Merge pull request #388 from sfackler/split-tls

sfackler · web-flow · commit 9e313faa6e89 · 2018-11-10T16:26:49.000-08:00
Split openssl/native-tls support to separate crates
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -27,9 +27,7 @@ jobs:
   build:
     working_directory: ~/build
     docker:
-      - image: rust:1.20.0
-        environment:
-          RUSTFLAGS: -D warnings
+      - image: rust:1.26.0
       - image: sfackler/rust-postgres-test:3
     steps:
       - checkout
diff --git a/Cargo.toml b/Cargo.toml
@@ -4,5 +4,7 @@ members = [
     "postgres",
     "postgres-protocol",
     "postgres-shared",
+    "postgres-openssl",
+    "postgres-native-tls",
     "tokio-postgres"
 ]
diff --git a/postgres-native-tls/Cargo.toml b/postgres-native-tls/Cargo.toml
@@ -0,0 +1,9 @@
+[package]
+name = "postgres-native-tls"
+version = "0.1.0"
+authors = ["Steven Fackler <sfackler@gmail.com>"]
+
+[dependencies]
+native-tls = "0.2"
+
+postgres = { version = "0.15", path = "../postgres" }
diff --git a/postgres-native-tls/src/lib.rs b/postgres-native-tls/src/lib.rs
@@ -0,0 +1,72 @@
+pub extern crate native_tls;
+extern crate postgres;
+
+use native_tls::TlsConnector;
+use postgres::tls::{Stream, TlsHandshake, TlsStream};
+use std::error::Error;
+use std::fmt::{self, Debug};
+use std::io::{self, Read, Write};
+
+#[cfg(test)]
+mod test;
+
+pub struct NativeTls {
+    connector: TlsConnector,
+}
+
+impl Debug for NativeTls {
+    fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
+        fmt.debug_struct("NativeTls").finish()
+    }
+}
+
+impl NativeTls {
+    pub fn new() -> Result<NativeTls, native_tls::Error> {
+        let connector = TlsConnector::builder().build()?;
+        Ok(NativeTls::with_connector(connector))
+    }
+
+    pub fn with_connector(connector: TlsConnector) -> NativeTls {
+        NativeTls { connector }
+    }
+}
+
+impl TlsHandshake for NativeTls {
+    fn tls_handshake(
+        &self,
+        domain: &str,
+        stream: Stream,
+    ) -> Result<Box<TlsStream>, Box<Error + Sync + Send>> {
+        let stream = self.connector.connect(domain, stream)?;
+        Ok(Box::new(NativeTlsStream(stream)))
+    }
+}
+
+#[derive(Debug)]
+struct NativeTlsStream(native_tls::TlsStream<Stream>);
+
+impl Read for NativeTlsStream {
+    fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
+        self.0.read(buf)
+    }
+}
+
+impl Write for NativeTlsStream {
+    fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
+        self.0.write(buf)
+    }
+
+    fn flush(&mut self) -> io::Result<()> {
+        self.0.flush()
+    }
+}
+
+impl TlsStream for NativeTlsStream {
+    fn get_ref(&self) -> &Stream {
+        self.0.get_ref()
+    }
+
+    fn get_mut(&mut self) -> &mut Stream {
+        self.0.get_mut()
+    }
+}
diff --git a/postgres-native-tls/src/test.rs b/postgres-native-tls/src/test.rs
@@ -0,0 +1,21 @@
+use native_tls::{Certificate, TlsConnector};
+use postgres::{Connection, TlsMode};
+
+use NativeTls;
+
+#[test]
+fn connect() {
+    let cert = include_bytes!("../../test/server.crt");
+    let cert = Certificate::from_pem(cert).unwrap();
+
+    let mut builder = TlsConnector::builder();
+    builder.add_root_certificate(cert);
+    let connector = builder.build().unwrap();
+
+    let handshake = NativeTls::with_connector(connector);
+    let conn = Connection::connect(
+        "postgres://ssl_user@localhost:5433/postgres",
+        TlsMode::Require(&handshake),
+    ).unwrap();
+    conn.execute("SELECT 1::VARCHAR", &[]).unwrap();
+}
diff --git a/postgres-openssl/Cargo.toml b/postgres-openssl/Cargo.toml
@@ -0,0 +1,9 @@
+[package]
+name = "postgres-openssl"
+version = "0.1.0"
+authors = ["Steven Fackler <sfackler@gmail.com>"]
+
+[dependencies]
+openssl = "0.10.9"
+
+postgres = { version = "0.15", path = "../postgres" }
diff --git a/postgres-openssl/src/lib.rs b/postgres-openssl/src/lib.rs
@@ -0,0 +1,87 @@
+pub extern crate openssl;
+extern crate postgres;
+
+use openssl::error::ErrorStack;
+use openssl::ssl::{ConnectConfiguration, SslConnector, SslMethod, SslStream};
+use postgres::tls::{Stream, TlsHandshake, TlsStream};
+use std::error::Error;
+use std::fmt;
+use std::io::{self, Read, Write};
+
+#[cfg(test)]
+mod test;
+
+pub struct OpenSsl {
+    connector: SslConnector,
+    config: Box<Fn(&mut ConnectConfiguration) -> Result<(), ErrorStack> + Sync + Send>,
+}
+
+impl fmt::Debug for OpenSsl {
+    fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
+        fmt.debug_struct("OpenSsl").finish()
+    }
+}
+
+impl OpenSsl {
+    pub fn new() -> Result<OpenSsl, ErrorStack> {
+        let connector = SslConnector::builder(SslMethod::tls())?.build();
+        Ok(OpenSsl::with_connector(connector))
+    }
+
+    pub fn with_connector(connector: SslConnector) -> OpenSsl {
+        OpenSsl {
+            connector,
+            config: Box::new(|_| Ok(())),
+        }
+    }
+
+    pub fn callback<F>(&mut self, f: F)
+    where
+        F: Fn(&mut ConnectConfiguration) -> Result<(), ErrorStack> + 'static + Sync + Send,
+    {
+        self.config = Box::new(f);
+    }
+}
+
+impl TlsHandshake for OpenSsl {
+    fn tls_handshake(
+        &self,
+        domain: &str,
+        stream: Stream,
+    ) -> Result<Box<TlsStream>, Box<Error + Sync + Send>> {
+        let mut ssl = self.connector.configure()?;
+        (self.config)(&mut ssl)?;
+        let stream = ssl.connect(domain, stream)?;
+
+        Ok(Box::new(OpenSslStream(stream)))
+    }
+}
+
+#[derive(Debug)]
+struct OpenSslStream(SslStream<Stream>);
+
+impl Read for OpenSslStream {
+    fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
+        self.0.read(buf)
+    }
+}
+
+impl Write for OpenSslStream {
+    fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
+        self.0.write(buf)
+    }
+
+    fn flush(&mut self) -> io::Result<()> {
+        self.0.flush()
+    }
+}
+
+impl TlsStream for OpenSslStream {
+    fn get_ref(&self) -> &Stream {
+        self.0.get_ref()
+    }
+
+    fn get_mut(&mut self) -> &mut Stream {
+        self.0.get_mut()
+    }
+}
diff --git a/postgres-openssl/src/test.rs b/postgres-openssl/src/test.rs
@@ -0,0 +1,28 @@
+use openssl::ssl::{SslConnector, SslMethod};
+use postgres::{Connection, TlsMode};
+
+use OpenSsl;
+
+#[test]
+fn require() {
+    let mut builder = SslConnector::builder(SslMethod::tls()).unwrap();
+    builder.set_ca_file("../test/server.crt").unwrap();
+    let negotiator = OpenSsl::with_connector(builder.build());
+    let conn = Connection::connect(
+        "postgres://ssl_user@localhost:5433/postgres",
+        TlsMode::Require(&negotiator),
+    ).unwrap();
+    conn.execute("SELECT 1::VARCHAR", &[]).unwrap();
+}
+
+#[test]
+fn prefer() {
+    let mut builder = SslConnector::builder(SslMethod::tls()).unwrap();
+    builder.set_ca_file("../test/server.crt").unwrap();
+    let negotiator = OpenSsl::with_connector(builder.build());
+    let conn = Connection::connect(
+        "postgres://ssl_user@localhost:5433/postgres",
+        TlsMode::Require(&negotiator),
+    ).unwrap();
+    conn.execute("SELECT 1::VARCHAR", &[]).unwrap();
+}
diff --git a/postgres/src/tls/mod.rs b/postgres/src/tls/mod.rs
@@ -2,12 +2,14 @@
 pub use priv_io::Stream;
 
 use std::error::Error;
-use std::io::prelude::*;
 use std::fmt;
+use std::io::prelude::*;
 
 #[cfg(feature = "with-native-tls")]
+#[deprecated(since = "0.15.2", note = "use the postgres-native-tls crate")]
 pub mod native_tls;
 #[cfg(feature = "with-openssl")]
+#[deprecated(since = "0.15.2", note = "use the postgres-openssl crate")]
 pub mod openssl;
 #[cfg(feature = "with-schannel")]
 pub mod schannel;
diff --git a/postgres/tests/test.rs b/postgres/tests/test.rs
@@ -1,8 +1,4 @@
 extern crate fallible_iterator;
-#[cfg(feature = "native-tls")]
-extern crate native_tls;
-#[cfg(feature = "with-openssl")]
-extern crate openssl;
 extern crate postgres;
 #[macro_use]
 extern crate postgres_shared;
@@ -954,38 +950,6 @@ fn test_cancel_query() {
     t.join().unwrap();
 }
 
-#[test]
-#[cfg(feature = "with-openssl")]
-fn test_require_ssl_conn() {
-    use openssl::ssl::{SslConnectorBuilder, SslMethod};
-    use postgres::tls::openssl::OpenSsl;
-
-    let mut builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
-    builder.set_ca_file("../test/server.crt").unwrap();
-    let negotiator = OpenSsl::from(builder.build());
-    let conn = or_panic!(Connection::connect(
-        "postgres://postgres@localhost:5433",
-        TlsMode::Require(&negotiator),
-    ));
-    or_panic!(conn.execute("SELECT 1::VARCHAR", &[]));
-}
-
-#[test]
-#[cfg(feature = "with-openssl")]
-fn test_prefer_ssl_conn() {
-    use openssl::ssl::{SslConnectorBuilder, SslMethod};
-    use postgres::tls::openssl::OpenSsl;
-
-    let mut builder = SslConnectorBuilder::new(SslMethod::tls()).unwrap();
-    builder.set_ca_file("../test/server.crt").unwrap();
-    let negotiator = OpenSsl::from(builder.build());
-    let conn = or_panic!(Connection::connect(
-        "postgres://postgres@localhost:5433",
-        TlsMode::Require(&negotiator),
-    ));
-    or_panic!(conn.execute("SELECT 1::VARCHAR", &[]));
-}
-
 #[test]
 #[cfg(feature = "with-security-framework")]
 fn security_framework_ssl() {
@@ -1003,21 +967,6 @@ fn security_framework_ssl() {
     or_panic!(conn.execute("SELECT 1::VARCHAR", &[]));
 }
 
-#[test]
-#[ignore]
-// need to ignore until native-tls supports extra root certs :(
-#[cfg(feature = "with-native-tls")]
-fn native_tls_ssl() {
-    use postgres::tls::native_tls::NativeTls;
-
-    let negotiator = NativeTls::new().unwrap();
-    let conn = or_panic!(Connection::connect(
-        "postgres://postgres@localhost:5433",
-        TlsMode::Require(&negotiator),
-    ));
-    or_panic!(conn.execute("SELECT 1::VARCHAR", &[]));
-}
-
 #[test]
 fn test_plaintext_pass() {
     or_panic!(Connection::connect(

Original file line number	Diff line number	Diff line change
`@@ -4,5 +4,7 @@ members = [`
`4`	`4`	`"postgres",`
`5`	`5`	`"postgres-protocol",`
`6`	`6`	`"postgres-shared",`
	`7`	`+ "postgres-openssl",`
	`8`	`+ "postgres-native-tls",`
`7`	`9`	`"tokio-postgres"`
`8`	`10`	`]`