├── .gitignore ├── .travis.yml ├── CHANGELOG.md ├── Cargo.toml ├── LICENSE ├── LICENSE-APACHE ├── LICENSE-MIT ├── README.md ├── appveyor.yml ├── examples ├── download-rust-lang.rs ├── hyper-client.rs ├── hyper-server.rs ├── identity.p12 └── tls-echo.rs ├── src └── lib.rs └── tests ├── bad.rs ├── google.rs └── smoke.rs /.gitignore: -------------------------------------------------------------------------------- 1 | Cargo.lock 2 | target 3 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: rust 2 | sudo: false 3 | 4 | matrix: 5 | include: 6 | - rust: 1.21.0 7 | - rust: stable 8 | - os: osx 9 | - rust: beta 10 | - rust: nightly 11 | 12 | - rust: nightly 13 | before_script: 14 | - pip install 'travis-cargo<0.2' --user && export PATH=$HOME/.local/bin:$PATH 15 | script: 16 | - cargo doc --no-deps --all-features 17 | after_success: 18 | - travis-cargo --only nightly doc-upload 19 | 20 | script: 21 | - cargo build 22 | - cargo test 23 | 24 | env: 25 | global: 26 | - secure: "qmkLizSR0N9HBFdIfsIpo4bev12RQtnUnhF4326ZgQRd/HqSc0EGDrY5HIcOiXwoAiwVsHYmNK+6jf61/bZZOwdEeQXtCjEXzGExIEkBq3RgIvlBti7rLfb+bqC3N2w8MAH09MsIqMXiccQtX6UDIbzGioST+ZRSCGLJP+4EcB+6L/rt9JQN73LldTBhLuMA4pq3AqXhaYmGV6rEcqDLL95PFLwkidVDXsZE1itT/t/GW1tAxK52agc4VBoJWcbN8yBr8oy/OVLKaMg3XFI8Jm++KNyWMXiXDtuHL4TDXr2v5y+INR4moatsXXYxuZcbGyt1xDmiiQnnQenrGHTFbLTnaIJ6X0KCzGuNO3PWRNXpD/d2ZaYzM2Sdu1Oqxad5nHoZCKtiroscs9rpT/OadtU5rv6raorvoSJxBmZd1ExYIjqXJpfQxoHcIUfD/RX+1FXQKRFJph0Cyr8UpHBbr6uJQoARIlBoQOScexivgV2ijtKEYiEHpdxtm5hif94SfJsV6oiqOJww/GC0eqw/XJLlC4PmmN8hXh0h/HBghlOaTtp1vhTgIfTP8X4muJiS9kRUY7Ojlyyrr8KxoGYImKJb/3bn8iwRGQktbaSZ8+9r9YZK61x1v0u7tKA5CBQf8k9HIPBxerNBerefLv3h3toYv2TVZy+xTdl+xfAC4/o=" 27 | 28 | notifications: 29 | email: 30 | on_success: never 31 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # 0.3.1 (April 4, 2020) 2 | 3 | - Deprecate crate in favor of `tokio-native-tls`. 4 | 5 | # 0.3.0 (November 26, 2019) 6 | 7 | - Updates for tokio 0.2 release. 8 | 9 | # 0.3.0-alpha.6 (September 30, 2019) 10 | 11 | - Move to `futures-*-preview 0.3.0-alpha.19`. 12 | - Move to `pin-project 0.4`. 13 | 14 | # 0.3.0-alpha.5 (September 19, 2019) 15 | 16 | ### Added 17 | - `TlsStream::get_ref` and `TlsStream::get_mut` ([#1537]). 18 | 19 | # 0.3.0-alpha.4 (August 30, 2019) 20 | 21 | ### Changed 22 | - Track `tokio` 0.2.0-alpha.4. 23 | 24 | # 0.3.0-alpha.2 (August 17, 2019) 25 | 26 | ### Changed 27 | - Update `futures` dependency to 0.3.0-alpha.18. 28 | 29 | # 0.3.0-alpha.1 (August 8, 2019) 30 | 31 | ### Changed 32 | - Switch to `async`, `await`, and `std::future`. 33 | 34 | # 0.2.1 (January 6, 2019) 35 | 36 | * Implement `Clone` for `TlsConnector` and `TlsAcceptor` ([#777]) 37 | 38 | # 0.2.0 (August 8, 2018) 39 | 40 | * Initial release with `tokio` support. 41 | 42 | [#1537]: https://github.com/tokio-rs/tokio/pull/1537 43 | [#777]: https://github.com/tokio-rs/tokio/pull/777 44 | -------------------------------------------------------------------------------- /Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tokio-tls" 3 | # When releasing to crates.io: 4 | # - Remove path dependencies 5 | # - Update html_root_url. 6 | # - Update doc url 7 | # - Cargo.toml 8 | # - README.md 9 | # - Update CHANGELOG.md. 10 | # - Create "v0.3.x" git tag. 11 | version = "0.3.1" 12 | edition = "2018" 13 | authors = ["Tokio Contributors "] 14 | license = "MIT" 15 | repository = "https://github.com/tokio-rs/tokio" 16 | homepage = "https://tokio.rs" 17 | documentation = "https://docs.rs/tokio-tls/0.3.1/tokio_tls/" 18 | description = """ 19 | Deprecated in favor of `tokio-naitve-tls`. 20 | 21 | An implementation of TLS/SSL streams for Tokio giving an implementation of TLS 22 | for nonblocking I/O streams. 23 | """ 24 | categories = ["asynchronous", "network-programming"] 25 | maintenance = { status = "deprecated" } 26 | 27 | [badges] 28 | travis-ci = { repository = "tokio-rs/tokio-tls" } 29 | 30 | [dependencies] 31 | native-tls = "0.2" 32 | tokio = { version = "0.2.0", path = "../tokio" } 33 | 34 | [dev-dependencies] 35 | tokio = { version = "0.2.0", path = "../tokio", features = ["macros", "stream", "rt-core", "io-util", "net"] } 36 | tokio-util = { version = "0.3.0", path = "../tokio-util", features = ["full"] } 37 | 38 | cfg-if = "0.1" 39 | env_logger = { version = "0.6", default-features = false } 40 | futures = { version = "0.3.0", features = ["async-await"] } 41 | 42 | [target.'cfg(all(not(target_os = "macos"), not(windows), not(target_os = "ios")))'.dev-dependencies] 43 | openssl = "0.10" 44 | 45 | [target.'cfg(any(target_os = "macos", target_os = "ios"))'.dev-dependencies] 46 | security-framework = "0.2" 47 | 48 | [target.'cfg(windows)'.dev-dependencies] 49 | schannel = "0.1" 50 | 51 | [target.'cfg(windows)'.dev-dependencies.winapi] 52 | version = "0.3" 53 | features = [ 54 | "lmcons", 55 | "basetsd", 56 | "minwinbase", 57 | "minwindef", 58 | "ntdef", 59 | "sysinfoapi", 60 | "timezoneapi", 61 | "wincrypt", 62 | "winerror", 63 | ] 64 | 65 | [package.metadata.docs.rs] 66 | all-features = true 67 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2019 Tokio Contributors 2 | 3 | Permission is hereby granted, free of charge, to any 4 | person obtaining a copy of this software and associated 5 | documentation files (the "Software"), to deal in the 6 | Software without restriction, including without 7 | limitation the rights to use, copy, modify, merge, 8 | publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software 10 | is furnished to do so, subject to the following 11 | conditions: 12 | 13 | The above copyright notice and this permission notice 14 | shall be included in all copies or substantial portions 15 | of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF 18 | ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED 19 | TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 20 | PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT 21 | SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 22 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 23 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR 24 | IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 25 | DEALINGS IN THE SOFTWARE. 26 | -------------------------------------------------------------------------------- /LICENSE-APACHE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2016 Tokio contributors 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /LICENSE-MIT: -------------------------------------------------------------------------------- 1 | Copyright (c) 2016 Tokio contributors 2 | 3 | Permission is hereby granted, free of charge, to any 4 | person obtaining a copy of this software and associated 5 | documentation files (the "Software"), to deal in the 6 | Software without restriction, including without 7 | limitation the rights to use, copy, modify, merge, 8 | publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software 10 | is furnished to do so, subject to the following 11 | conditions: 12 | 13 | The above copyright notice and this permission notice 14 | shall be included in all copies or substantial portions 15 | of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF 18 | ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED 19 | TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 20 | PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT 21 | SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 22 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 23 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR 24 | IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 25 | DEALINGS IN THE SOFTWARE. 26 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # tokio-tls 2 | 3 | **Deprecated** in favor of `tokio-native-tls`. 4 | 5 | An implementation of TLS/SSL streams for Tokio built on top of the [`native-tls` 6 | crate] 7 | 8 | ## License 9 | 10 | This project is licensed under the [MIT license](./LICENSE). 11 | 12 | ### Contribution 13 | 14 | Unless you explicitly state otherwise, any contribution intentionally submitted 15 | for inclusion in Tokio by you, shall be licensed as MIT, without any additional 16 | terms or conditions. 17 | -------------------------------------------------------------------------------- /appveyor.yml: -------------------------------------------------------------------------------- 1 | environment: 2 | matrix: 3 | - TARGET: x86_64-pc-windows-msvc 4 | install: 5 | - appveyor DownloadFile https://win.rustup.rs/ -FileName rustup-init.exe 6 | - rustup-init.exe -y --default-host %TARGET% 7 | - set PATH=%PATH%;C:\Users\appveyor\.cargo\bin 8 | - rustc -V 9 | - cargo -V 10 | 11 | build: false 12 | 13 | test_script: 14 | - cargo build 15 | - cargo test 16 | -------------------------------------------------------------------------------- /examples/download-rust-lang.rs: -------------------------------------------------------------------------------- 1 | // #![warn(rust_2018_idioms)] 2 | 3 | use native_tls::TlsConnector; 4 | use std::error::Error; 5 | use std::net::ToSocketAddrs; 6 | use tokio::io::{AsyncReadExt, AsyncWriteExt}; 7 | use tokio::net::TcpStream; 8 | use tokio_tls; 9 | 10 | #[tokio::main] 11 | async fn main() -> Result<(), Box> { 12 | let addr = "www.rust-lang.org:443" 13 | .to_socket_addrs()? 14 | .next() 15 | .ok_or("failed to resolve www.rust-lang.org")?; 16 | 17 | let socket = TcpStream::connect(&addr).await?; 18 | let cx = TlsConnector::builder().build()?; 19 | let cx = tokio_tls::TlsConnector::from(cx); 20 | 21 | let mut socket = cx.connect("www.rust-lang.org", socket).await?; 22 | 23 | socket 24 | .write_all( 25 | "\ 26 | GET / HTTP/1.0\r\n\ 27 | Host: www.rust-lang.org\r\n\ 28 | \r\n\ 29 | " 30 | .as_bytes(), 31 | ) 32 | .await?; 33 | 34 | let mut data = Vec::new(); 35 | socket.read_to_end(&mut data).await?; 36 | 37 | // println!("data: {:?}", &data); 38 | println!("{}", String::from_utf8_lossy(&data[..])); 39 | Ok(()) 40 | } 41 | -------------------------------------------------------------------------------- /examples/hyper-client.rs: -------------------------------------------------------------------------------- 1 | //! A sample Hyper client using this crate for TLS connections 2 | //! 3 | //! You can test this out by running: 4 | //! 5 | //! cargo run --example hyper-client 6 | //! 7 | //! and on stdout you should see rust-lang.org's headers and web page. 8 | //! 9 | //! Note that there's also the `hyper-tls` crate which may be useful. 10 | 11 | extern crate futures; 12 | extern crate hyper; 13 | extern crate native_tls; 14 | extern crate tokio; 15 | extern crate tokio_tls; 16 | 17 | use std::io; 18 | use std::sync::Arc; 19 | 20 | use futures::future::{err, Future}; 21 | use futures::stream::Stream; 22 | use hyper::client::{HttpConnector}; 23 | use hyper::client::connect::{Connect, Connected, Destination}; 24 | use hyper::Body; 25 | use hyper::{Client, Request}; 26 | use tokio::net::TcpStream; 27 | use tokio::runtime::Runtime; 28 | use tokio_tls::{TlsConnector, TlsStream}; 29 | 30 | fn main() { 31 | let mut runtime = Runtime::new().unwrap(); 32 | 33 | // Create a custom "connector" for Hyper which will route connections 34 | // through the `TlsConnector` we create here after routing them through 35 | // `HttpConnector` first. 36 | let tls_cx = native_tls::TlsConnector::builder().build().unwrap(); 37 | let mut connector = HttpsConnector { 38 | tls: Arc::new(tls_cx.into()), 39 | http: HttpConnector::new(2), 40 | }; 41 | connector.http.enforce_http(false); 42 | let client = Client::builder() 43 | .build(connector); 44 | 45 | // Send off a request for Rust's home page, fetched over TLS. Note that 46 | // this'll just fetch the headers, the body won't be downloaded yet. 47 | let req = Request::builder() 48 | .uri("https://www.rust-lang.org/") 49 | .header("User-Agent", "hyper-client-example/1.0") 50 | .body(Body::empty()) 51 | .unwrap(); 52 | let response = runtime.block_on(client.request(req)).unwrap(); 53 | println!("{:?} {}", response.version(), response.status()); 54 | for header in response.headers().iter() { 55 | print!("{:?}\n", header); 56 | } 57 | 58 | // Finish off our request by fetching all of the body. 59 | let body = runtime.block_on(response.into_body().concat2()).unwrap(); 60 | println!("{}", String::from_utf8_lossy(&body)); 61 | } 62 | 63 | struct HttpsConnector { 64 | tls: Arc, 65 | http: HttpConnector, 66 | } 67 | 68 | impl Connect for HttpsConnector { 69 | type Transport = TlsStream; 70 | type Error = io::Error; 71 | type Future = Box + Send>; 72 | 73 | fn connect(&self, dst: Destination) -> Self::Future { 74 | 75 | if dst.scheme() != "https" { 76 | return Box::new(err(io::Error::new(io::ErrorKind::Other, 77 | "only works with https"))) 78 | } 79 | 80 | let host = format!("{}{}", dst.host(), dst.port().map(|p| format!(":{}",p)).unwrap_or("".into())); 81 | 82 | let tls_cx = self.tls.clone(); 83 | Box::new(self.http.connect(dst).and_then(move |(tcp, connected)| { 84 | tls_cx.connect(&host, tcp) 85 | .map(|s| (s, connected)) 86 | .map_err(|e| io::Error::new(io::ErrorKind::Other, e)) 87 | })) 88 | 89 | } 90 | 91 | 92 | } 93 | 94 | -------------------------------------------------------------------------------- /examples/hyper-server.rs: -------------------------------------------------------------------------------- 1 | //! A sample Hyper server using this crate for TLS connections 2 | //! 3 | //! You can test this out by running: 4 | //! 5 | //! cargo run --example hyper-server 6 | //! 7 | //! and it should print out an address that it's listening on. You can then 8 | //! connect to this server via HTTP to see "Hello, world!". Note that the TLS 9 | //! certificate used here is an invalid one, so you'll have to ignore 10 | //! certificate errors, such as with: 11 | //! 12 | //! curl -k https://localhost:12345 13 | 14 | extern crate futures; 15 | extern crate hyper; 16 | extern crate native_tls; 17 | extern crate tokio; 18 | extern crate tokio_tls; 19 | 20 | use std::io; 21 | 22 | use futures::future::Future; 23 | use futures::stream::Stream; 24 | use hyper::server::conn::Http; 25 | use hyper::service::service_fn_ok; 26 | use hyper::{Body, Response}; 27 | use native_tls::{Identity, TlsAcceptor}; 28 | use tokio::net::TcpListener; 29 | 30 | pub fn main() { 31 | // Create our TLS context through which new connections will be 32 | // accepted. This is where we pass in the certificate as well to 33 | // send to clients. 34 | let der = include_bytes!("identity.p12"); 35 | let cert = Identity::from_pkcs12(der, "mypass").unwrap(); 36 | let tls_cx = TlsAcceptor::builder(cert).build().unwrap(); 37 | let tls_cx = tokio_tls::TlsAcceptor::from(tls_cx); 38 | 39 | let new_service = || service_fn_ok(|_req| Response::new(Body::from("Hello World"))); 40 | 41 | let addr = "127.0.0.1:12345".parse().unwrap(); 42 | let srv = TcpListener::bind(&addr).expect("Error binding local port"); 43 | // Use lower lever hyper API to be able to intercept client connection 44 | let http_proto = Http::new(); 45 | let http_server = http_proto 46 | .serve_incoming( 47 | srv.incoming().and_then(move |socket| { 48 | tls_cx 49 | .accept(socket) 50 | .map_err(|e| io::Error::new(io::ErrorKind::Other, e)) 51 | }), 52 | new_service, 53 | ) 54 | .then(|res| { 55 | match res { 56 | Ok(conn) => Ok(Some(conn)), 57 | Err(e) => { 58 | eprintln!("Error: {}", e); 59 | Ok(None) 60 | }, 61 | } 62 | }) 63 | .for_each(|conn_opt| { 64 | if let Some(conn) = conn_opt { 65 | hyper::rt::spawn( 66 | conn.and_then(|c| c.map_err(|e| panic!("Hyper error {}", e))) 67 | .map_err(|e| eprintln!("Connection error {}", e)), 68 | ); 69 | } 70 | 71 | Ok(()) 72 | }); 73 | 74 | println!("Listening on {}", addr); 75 | 76 | hyper::rt::run(http_server); 77 | } 78 | -------------------------------------------------------------------------------- /examples/identity.p12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tokio-rs/tokio-tls/099f80a3203e61a3a609f5749741935817124ea5/examples/identity.p12 -------------------------------------------------------------------------------- /examples/tls-echo.rs: -------------------------------------------------------------------------------- 1 | #![warn(rust_2018_idioms)] 2 | 3 | // A tiny async TLS echo server with Tokio 4 | use native_tls; 5 | use native_tls::Identity; 6 | use tokio; 7 | use tokio::io::{AsyncReadExt, AsyncWriteExt}; 8 | use tokio::net::TcpListener; 9 | use tokio_tls; 10 | 11 | /** 12 | an example to setup a tls server. 13 | how to test: 14 | wget https://127.0.0.1:12345 --no-check-certificate 15 | */ 16 | #[tokio::main] 17 | async fn main() -> Result<(), Box> { 18 | // Bind the server's socket 19 | let addr = "127.0.0.1:12345".to_string(); 20 | let mut tcp: TcpListener = TcpListener::bind(&addr).await?; 21 | 22 | // Create the TLS acceptor. 23 | let der = include_bytes!("identity.p12"); 24 | let cert = Identity::from_pkcs12(der, "mypass")?; 25 | let tls_acceptor = 26 | tokio_tls::TlsAcceptor::from(native_tls::TlsAcceptor::builder(cert).build()?); 27 | loop { 28 | // Asynchronously wait for an inbound socket. 29 | let (socket, remote_addr) = tcp.accept().await?; 30 | let tls_acceptor = tls_acceptor.clone(); 31 | println!("accept connection from {}", remote_addr); 32 | tokio::spawn(async move { 33 | // Accept the TLS connection. 34 | let mut tls_stream = tls_acceptor.accept(socket).await.expect("accept error"); 35 | // In a loop, read data from the socket and write the data back. 36 | 37 | let mut buf = [0; 1024]; 38 | let n = tls_stream 39 | .read(&mut buf) 40 | .await 41 | .expect("failed to read data from socket"); 42 | 43 | if n == 0 { 44 | return; 45 | } 46 | println!("read={}", unsafe { 47 | String::from_utf8_unchecked(buf[0..n].into()) 48 | }); 49 | tls_stream 50 | .write_all(&buf[0..n]) 51 | .await 52 | .expect("failed to write data to socket"); 53 | }); 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /src/lib.rs: -------------------------------------------------------------------------------- 1 | #![doc(html_root_url = "https://docs.rs/tokio-tls/0.3.1")] 2 | #![warn( 3 | missing_debug_implementations, 4 | missing_docs, 5 | rust_2018_idioms, 6 | unreachable_pub 7 | )] 8 | #![deny(intra_doc_link_resolution_failure)] 9 | #![doc(test( 10 | no_crate_inject, 11 | attr(deny(warnings, rust_2018_idioms), allow(dead_code, unused_variables)) 12 | ))] 13 | 14 | //! Async TLS streams 15 | //! 16 | //! > **Note:** This crate is **deprecated** and has been moved 17 | //! into the [`tokio-native-tls`] crate. 18 | //! 19 | //! This library is an implementation of TLS streams using the most appropriate 20 | //! system library by default for negotiating the connection. That is, on 21 | //! Windows this library uses SChannel, on OSX it uses SecureTransport, and on 22 | //! other platforms it uses OpenSSL. 23 | //! 24 | //! Each TLS stream implements the `Read` and `Write` traits to interact and 25 | //! interoperate with the rest of the futures I/O ecosystem. Client connections 26 | //! initiated from this crate verify hostnames automatically and by default. 27 | //! 28 | //! This crate primarily exports this ability through two newtypes, 29 | //! `TlsConnector` and `TlsAcceptor`. These newtypes augment the 30 | //! functionality provided by the `native-tls` crate, on which this crate is 31 | //! built. Configuration of TLS parameters is still primarily done through the 32 | //! `native-tls` crate. 33 | 34 | use tokio::io::{AsyncRead, AsyncWrite}; 35 | 36 | use native_tls::{Error, HandshakeError, MidHandshakeTlsStream}; 37 | use std::fmt; 38 | use std::future::Future; 39 | use std::io::{self, Read, Write}; 40 | use std::marker::Unpin; 41 | use std::mem::MaybeUninit; 42 | use std::pin::Pin; 43 | use std::ptr::null_mut; 44 | use std::task::{Context, Poll}; 45 | 46 | #[derive(Debug)] 47 | struct AllowStd { 48 | inner: S, 49 | context: *mut (), 50 | } 51 | 52 | /// A wrapper around an underlying raw stream which implements the TLS or SSL 53 | /// protocol. 54 | /// 55 | /// A `TlsStream` represents a handshake that has been completed successfully 56 | /// and both the server and the client are ready for receiving and sending 57 | /// data. Bytes read from a `TlsStream` are decrypted from `S` and bytes written 58 | /// to a `TlsStream` are encrypted when passing through to `S`. 59 | #[derive(Debug)] 60 | pub struct TlsStream(native_tls::TlsStream>); 61 | 62 | /// A wrapper around a `native_tls::TlsConnector`, providing an async `connect` 63 | /// method. 64 | #[derive(Clone)] 65 | pub struct TlsConnector(native_tls::TlsConnector); 66 | 67 | /// A wrapper around a `native_tls::TlsAcceptor`, providing an async `accept` 68 | /// method. 69 | #[derive(Clone)] 70 | pub struct TlsAcceptor(native_tls::TlsAcceptor); 71 | 72 | struct MidHandshake(Option>>); 73 | 74 | enum StartedHandshake { 75 | Done(TlsStream), 76 | Mid(MidHandshakeTlsStream>), 77 | } 78 | 79 | struct StartedHandshakeFuture(Option>); 80 | struct StartedHandshakeFutureInner { 81 | f: F, 82 | stream: S, 83 | } 84 | 85 | struct Guard<'a, S>(&'a mut TlsStream) 86 | where 87 | AllowStd: Read + Write; 88 | 89 | impl Drop for Guard<'_, S> 90 | where 91 | AllowStd: Read + Write, 92 | { 93 | fn drop(&mut self) { 94 | (self.0).0.get_mut().context = null_mut(); 95 | } 96 | } 97 | 98 | // *mut () context is neither Send nor Sync 99 | unsafe impl Send for AllowStd {} 100 | unsafe impl Sync for AllowStd {} 101 | 102 | impl AllowStd 103 | where 104 | S: Unpin, 105 | { 106 | fn with_context(&mut self, f: F) -> R 107 | where 108 | F: FnOnce(&mut Context<'_>, Pin<&mut S>) -> R, 109 | { 110 | unsafe { 111 | assert!(!self.context.is_null()); 112 | let waker = &mut *(self.context as *mut _); 113 | f(waker, Pin::new(&mut self.inner)) 114 | } 115 | } 116 | } 117 | 118 | impl Read for AllowStd 119 | where 120 | S: AsyncRead + Unpin, 121 | { 122 | fn read(&mut self, buf: &mut [u8]) -> io::Result { 123 | match self.with_context(|ctx, stream| stream.poll_read(ctx, buf)) { 124 | Poll::Ready(r) => r, 125 | Poll::Pending => Err(io::Error::from(io::ErrorKind::WouldBlock)), 126 | } 127 | } 128 | } 129 | 130 | impl Write for AllowStd 131 | where 132 | S: AsyncWrite + Unpin, 133 | { 134 | fn write(&mut self, buf: &[u8]) -> io::Result { 135 | match self.with_context(|ctx, stream| stream.poll_write(ctx, buf)) { 136 | Poll::Ready(r) => r, 137 | Poll::Pending => Err(io::Error::from(io::ErrorKind::WouldBlock)), 138 | } 139 | } 140 | 141 | fn flush(&mut self) -> io::Result<()> { 142 | match self.with_context(|ctx, stream| stream.poll_flush(ctx)) { 143 | Poll::Ready(r) => r, 144 | Poll::Pending => Err(io::Error::from(io::ErrorKind::WouldBlock)), 145 | } 146 | } 147 | } 148 | 149 | fn cvt(r: io::Result) -> Poll> { 150 | match r { 151 | Ok(v) => Poll::Ready(Ok(v)), 152 | Err(ref e) if e.kind() == io::ErrorKind::WouldBlock => Poll::Pending, 153 | Err(e) => Poll::Ready(Err(e)), 154 | } 155 | } 156 | 157 | impl TlsStream { 158 | fn with_context(&mut self, ctx: &mut Context<'_>, f: F) -> R 159 | where 160 | F: FnOnce(&mut native_tls::TlsStream>) -> R, 161 | AllowStd: Read + Write, 162 | { 163 | self.0.get_mut().context = ctx as *mut _ as *mut (); 164 | let g = Guard(self); 165 | f(&mut (g.0).0) 166 | } 167 | 168 | /// Returns a shared reference to the inner stream. 169 | pub fn get_ref(&self) -> &S 170 | where 171 | S: AsyncRead + AsyncWrite + Unpin, 172 | { 173 | &self.0.get_ref().inner 174 | } 175 | 176 | /// Returns a mutable reference to the inner stream. 177 | pub fn get_mut(&mut self) -> &mut S 178 | where 179 | S: AsyncRead + AsyncWrite + Unpin, 180 | { 181 | &mut self.0.get_mut().inner 182 | } 183 | } 184 | 185 | impl AsyncRead for TlsStream 186 | where 187 | S: AsyncRead + AsyncWrite + Unpin, 188 | { 189 | unsafe fn prepare_uninitialized_buffer(&self, _: &mut [MaybeUninit]) -> bool { 190 | // Note that this does not forward to `S` because the buffer is 191 | // unconditionally filled in by OpenSSL, not the actual object `S`. 192 | // We're decrypting bytes from `S` into the buffer above! 193 | false 194 | } 195 | 196 | fn poll_read( 197 | mut self: Pin<&mut Self>, 198 | ctx: &mut Context<'_>, 199 | buf: &mut [u8], 200 | ) -> Poll> { 201 | self.with_context(ctx, |s| cvt(s.read(buf))) 202 | } 203 | } 204 | 205 | impl AsyncWrite for TlsStream 206 | where 207 | S: AsyncRead + AsyncWrite + Unpin, 208 | { 209 | fn poll_write( 210 | mut self: Pin<&mut Self>, 211 | ctx: &mut Context<'_>, 212 | buf: &[u8], 213 | ) -> Poll> { 214 | self.with_context(ctx, |s| cvt(s.write(buf))) 215 | } 216 | 217 | fn poll_flush(mut self: Pin<&mut Self>, ctx: &mut Context<'_>) -> Poll> { 218 | self.with_context(ctx, |s| cvt(s.flush())) 219 | } 220 | 221 | fn poll_shutdown(mut self: Pin<&mut Self>, ctx: &mut Context<'_>) -> Poll> { 222 | match self.with_context(ctx, |s| s.shutdown()) { 223 | Ok(()) => Poll::Ready(Ok(())), 224 | Err(ref e) if e.kind() == io::ErrorKind::WouldBlock => Poll::Pending, 225 | Err(e) => Poll::Ready(Err(e)), 226 | } 227 | } 228 | } 229 | 230 | async fn handshake(f: F, stream: S) -> Result, Error> 231 | where 232 | F: FnOnce( 233 | AllowStd, 234 | ) -> Result>, HandshakeError>> 235 | + Unpin, 236 | S: AsyncRead + AsyncWrite + Unpin, 237 | { 238 | let start = StartedHandshakeFuture(Some(StartedHandshakeFutureInner { f, stream })); 239 | 240 | match start.await { 241 | Err(e) => Err(e), 242 | Ok(StartedHandshake::Done(s)) => Ok(s), 243 | Ok(StartedHandshake::Mid(s)) => MidHandshake(Some(s)).await, 244 | } 245 | } 246 | 247 | impl Future for StartedHandshakeFuture 248 | where 249 | F: FnOnce( 250 | AllowStd, 251 | ) -> Result>, HandshakeError>> 252 | + Unpin, 253 | S: Unpin, 254 | AllowStd: Read + Write, 255 | { 256 | type Output = Result, Error>; 257 | 258 | fn poll( 259 | mut self: Pin<&mut Self>, 260 | ctx: &mut Context<'_>, 261 | ) -> Poll, Error>> { 262 | let inner = self.0.take().expect("future polled after completion"); 263 | let stream = AllowStd { 264 | inner: inner.stream, 265 | context: ctx as *mut _ as *mut (), 266 | }; 267 | 268 | match (inner.f)(stream) { 269 | Ok(mut s) => { 270 | s.get_mut().context = null_mut(); 271 | Poll::Ready(Ok(StartedHandshake::Done(TlsStream(s)))) 272 | } 273 | Err(HandshakeError::WouldBlock(mut s)) => { 274 | s.get_mut().context = null_mut(); 275 | Poll::Ready(Ok(StartedHandshake::Mid(s))) 276 | } 277 | Err(HandshakeError::Failure(e)) => Poll::Ready(Err(e)), 278 | } 279 | } 280 | } 281 | 282 | impl TlsConnector { 283 | /// Connects the provided stream with this connector, assuming the provided 284 | /// domain. 285 | /// 286 | /// This function will internally call `TlsConnector::connect` to connect 287 | /// the stream and returns a future representing the resolution of the 288 | /// connection operation. The returned future will resolve to either 289 | /// `TlsStream` or `Error` depending if it's successful or not. 290 | /// 291 | /// This is typically used for clients who have already established, for 292 | /// example, a TCP connection to a remote server. That stream is then 293 | /// provided here to perform the client half of a connection to a 294 | /// TLS-powered server. 295 | pub async fn connect(&self, domain: &str, stream: S) -> Result, Error> 296 | where 297 | S: AsyncRead + AsyncWrite + Unpin, 298 | { 299 | handshake(move |s| self.0.connect(domain, s), stream).await 300 | } 301 | } 302 | 303 | impl fmt::Debug for TlsConnector { 304 | fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 305 | f.debug_struct("TlsConnector").finish() 306 | } 307 | } 308 | 309 | impl From for TlsConnector { 310 | fn from(inner: native_tls::TlsConnector) -> TlsConnector { 311 | TlsConnector(inner) 312 | } 313 | } 314 | 315 | impl TlsAcceptor { 316 | /// Accepts a new client connection with the provided stream. 317 | /// 318 | /// This function will internally call `TlsAcceptor::accept` to connect 319 | /// the stream and returns a future representing the resolution of the 320 | /// connection operation. The returned future will resolve to either 321 | /// `TlsStream` or `Error` depending if it's successful or not. 322 | /// 323 | /// This is typically used after a new socket has been accepted from a 324 | /// `TcpListener`. That socket is then passed to this function to perform 325 | /// the server half of accepting a client connection. 326 | pub async fn accept(&self, stream: S) -> Result, Error> 327 | where 328 | S: AsyncRead + AsyncWrite + Unpin, 329 | { 330 | handshake(move |s| self.0.accept(s), stream).await 331 | } 332 | } 333 | 334 | impl fmt::Debug for TlsAcceptor { 335 | fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 336 | f.debug_struct("TlsAcceptor").finish() 337 | } 338 | } 339 | 340 | impl From for TlsAcceptor { 341 | fn from(inner: native_tls::TlsAcceptor) -> TlsAcceptor { 342 | TlsAcceptor(inner) 343 | } 344 | } 345 | 346 | impl Future for MidHandshake { 347 | type Output = Result, Error>; 348 | 349 | fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll { 350 | let mut_self = self.get_mut(); 351 | let mut s = mut_self.0.take().expect("future polled after completion"); 352 | 353 | s.get_mut().context = cx as *mut _ as *mut (); 354 | match s.handshake() { 355 | Ok(stream) => Poll::Ready(Ok(TlsStream(stream))), 356 | Err(HandshakeError::Failure(e)) => Poll::Ready(Err(e)), 357 | Err(HandshakeError::WouldBlock(mut s)) => { 358 | s.get_mut().context = null_mut(); 359 | mut_self.0 = Some(s); 360 | Poll::Pending 361 | } 362 | } 363 | } 364 | } 365 | -------------------------------------------------------------------------------- /tests/bad.rs: -------------------------------------------------------------------------------- 1 | #![warn(rust_2018_idioms)] 2 | 3 | use cfg_if::cfg_if; 4 | use env_logger; 5 | use native_tls::TlsConnector; 6 | use std::io::{self, Error}; 7 | use std::net::ToSocketAddrs; 8 | use tokio::net::TcpStream; 9 | use tokio_tls; 10 | 11 | macro_rules! t { 12 | ($e:expr) => { 13 | match $e { 14 | Ok(e) => e, 15 | Err(e) => panic!("{} failed with {:?}", stringify!($e), e), 16 | } 17 | }; 18 | } 19 | 20 | cfg_if! { 21 | if #[cfg(feature = "force-rustls")] { 22 | fn verify_failed(err: &Error, s: &str) { 23 | let err = err.to_string(); 24 | assert!(err.contains(s), "bad error: {}", err); 25 | } 26 | 27 | fn assert_expired_error(err: &Error) { 28 | verify_failed(err, "CertExpired"); 29 | } 30 | 31 | fn assert_wrong_host(err: &Error) { 32 | verify_failed(err, "CertNotValidForName"); 33 | } 34 | 35 | fn assert_self_signed(err: &Error) { 36 | verify_failed(err, "UnknownIssuer"); 37 | } 38 | 39 | fn assert_untrusted_root(err: &Error) { 40 | verify_failed(err, "UnknownIssuer"); 41 | } 42 | } else if #[cfg(any(feature = "force-openssl", 43 | all(not(target_os = "macos"), 44 | not(target_os = "windows"), 45 | not(target_os = "ios"))))] { 46 | fn verify_failed(err: &Error) { 47 | assert!(format!("{}", err).contains("certificate verify failed")) 48 | } 49 | 50 | use verify_failed as assert_expired_error; 51 | use verify_failed as assert_wrong_host; 52 | use verify_failed as assert_self_signed; 53 | use verify_failed as assert_untrusted_root; 54 | } else if #[cfg(any(target_os = "macos", target_os = "ios"))] { 55 | 56 | fn assert_invalid_cert_chain(err: &Error) { 57 | assert!(format!("{}", err).contains("was not trusted.")) 58 | } 59 | 60 | use crate::assert_invalid_cert_chain as assert_expired_error; 61 | use crate::assert_invalid_cert_chain as assert_wrong_host; 62 | use crate::assert_invalid_cert_chain as assert_self_signed; 63 | use crate::assert_invalid_cert_chain as assert_untrusted_root; 64 | } else { 65 | fn assert_expired_error(err: &Error) { 66 | let s = err.to_string(); 67 | assert!(s.contains("system clock"), "error = {:?}", s); 68 | } 69 | 70 | fn assert_wrong_host(err: &Error) { 71 | let s = err.to_string(); 72 | assert!(s.contains("CN name"), "error = {:?}", s); 73 | } 74 | 75 | fn assert_self_signed(err: &Error) { 76 | let s = err.to_string(); 77 | assert!(s.contains("root certificate which is not trusted"), "error = {:?}", s); 78 | } 79 | 80 | use assert_self_signed as assert_untrusted_root; 81 | } 82 | } 83 | 84 | async fn get_host(host: &'static str) -> Error { 85 | drop(env_logger::try_init()); 86 | 87 | let addr = format!("{}:443", host); 88 | let addr = t!(addr.to_socket_addrs()).next().unwrap(); 89 | 90 | let socket = t!(TcpStream::connect(&addr).await); 91 | let builder = TlsConnector::builder(); 92 | let cx = t!(builder.build()); 93 | let cx = tokio_tls::TlsConnector::from(cx); 94 | let res = cx 95 | .connect(host, socket) 96 | .await 97 | .map_err(|e| Error::new(io::ErrorKind::Other, e)); 98 | 99 | assert!(res.is_err()); 100 | res.err().unwrap() 101 | } 102 | 103 | #[tokio::test] 104 | async fn expired() { 105 | assert_expired_error(&get_host("expired.badssl.com").await) 106 | } 107 | 108 | // TODO: the OSX builders on Travis apparently fail this tests spuriously? 109 | // passes locally though? Seems... bad! 110 | #[tokio::test] 111 | #[cfg_attr(all(target_os = "macos", feature = "force-openssl"), ignore)] 112 | async fn wrong_host() { 113 | assert_wrong_host(&get_host("wrong.host.badssl.com").await) 114 | } 115 | 116 | #[tokio::test] 117 | async fn self_signed() { 118 | assert_self_signed(&get_host("self-signed.badssl.com").await) 119 | } 120 | 121 | #[tokio::test] 122 | async fn untrusted_root() { 123 | assert_untrusted_root(&get_host("untrusted-root.badssl.com").await) 124 | } 125 | -------------------------------------------------------------------------------- /tests/google.rs: -------------------------------------------------------------------------------- 1 | #![warn(rust_2018_idioms)] 2 | 3 | use cfg_if::cfg_if; 4 | use env_logger; 5 | use native_tls; 6 | use native_tls::TlsConnector; 7 | use std::io; 8 | use std::net::ToSocketAddrs; 9 | use tokio::io::{AsyncReadExt, AsyncWriteExt}; 10 | use tokio::net::TcpStream; 11 | use tokio_tls; 12 | 13 | macro_rules! t { 14 | ($e:expr) => { 15 | match $e { 16 | Ok(e) => e, 17 | Err(e) => panic!("{} failed with {:?}", stringify!($e), e), 18 | } 19 | }; 20 | } 21 | 22 | cfg_if! { 23 | if #[cfg(feature = "force-rustls")] { 24 | fn assert_bad_hostname_error(err: &io::Error) { 25 | let err = err.to_string(); 26 | assert!(err.contains("CertNotValidForName"), "bad error: {}", err); 27 | } 28 | } else if #[cfg(any(feature = "force-openssl", 29 | all(not(target_os = "macos"), 30 | not(target_os = "windows"), 31 | not(target_os = "ios"))))] { 32 | fn assert_bad_hostname_error(err: &io::Error) { 33 | let err = err.get_ref().unwrap(); 34 | let err = err.downcast_ref::().unwrap(); 35 | assert!(format!("{}", err).contains("certificate verify failed")); 36 | } 37 | } else if #[cfg(any(target_os = "macos", target_os = "ios"))] { 38 | fn assert_bad_hostname_error(err: &io::Error) { 39 | let err = err.get_ref().unwrap(); 40 | let err = err.downcast_ref::().unwrap(); 41 | assert!(format!("{}", err).contains("was not trusted.")); 42 | } 43 | } else { 44 | fn assert_bad_hostname_error(err: &io::Error) { 45 | let err = err.get_ref().unwrap(); 46 | let err = err.downcast_ref::().unwrap(); 47 | assert!(format!("{}", err).contains("CN name")); 48 | } 49 | } 50 | } 51 | 52 | #[tokio::test] 53 | async fn fetch_google() { 54 | drop(env_logger::try_init()); 55 | 56 | // First up, resolve google.com 57 | let addr = t!("google.com:443".to_socket_addrs()).next().unwrap(); 58 | 59 | let socket = TcpStream::connect(&addr).await.unwrap(); 60 | 61 | // Send off the request by first negotiating an SSL handshake, then writing 62 | // of our request, then flushing, then finally read off the response. 63 | let builder = TlsConnector::builder(); 64 | let connector = t!(builder.build()); 65 | let connector = tokio_tls::TlsConnector::from(connector); 66 | let mut socket = t!(connector.connect("google.com", socket).await); 67 | t!(socket.write_all(b"GET / HTTP/1.0\r\n\r\n").await); 68 | let mut data = Vec::new(); 69 | t!(socket.read_to_end(&mut data).await); 70 | 71 | // any response code is fine 72 | assert!(data.starts_with(b"HTTP/1.0 ")); 73 | 74 | let data = String::from_utf8_lossy(&data); 75 | let data = data.trim_end(); 76 | assert!(data.ends_with("") || data.ends_with("")); 77 | } 78 | 79 | fn native2io(e: native_tls::Error) -> io::Error { 80 | io::Error::new(io::ErrorKind::Other, e) 81 | } 82 | 83 | // see comment in bad.rs for ignore reason 84 | #[cfg_attr(all(target_os = "macos", feature = "force-openssl"), ignore)] 85 | #[tokio::test] 86 | async fn wrong_hostname_error() { 87 | drop(env_logger::try_init()); 88 | 89 | let addr = t!("google.com:443".to_socket_addrs()).next().unwrap(); 90 | 91 | let socket = t!(TcpStream::connect(&addr).await); 92 | let builder = TlsConnector::builder(); 93 | let connector = t!(builder.build()); 94 | let connector = tokio_tls::TlsConnector::from(connector); 95 | let res = connector 96 | .connect("rust-lang.org", socket) 97 | .await 98 | .map_err(native2io); 99 | 100 | assert!(res.is_err()); 101 | assert_bad_hostname_error(&res.err().unwrap()); 102 | } 103 | -------------------------------------------------------------------------------- /tests/smoke.rs: -------------------------------------------------------------------------------- 1 | #![warn(rust_2018_idioms)] 2 | 3 | use cfg_if::cfg_if; 4 | use env_logger; 5 | use futures::join; 6 | use native_tls; 7 | use native_tls::{Identity, TlsAcceptor, TlsConnector}; 8 | use std::io::Write; 9 | use std::marker::Unpin; 10 | use std::process::Command; 11 | use std::ptr; 12 | use tokio::io::{AsyncReadExt, AsyncWrite, AsyncWriteExt, Error, ErrorKind}; 13 | use tokio::net::{TcpListener, TcpStream}; 14 | use tokio::stream::StreamExt; 15 | use tokio_tls; 16 | 17 | macro_rules! t { 18 | ($e:expr) => { 19 | match $e { 20 | Ok(e) => e, 21 | Err(e) => panic!("{} failed with {:?}", stringify!($e), e), 22 | } 23 | }; 24 | } 25 | 26 | #[allow(dead_code)] 27 | struct Keys { 28 | cert_der: Vec, 29 | pkey_der: Vec, 30 | pkcs12_der: Vec, 31 | } 32 | 33 | #[allow(dead_code)] 34 | fn openssl_keys() -> &'static Keys { 35 | static INIT: Once = Once::new(); 36 | static mut KEYS: *mut Keys = ptr::null_mut(); 37 | 38 | INIT.call_once(|| { 39 | let path = t!(env::current_exe()); 40 | let path = path.parent().unwrap(); 41 | let keyfile = path.join("test.key"); 42 | let certfile = path.join("test.crt"); 43 | let config = path.join("openssl.config"); 44 | 45 | File::create(&config) 46 | .unwrap() 47 | .write_all( 48 | b"\ 49 | [req]\n\ 50 | distinguished_name=dn\n\ 51 | [ dn ]\n\ 52 | CN=localhost\n\ 53 | [ ext ]\n\ 54 | basicConstraints=CA:FALSE,pathlen:0\n\ 55 | subjectAltName = @alt_names 56 | extendedKeyUsage=serverAuth,clientAuth 57 | [alt_names] 58 | DNS.1 = localhost 59 | ", 60 | ) 61 | .unwrap(); 62 | 63 | let subj = "/C=US/ST=Denial/L=Sprintfield/O=Dis/CN=localhost"; 64 | let output = t!(Command::new("openssl") 65 | .arg("req") 66 | .arg("-nodes") 67 | .arg("-x509") 68 | .arg("-newkey") 69 | .arg("rsa:2048") 70 | .arg("-config") 71 | .arg(&config) 72 | .arg("-extensions") 73 | .arg("ext") 74 | .arg("-subj") 75 | .arg(subj) 76 | .arg("-keyout") 77 | .arg(&keyfile) 78 | .arg("-out") 79 | .arg(&certfile) 80 | .arg("-days") 81 | .arg("1") 82 | .output()); 83 | assert!(output.status.success()); 84 | 85 | let crtout = t!(Command::new("openssl") 86 | .arg("x509") 87 | .arg("-outform") 88 | .arg("der") 89 | .arg("-in") 90 | .arg(&certfile) 91 | .output()); 92 | assert!(crtout.status.success()); 93 | let keyout = t!(Command::new("openssl") 94 | .arg("rsa") 95 | .arg("-outform") 96 | .arg("der") 97 | .arg("-in") 98 | .arg(&keyfile) 99 | .output()); 100 | assert!(keyout.status.success()); 101 | 102 | let pkcs12out = t!(Command::new("openssl") 103 | .arg("pkcs12") 104 | .arg("-export") 105 | .arg("-nodes") 106 | .arg("-inkey") 107 | .arg(&keyfile) 108 | .arg("-in") 109 | .arg(&certfile) 110 | .arg("-password") 111 | .arg("pass:foobar") 112 | .output()); 113 | assert!(pkcs12out.status.success()); 114 | 115 | let keys = Box::new(Keys { 116 | cert_der: crtout.stdout, 117 | pkey_der: keyout.stdout, 118 | pkcs12_der: pkcs12out.stdout, 119 | }); 120 | unsafe { 121 | KEYS = Box::into_raw(keys); 122 | } 123 | }); 124 | unsafe { &*KEYS } 125 | } 126 | 127 | cfg_if! { 128 | if #[cfg(feature = "rustls")] { 129 | use webpki; 130 | use untrusted; 131 | use std::env; 132 | use std::fs::File; 133 | use std::process::Command; 134 | use std::sync::Once; 135 | 136 | use untrusted::Input; 137 | use webpki::trust_anchor_util; 138 | 139 | fn server_cx() -> io::Result { 140 | let mut cx = ServerContext::new(); 141 | 142 | let (cert, key) = keys(); 143 | cx.config_mut() 144 | .set_single_cert(vec![cert.to_vec()], key.to_vec()); 145 | 146 | Ok(cx) 147 | } 148 | 149 | fn configure_client(cx: &mut ClientContext) { 150 | let (cert, _key) = keys(); 151 | let cert = Input::from(cert); 152 | let anchor = trust_anchor_util::cert_der_as_trust_anchor(cert).unwrap(); 153 | cx.config_mut().root_store.add_trust_anchors(&[anchor]); 154 | } 155 | 156 | // Like OpenSSL we generate certificates on the fly, but for OSX we 157 | // also have to put them into a specific keychain. We put both the 158 | // certificates and the keychain next to our binary. 159 | // 160 | // Right now I don't know of a way to programmatically create a 161 | // self-signed certificate, so we just fork out to the `openssl` binary. 162 | fn keys() -> (&'static [u8], &'static [u8]) { 163 | static INIT: Once = Once::new(); 164 | static mut KEYS: *mut (Vec, Vec) = ptr::null_mut(); 165 | 166 | INIT.call_once(|| { 167 | let (key, cert) = openssl_keys(); 168 | let path = t!(env::current_exe()); 169 | let path = path.parent().unwrap(); 170 | let keyfile = path.join("test.key"); 171 | let certfile = path.join("test.crt"); 172 | let config = path.join("openssl.config"); 173 | 174 | File::create(&config).unwrap().write_all(b"\ 175 | [req]\n\ 176 | distinguished_name=dn\n\ 177 | [ dn ]\n\ 178 | CN=localhost\n\ 179 | [ ext ]\n\ 180 | basicConstraints=CA:FALSE,pathlen:0\n\ 181 | subjectAltName = @alt_names 182 | [alt_names] 183 | DNS.1 = localhost 184 | ").unwrap(); 185 | 186 | let subj = "/C=US/ST=Denial/L=Sprintfield/O=Dis/CN=localhost"; 187 | let output = t!(Command::new("openssl") 188 | .arg("req") 189 | .arg("-nodes") 190 | .arg("-x509") 191 | .arg("-newkey").arg("rsa:2048") 192 | .arg("-config").arg(&config) 193 | .arg("-extensions").arg("ext") 194 | .arg("-subj").arg(subj) 195 | .arg("-keyout").arg(&keyfile) 196 | .arg("-out").arg(&certfile) 197 | .arg("-days").arg("1") 198 | .output()); 199 | assert!(output.status.success()); 200 | 201 | let crtout = t!(Command::new("openssl") 202 | .arg("x509") 203 | .arg("-outform").arg("der") 204 | .arg("-in").arg(&certfile) 205 | .output()); 206 | assert!(crtout.status.success()); 207 | let keyout = t!(Command::new("openssl") 208 | .arg("rsa") 209 | .arg("-outform").arg("der") 210 | .arg("-in").arg(&keyfile) 211 | .output()); 212 | assert!(keyout.status.success()); 213 | 214 | let cert = crtout.stdout; 215 | let key = keyout.stdout; 216 | unsafe { 217 | KEYS = Box::into_raw(Box::new((cert, key))); 218 | } 219 | }); 220 | unsafe { 221 | (&(*KEYS).0, &(*KEYS).1) 222 | } 223 | } 224 | } else if #[cfg(any(feature = "force-openssl", 225 | all(not(target_os = "macos"), 226 | not(target_os = "windows"), 227 | not(target_os = "ios"))))] { 228 | use std::fs::File; 229 | use std::env; 230 | use std::sync::Once; 231 | 232 | fn contexts() -> (tokio_tls::TlsAcceptor, tokio_tls::TlsConnector) { 233 | let keys = openssl_keys(); 234 | 235 | let pkcs12 = t!(Identity::from_pkcs12(&keys.pkcs12_der, "foobar")); 236 | let srv = TlsAcceptor::builder(pkcs12); 237 | 238 | let cert = t!(native_tls::Certificate::from_der(&keys.cert_der)); 239 | 240 | let mut client = TlsConnector::builder(); 241 | t!(client.add_root_certificate(cert).build()); 242 | 243 | (t!(srv.build()).into(), t!(client.build()).into()) 244 | } 245 | } else if #[cfg(any(target_os = "macos", target_os = "ios"))] { 246 | use std::env; 247 | use std::fs::File; 248 | use std::sync::Once; 249 | 250 | fn contexts() -> (tokio_tls::TlsAcceptor, tokio_tls::TlsConnector) { 251 | let keys = openssl_keys(); 252 | 253 | let pkcs12 = t!(Identity::from_pkcs12(&keys.pkcs12_der, "foobar")); 254 | let srv = TlsAcceptor::builder(pkcs12); 255 | 256 | let cert = native_tls::Certificate::from_der(&keys.cert_der).unwrap(); 257 | let mut client = TlsConnector::builder(); 258 | client.add_root_certificate(cert); 259 | 260 | (t!(srv.build()).into(), t!(client.build()).into()) 261 | } 262 | } else { 263 | use schannel; 264 | use winapi; 265 | 266 | use std::env; 267 | use std::fs::File; 268 | use std::io; 269 | use std::mem; 270 | use std::sync::Once; 271 | 272 | use schannel::cert_context::CertContext; 273 | use schannel::cert_store::{CertStore, CertAdd, Memory}; 274 | use winapi::shared::basetsd::*; 275 | use winapi::shared::lmcons::*; 276 | use winapi::shared::minwindef::*; 277 | use winapi::shared::ntdef::WCHAR; 278 | use winapi::um::minwinbase::*; 279 | use winapi::um::sysinfoapi::*; 280 | use winapi::um::timezoneapi::*; 281 | use winapi::um::wincrypt::*; 282 | 283 | const FRIENDLY_NAME: &str = "tokio-tls localhost testing cert"; 284 | 285 | fn contexts() -> (tokio_tls::TlsAcceptor, tokio_tls::TlsConnector) { 286 | let cert = localhost_cert(); 287 | let mut store = t!(Memory::new()).into_store(); 288 | t!(store.add_cert(&cert, CertAdd::Always)); 289 | let pkcs12_der = t!(store.export_pkcs12("foobar")); 290 | let pkcs12 = t!(Identity::from_pkcs12(&pkcs12_der, "foobar")); 291 | 292 | let srv = TlsAcceptor::builder(pkcs12); 293 | let client = TlsConnector::builder(); 294 | (t!(srv.build()).into(), t!(client.build()).into()) 295 | } 296 | 297 | // ==================================================================== 298 | // Magic! 299 | // 300 | // Lots of magic is happening here to wrangle certificates for running 301 | // these tests on Windows. For more information see the test suite 302 | // in the schannel-rs crate as this is just coyping that. 303 | // 304 | // The general gist of this though is that the only way to add custom 305 | // trusted certificates is to add it to the system store of trust. To 306 | // do that we go through the whole rigamarole here to generate a new 307 | // self-signed certificate and then insert that into the system store. 308 | // 309 | // This generates some dialogs, so we print what we're doing sometimes, 310 | // and otherwise we just manage the ephemeral certificates. Because 311 | // they're in the system store we always ensure that they're only valid 312 | // for a small period of time (e.g. 1 day). 313 | 314 | fn localhost_cert() -> CertContext { 315 | static INIT: Once = Once::new(); 316 | INIT.call_once(|| { 317 | for cert in local_root_store().certs() { 318 | let name = match cert.friendly_name() { 319 | Ok(name) => name, 320 | Err(_) => continue, 321 | }; 322 | if name != FRIENDLY_NAME { 323 | continue 324 | } 325 | if !cert.is_time_valid().unwrap() { 326 | io::stdout().write_all(br#" 327 | 328 | The tokio-tls test suite is about to delete an old copy of one of its 329 | certificates from your root trust store. This certificate was only valid for one 330 | day and it is no longer needed. The host should be "localhost" and the 331 | description should mention "tokio-tls". 332 | 333 | "#).unwrap(); 334 | cert.delete().unwrap(); 335 | } else { 336 | return 337 | } 338 | } 339 | 340 | install_certificate().unwrap(); 341 | }); 342 | 343 | for cert in local_root_store().certs() { 344 | let name = match cert.friendly_name() { 345 | Ok(name) => name, 346 | Err(_) => continue, 347 | }; 348 | if name == FRIENDLY_NAME { 349 | return cert 350 | } 351 | } 352 | 353 | panic!("couldn't find a cert"); 354 | } 355 | 356 | fn local_root_store() -> CertStore { 357 | if env::var("CI").is_ok() { 358 | CertStore::open_local_machine("Root").unwrap() 359 | } else { 360 | CertStore::open_current_user("Root").unwrap() 361 | } 362 | } 363 | 364 | fn install_certificate() -> io::Result { 365 | unsafe { 366 | let mut provider = 0; 367 | let mut hkey = 0; 368 | 369 | let mut buffer = "tokio-tls test suite".encode_utf16() 370 | .chain(Some(0)) 371 | .collect::>(); 372 | let res = CryptAcquireContextW(&mut provider, 373 | buffer.as_ptr(), 374 | ptr::null_mut(), 375 | PROV_RSA_FULL, 376 | CRYPT_MACHINE_KEYSET); 377 | if res != TRUE { 378 | // create a new key container (since it does not exist) 379 | let res = CryptAcquireContextW(&mut provider, 380 | buffer.as_ptr(), 381 | ptr::null_mut(), 382 | PROV_RSA_FULL, 383 | CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET); 384 | if res != TRUE { 385 | return Err(Error::last_os_error()) 386 | } 387 | } 388 | 389 | // create a new keypair (RSA-2048) 390 | let res = CryptGenKey(provider, 391 | AT_SIGNATURE, 392 | 0x0800<<16 | CRYPT_EXPORTABLE, 393 | &mut hkey); 394 | if res != TRUE { 395 | return Err(Error::last_os_error()); 396 | } 397 | 398 | // start creating the certificate 399 | let name = "CN=localhost,O=tokio-tls,OU=tokio-tls,\ 400 | G=tokio_tls".encode_utf16() 401 | .chain(Some(0)) 402 | .collect::>(); 403 | let mut cname_buffer: [WCHAR; UNLEN as usize + 1] = mem::zeroed(); 404 | let mut cname_len = cname_buffer.len() as DWORD; 405 | let res = CertStrToNameW(X509_ASN_ENCODING, 406 | name.as_ptr(), 407 | CERT_X500_NAME_STR, 408 | ptr::null_mut(), 409 | cname_buffer.as_mut_ptr() as *mut u8, 410 | &mut cname_len, 411 | ptr::null_mut()); 412 | if res != TRUE { 413 | return Err(Error::last_os_error()); 414 | } 415 | 416 | let mut subject_issuer = CERT_NAME_BLOB { 417 | cbData: cname_len, 418 | pbData: cname_buffer.as_ptr() as *mut u8, 419 | }; 420 | let mut key_provider = CRYPT_KEY_PROV_INFO { 421 | pwszContainerName: buffer.as_mut_ptr(), 422 | pwszProvName: ptr::null_mut(), 423 | dwProvType: PROV_RSA_FULL, 424 | dwFlags: CRYPT_MACHINE_KEYSET, 425 | cProvParam: 0, 426 | rgProvParam: ptr::null_mut(), 427 | dwKeySpec: AT_SIGNATURE, 428 | }; 429 | let mut sig_algorithm = CRYPT_ALGORITHM_IDENTIFIER { 430 | pszObjId: szOID_RSA_SHA256RSA.as_ptr() as *mut _, 431 | Parameters: mem::zeroed(), 432 | }; 433 | let mut expiration_date: SYSTEMTIME = mem::zeroed(); 434 | GetSystemTime(&mut expiration_date); 435 | let mut file_time: FILETIME = mem::zeroed(); 436 | let res = SystemTimeToFileTime(&expiration_date, 437 | &mut file_time); 438 | if res != TRUE { 439 | return Err(Error::last_os_error()); 440 | } 441 | let mut timestamp: u64 = file_time.dwLowDateTime as u64 | 442 | (file_time.dwHighDateTime as u64) << 32; 443 | // one day, timestamp unit is in 100 nanosecond intervals 444 | timestamp += (1E9 as u64) / 100 * (60 * 60 * 24); 445 | file_time.dwLowDateTime = timestamp as u32; 446 | file_time.dwHighDateTime = (timestamp >> 32) as u32; 447 | let res = FileTimeToSystemTime(&file_time, 448 | &mut expiration_date); 449 | if res != TRUE { 450 | return Err(Error::last_os_error()); 451 | } 452 | 453 | // create a self signed certificate 454 | let cert_context = CertCreateSelfSignCertificate( 455 | 0 as ULONG_PTR, 456 | &mut subject_issuer, 457 | 0, 458 | &mut key_provider, 459 | &mut sig_algorithm, 460 | ptr::null_mut(), 461 | &mut expiration_date, 462 | ptr::null_mut()); 463 | if cert_context.is_null() { 464 | return Err(Error::last_os_error()); 465 | } 466 | 467 | // TODO: this is.. a terrible hack. Right now `schannel` 468 | // doesn't provide a public method to go from a raw 469 | // cert context pointer to the `CertContext` structure it 470 | // has, so we just fake it here with a transmute. This'll 471 | // probably break at some point, but hopefully by then 472 | // it'll have a method to do this! 473 | struct MyCertContext(T); 474 | impl Drop for MyCertContext { 475 | fn drop(&mut self) {} 476 | } 477 | 478 | let cert_context = MyCertContext(cert_context); 479 | let cert_context: CertContext = mem::transmute(cert_context); 480 | 481 | cert_context.set_friendly_name(FRIENDLY_NAME)?; 482 | 483 | // install the certificate to the machine's local store 484 | io::stdout().write_all(br#" 485 | 486 | The tokio-tls test suite is about to add a certificate to your set of root 487 | and trusted certificates. This certificate should be for the domain "localhost" 488 | with the description related to "tokio-tls". This certificate is only valid 489 | for one day and will be automatically deleted if you re-run the tokio-tls 490 | test suite later. 491 | 492 | "#).unwrap(); 493 | local_root_store().add_cert(&cert_context, 494 | CertAdd::ReplaceExisting)?; 495 | Ok(cert_context) 496 | } 497 | } 498 | } 499 | } 500 | 501 | const AMT: usize = 128 * 1024; 502 | 503 | async fn copy_data(mut w: W) -> Result { 504 | let mut data = vec![9; AMT as usize]; 505 | let mut amt = 0; 506 | while !data.is_empty() { 507 | let written = w.write(&data).await?; 508 | if written <= data.len() { 509 | amt += written; 510 | data.resize(data.len() - written, 0); 511 | } else { 512 | w.write_all(&data).await?; 513 | amt += data.len(); 514 | break; 515 | } 516 | 517 | println!("remaining: {}", data.len()); 518 | } 519 | Ok(amt) 520 | } 521 | 522 | #[tokio::test] 523 | async fn client_to_server() { 524 | drop(env_logger::try_init()); 525 | 526 | // Create a server listening on a port, then figure out what that port is 527 | let mut srv = t!(TcpListener::bind("127.0.0.1:0").await); 528 | let addr = t!(srv.local_addr()); 529 | 530 | let (server_cx, client_cx) = contexts(); 531 | 532 | // Create a future to accept one socket, connect the ssl stream, and then 533 | // read all the data from it. 534 | let server = async move { 535 | let mut incoming = srv.incoming(); 536 | let socket = t!(incoming.next().await.unwrap()); 537 | let mut socket = t!(server_cx.accept(socket).await); 538 | let mut data = Vec::new(); 539 | t!(socket.read_to_end(&mut data).await); 540 | data 541 | }; 542 | 543 | // Create a future to connect to our server, connect the ssl stream, and 544 | // then write a bunch of data to it. 545 | let client = async move { 546 | let socket = t!(TcpStream::connect(&addr).await); 547 | let socket = t!(client_cx.connect("localhost", socket).await); 548 | copy_data(socket).await 549 | }; 550 | 551 | // Finally, run everything! 552 | let (data, _) = join!(server, client); 553 | // assert_eq!(amt, AMT); 554 | assert!(data == vec![9; AMT]); 555 | } 556 | 557 | #[tokio::test] 558 | async fn server_to_client() { 559 | drop(env_logger::try_init()); 560 | 561 | // Create a server listening on a port, then figure out what that port is 562 | let mut srv = t!(TcpListener::bind("127.0.0.1:0").await); 563 | let addr = t!(srv.local_addr()); 564 | 565 | let (server_cx, client_cx) = contexts(); 566 | 567 | let server = async move { 568 | let mut incoming = srv.incoming(); 569 | let socket = t!(incoming.next().await.unwrap()); 570 | let socket = t!(server_cx.accept(socket).await); 571 | copy_data(socket).await 572 | }; 573 | 574 | let client = async move { 575 | let socket = t!(TcpStream::connect(&addr).await); 576 | let mut socket = t!(client_cx.connect("localhost", socket).await); 577 | let mut data = Vec::new(); 578 | t!(socket.read_to_end(&mut data).await); 579 | data 580 | }; 581 | 582 | // Finally, run everything! 583 | let (_, data) = join!(server, client); 584 | // assert_eq!(amt, AMT); 585 | assert!(data == vec![9; AMT]); 586 | } 587 | 588 | #[tokio::test] 589 | async fn one_byte_at_a_time() { 590 | const AMT: usize = 1024; 591 | drop(env_logger::try_init()); 592 | 593 | let mut srv = t!(TcpListener::bind("127.0.0.1:0").await); 594 | let addr = t!(srv.local_addr()); 595 | 596 | let (server_cx, client_cx) = contexts(); 597 | 598 | let server = async move { 599 | let mut incoming = srv.incoming(); 600 | let socket = t!(incoming.next().await.unwrap()); 601 | let mut socket = t!(server_cx.accept(socket).await); 602 | let mut amt = 0; 603 | for b in std::iter::repeat(9).take(AMT) { 604 | let data = [b as u8]; 605 | t!(socket.write_all(&data).await); 606 | amt += 1; 607 | } 608 | amt 609 | }; 610 | 611 | let client = async move { 612 | let socket = t!(TcpStream::connect(&addr).await); 613 | let mut socket = t!(client_cx.connect("localhost", socket).await); 614 | let mut data = Vec::new(); 615 | loop { 616 | let mut buf = [0; 1]; 617 | match socket.read_exact(&mut buf).await { 618 | Ok(_) => data.extend_from_slice(&buf), 619 | Err(ref err) if err.kind() == ErrorKind::UnexpectedEof => break, 620 | Err(err) => panic!(err), 621 | } 622 | } 623 | data 624 | }; 625 | 626 | let (amt, data) = join!(server, client); 627 | assert_eq!(amt, AMT); 628 | assert!(data == vec![9; AMT as usize]); 629 | } 630 | --------------------------------------------------------------------------------