_connector_builder(connection_params.certs.clone(), alpn)?
let ssl_config = Self::builder(connection_params.certs.clone(), alpn)?
.build()
.configure()?;
@ -179,6 +184,15 @@ impl TransportConnector for TcpSslTransportConnector {
}
}
impl TcpSslTransportConnector {
fn builder(certs: RootCertificates, alpn: &[u8]) -> Result<SslConnectorBuilder, NetError> {
let mut ssl = SslConnector::builder(SslMethod::tls_client())?;
ssl.set_verify_cert_store(certs.try_into()?)?;
ssl.set_alpn_protos(alpn)?;
Ok(ssl)
}
}
pub(crate) async fn connect_tcp(
dns_resolver: &DnsResolver,
host: &str,
@ -197,16 +211,6 @@ pub(crate) async fn connect_tcp(
Err(NetError::TcpConnectionFailed)
}
pub(crate) fn client_ssl_connector_builder(
certs: RootCertificates,
alpn: &[u8],
) -> Result<SslConnectorBuilder, NetError> {
let mut ssl = SslConnector::builder(SslMethod::tls_client())?;
ssl.set_verify_cert_store(certs.try_into()?)?;
ssl.set_alpn_protos(alpn)?;
Ok(ssl)
}
#[cfg(test)]
pub(crate) mod test {
use hyper::Request;