This is an automated email from the ASF dual-hosted git repository.
lizhanhui pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/rocketmq-client-rust.git
The following commit(s) were added to refs/heads/develop by this push:
new f67cfb1 Enable tls-roots feature of tonic to load root CA certificates
f67cfb1 is described below
commit f67cfb110ef5bd5b1aebc9c06ee7918ebb560e53
Author: Li Zhanhui <[email protected]>
AuthorDate: Sat Apr 2 08:46:41 2022 +0000
Enable tls-roots feature of tonic to load root CA certificates
---
Cargo.lock | 79 +++++++++++++++++++++++++++++++++++++++++-
Cargo.toml | 2 +-
src/bin/server.rs | 2 +-
src/{rocketmq.rs => client.rs} | 36 ++++++-------------
src/lib.rs | 4 +--
src/{service.rs => server.rs} | 0
6 files changed, 92 insertions(+), 31 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index ff88454..f880360 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -141,6 +141,22 @@ dependencies = [
]
[[package]]
+name = "core-foundation"
+version = "0.9.3"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "194a7a9e6de53fa55116934067c844d9d749312f75c6f6d0980e8c252f8c2146"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
+[[package]]
+name = "core-foundation-sys"
+version = "0.8.3"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
+
+[[package]]
name = "crc32fast"
version = "1.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index";
@@ -531,6 +547,12 @@ source =
"registry+https://github.com/rust-lang/crates.io-index";
checksum = "da32515d9f6e6e489d7bc9d84c71b060db7247dc035bbe44eac88cf87486d8d5"
[[package]]
+name = "openssl-probe"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
+
+[[package]]
name = "parking_lot"
version = "0.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index";
@@ -795,6 +817,27 @@ dependencies = [
]
[[package]]
+name = "rustls-native-certs"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "5ca9ebdfa27d3fc180e42879037b5338ab1c040c06affd00d8338598e7800943"
+dependencies = [
+ "openssl-probe",
+ "rustls-pemfile 0.2.1",
+ "schannel",
+ "security-framework",
+]
+
+[[package]]
+name = "rustls-pemfile"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "5eebeaeb360c87bfb72e84abdb3447159c0eaececf1bef2aecd65a8be949d1c9"
+dependencies = [
+ "base64",
+]
+
+[[package]]
name = "rustls-pemfile"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index";
@@ -804,6 +847,16 @@ dependencies = [
]
[[package]]
+name = "schannel"
+version = "0.1.19"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "8f05ba609c234e60bee0d547fe94a4c7e9da733d1c962cf6e59efa4cd9c8bc75"
+dependencies = [
+ "lazy_static",
+ "winapi",
+]
+
+[[package]]
name = "scopeguard"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index";
@@ -820,6 +873,29 @@ dependencies = [
]
[[package]]
+name = "security-framework"
+version = "2.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "2dc14f172faf8a0194a3aded622712b0de276821addc574fa54fc0a1167e10dc"
+dependencies = [
+ "bitflags",
+ "core-foundation",
+ "core-foundation-sys",
+ "libc",
+ "security-framework-sys",
+]
+
+[[package]]
+name = "security-framework-sys"
+version = "2.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index";
+checksum = "0160a13a177a45bfb43ce71c01580998474f556ad854dcbca936dd2841a5c556"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
+[[package]]
name = "serde"
version = "1.0.136"
source = "registry+https://github.com/rust-lang/crates.io-index";
@@ -1007,7 +1083,8 @@ dependencies = [
"pin-project",
"prost",
"prost-derive",
- "rustls-pemfile",
+ "rustls-native-certs",
+ "rustls-pemfile 0.3.0",
"tokio",
"tokio-rustls",
"tokio-stream",
diff --git a/Cargo.toml b/Cargo.toml
index 42483bd..52cdba9 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -7,7 +7,7 @@ edition = "2021"
[dependencies]
futures = { version = "0.3", default-features = false, features = ["alloc"] }
-tonic = { version = "0.7", features = ["default", "tls", "compression"] }
+tonic = { version = "0.7", features = ["default", "tls", "compression",
"tls-roots"] }
prost = "0.10"
prost-types = "0.10"
tokio = { version = "1", features = ["full"]}
diff --git a/src/bin/server.rs b/src/bin/server.rs
index d9c1eee..e58309a 100644
--- a/src/bin/server.rs
+++ b/src/bin/server.rs
@@ -1,5 +1,5 @@
use rocketmq::pb::messaging_service_server::MessagingServiceServer;
-use rocketmq::service::ServerService;
+use rocketmq::server::ServerService;
use tonic::transport::Server;
#[tokio::main]
diff --git a/src/rocketmq.rs b/src/client.rs
similarity index 67%
rename from src/rocketmq.rs
rename to src/client.rs
index 7ee369d..71e3c51 100644
--- a/src/rocketmq.rs
+++ b/src/client.rs
@@ -1,7 +1,6 @@
use crate::pb::{
messaging_service_client::MessagingServiceClient, QueryRouteRequest,
QueryRouteResponse,
};
-use rustls::client::ServerCertVerifier;
use tonic::{
transport::{Channel, ClientTlsConfig},
Request, Response,
@@ -12,22 +11,6 @@ pub struct RpcClient {
remote_address: String,
}
-struct TrustAllCertVerifier;
-
-impl ServerCertVerifier for TrustAllCertVerifier {
- fn verify_server_cert(
- &self,
- end_entity: &rustls::Certificate,
- intermediates: &[rustls::Certificate],
- server_name: &rustls::ServerName,
- scts: &mut dyn Iterator<Item = &[u8]>,
- ocsp_response: &[u8],
- now: std::time::SystemTime,
- ) -> Result<rustls::client::ServerCertVerified, rustls::Error> {
- Ok(rustls::client::ServerCertVerified::assertion())
- }
-}
-
impl RpcClient {
pub async fn new(target: &'static str) -> Result<RpcClient, Box<dyn
std::error::Error>> {
let remote_address = String::from(target);
@@ -36,14 +19,7 @@ impl RpcClient {
.tcp_nodelay(true)
.connect_timeout(std::time::Duration::from_secs(3));
if remote_address.starts_with("https://";) {
- let verifier = std::sync::Arc::new(TrustAllCertVerifier {});
- let rustls_config = rustls::client::ClientConfig::builder()
- .with_safe_defaults()
- .with_custom_certificate_verifier(verifier)
- .with_no_client_auth();
- //TODO: Disable verify server certificate
- let tls_config = ClientTlsConfig::new();
- channel = channel.tls_config(tls_config)?;
+ channel = channel.tls_config(ClientTlsConfig::new())?;
}
let channel = channel.connect().await?;
let stub = MessagingServiceClient::new(channel);
@@ -70,12 +46,20 @@ mod test {
#[tokio::test]
async fn test_connect() {
let target = "http://127.0.0.1:5001";;
- let mut rpc_client = RpcClient::new(target)
+ let _rpc_client = RpcClient::new(target)
.await
.expect("Should be able to connect");
}
#[tokio::test]
+ async fn test_connect_staging() {
+ let target =
"https://mq-inst-1080056302921134-bxuibml7.mq.cn-hangzhou.aliyuncs.com:80";;
+ let _rpc_client = RpcClient::new(target)
+ .await
+ .expect("Failed to connect to staging proxy server");
+ }
+
+ #[tokio::test]
async fn test_query_route() {
let target = "http://127.0.0.1:5001";;
let mut rpc_client = RpcClient::new(target)
diff --git a/src/lib.rs b/src/lib.rs
index 813a8ee..ef0b606 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,3 +1,3 @@
pub mod pb;
-pub mod rocketmq;
-pub mod service;
+pub mod client;
+pub mod server;
diff --git a/src/service.rs b/src/server.rs
similarity index 100%
rename from src/service.rs
rename to src/server.rs
