changed the verification from ip to domain
This commit is contained in:
parent
4aa6406428
commit
240b60636f
1
Cargo.lock
generated
1
Cargo.lock
generated
@ -2173,6 +2173,7 @@ dependencies = [
|
|||||||
"rpassword",
|
"rpassword",
|
||||||
"rsa",
|
"rsa",
|
||||||
"rustls",
|
"rustls",
|
||||||
|
"rustls-native-certs",
|
||||||
"rustls-pemfile",
|
"rustls-pemfile",
|
||||||
"sdlan-sn-rs",
|
"sdlan-sn-rs",
|
||||||
"serde",
|
"serde",
|
||||||
|
|||||||
@ -42,6 +42,7 @@ hex = "0.4.3"
|
|||||||
ahash = "0.8.12"
|
ahash = "0.8.12"
|
||||||
ipnet = "2.12.0"
|
ipnet = "2.12.0"
|
||||||
arc-swap = "1.9.0"
|
arc-swap = "1.9.0"
|
||||||
|
rustls-native-certs = "0.8.3"
|
||||||
# rolling-file = { path = "../rolling-file" }
|
# rolling-file = { path = "../rolling-file" }
|
||||||
|
|
||||||
[target.'cfg(unix)'.dependencies]
|
[target.'cfg(unix)'.dependencies]
|
||||||
|
|||||||
@ -157,7 +157,8 @@ async fn daemonize_me(
|
|||||||
mac,
|
mac,
|
||||||
CommandLine {
|
CommandLine {
|
||||||
sn: server.clone()+":1365",
|
sn: server.clone()+":1365",
|
||||||
quic: server.clone()+":443",
|
quic: server.clone() + ":443",
|
||||||
|
quic_domain: hostname,
|
||||||
nat_server1: server.clone() +":1365",
|
nat_server1: server.clone() +":1365",
|
||||||
// nat_server2: "47.98.178.3:1265".to_owned(),
|
// nat_server2: "47.98.178.3:1265".to_owned(),
|
||||||
nat_server2: server.clone() +":1366",
|
nat_server2: server.clone() +":1366",
|
||||||
|
|||||||
@ -40,6 +40,7 @@ pub async fn async_main(
|
|||||||
init_quic_conn(
|
init_quic_conn(
|
||||||
cancel_tcp,
|
cancel_tcp,
|
||||||
&args.quic,
|
&args.quic,
|
||||||
|
&args.quic_domain,
|
||||||
// |msg| handle_tcp_message(msg),
|
// |msg| handle_tcp_message(msg),
|
||||||
edge.tcp_pong.clone(),
|
edge.tcp_pong.clone(),
|
||||||
// tcp_pong,
|
// tcp_pong,
|
||||||
|
|||||||
@ -25,10 +25,23 @@ pub fn quic_init() -> Endpoint {
|
|||||||
}
|
}
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
let mut root_store = rustls::RootCertStore::empty();
|
||||||
|
rustls_native_certs::load_native_certs().expect("could not load platform certs").into_iter().for_each(|cert| {
|
||||||
|
root_store.add(cert).unwrap();
|
||||||
|
});
|
||||||
|
|
||||||
|
let mut rustls_config = rustls::ClientConfig::builder()
|
||||||
|
// .with_root_certificates(rustls::RootCertStore::empty())
|
||||||
|
// .with_root_certificates(root_store)
|
||||||
|
.with_root_certificates(root_store)
|
||||||
|
.with_no_client_auth();
|
||||||
|
|
||||||
|
/*
|
||||||
let mut rustls_config = rustls::ClientConfig::builder()
|
let mut rustls_config = rustls::ClientConfig::builder()
|
||||||
.dangerous()
|
.dangerous()
|
||||||
.with_custom_certificate_verifier(Arc::new(SkipServerVerification{}))
|
.with_custom_certificate_verifier(Arc::new(SkipServerVerification{}))
|
||||||
.with_no_client_auth();
|
.with_no_client_auth();
|
||||||
|
*/
|
||||||
|
|
||||||
rustls_config.alpn_protocols = vec![b"punchnet/1.0".to_vec()];
|
rustls_config.alpn_protocols = vec![b"punchnet/1.0".to_vec()];
|
||||||
|
|
||||||
|
|||||||
@ -39,6 +39,7 @@ impl ReadWriterHandle {
|
|||||||
fn new(
|
fn new(
|
||||||
cancel: CancellationToken,
|
cancel: CancellationToken,
|
||||||
addr: &str,
|
addr: &str,
|
||||||
|
domain: &str,
|
||||||
// on_connected: OnConnectedCallback<'a>,
|
// on_connected: OnConnectedCallback<'a>,
|
||||||
// on_disconnected: T3,
|
// on_disconnected: T3,
|
||||||
// on_message: T2,
|
// on_message: T2,
|
||||||
@ -56,6 +57,7 @@ impl ReadWriterHandle {
|
|||||||
let actor = ReadWriteActor::new(
|
let actor = ReadWriteActor::new(
|
||||||
cancel,
|
cancel,
|
||||||
addr,
|
addr,
|
||||||
|
domain,
|
||||||
from_tcp,
|
from_tcp,
|
||||||
connected.clone(),
|
connected.clone(),
|
||||||
pong_time,
|
pong_time,
|
||||||
@ -399,6 +401,7 @@ async fn handle_tcp_event(edge: &'static Node, eventtype: EventType, eventprotob
|
|||||||
pub fn init_quic_conn(
|
pub fn init_quic_conn(
|
||||||
cancel: CancellationToken,
|
cancel: CancellationToken,
|
||||||
addr: &str,
|
addr: &str,
|
||||||
|
domain: &str,
|
||||||
// on_connected: OnConnectedCallback<'a>,
|
// on_connected: OnConnectedCallback<'a>,
|
||||||
// on_disconnected: T3,
|
// on_disconnected: T3,
|
||||||
// on_message: T2,
|
// on_message: T2,
|
||||||
@ -414,6 +417,7 @@ pub fn init_quic_conn(
|
|||||||
let tcp_handle = ReadWriterHandle::new(
|
let tcp_handle = ReadWriterHandle::new(
|
||||||
cancel,
|
cancel,
|
||||||
addr,
|
addr,
|
||||||
|
domain,
|
||||||
// on_connected,
|
// on_connected,
|
||||||
// on_disconnected,
|
// on_disconnected,
|
||||||
// on_message,
|
// on_message,
|
||||||
@ -431,7 +435,11 @@ pub fn init_quic_conn(
|
|||||||
pub struct ReadWriteActor {
|
pub struct ReadWriteActor {
|
||||||
// actor接收的发送给tcp的接收端,由handle存放发送端
|
// actor接收的发送给tcp的接收端,由handle存放发送端
|
||||||
// to_tcp: Receiver<Vec<u8>>,
|
// to_tcp: Receiver<Vec<u8>>,
|
||||||
|
// remote is the ip version of the remote server
|
||||||
remote: String,
|
remote: String,
|
||||||
|
// hostname is the domain name of the remote server
|
||||||
|
domain: String,
|
||||||
|
|
||||||
connected: Arc<AtomicBool>,
|
connected: Arc<AtomicBool>,
|
||||||
pong_time: Arc<AtomicU64>,
|
pong_time: Arc<AtomicU64>,
|
||||||
// actor收到数据之后,发送给上层的发送端口,接收端由handle保存
|
// actor收到数据之后,发送给上层的发送端口,接收端由handle保存
|
||||||
@ -445,6 +453,7 @@ impl ReadWriteActor {
|
|||||||
pub fn new(
|
pub fn new(
|
||||||
cancel: CancellationToken,
|
cancel: CancellationToken,
|
||||||
remote: &str,
|
remote: &str,
|
||||||
|
domain: &str,
|
||||||
from_tcp: Sender<SdlanTcp>,
|
from_tcp: Sender<SdlanTcp>,
|
||||||
connected: Arc<AtomicBool>,
|
connected: Arc<AtomicBool>,
|
||||||
pong_time: Arc<AtomicU64>,
|
pong_time: Arc<AtomicU64>,
|
||||||
@ -456,6 +465,7 @@ impl ReadWriteActor {
|
|||||||
_cancel: cancel,
|
_cancel: cancel,
|
||||||
pong_time,
|
pong_time,
|
||||||
connected,
|
connected,
|
||||||
|
domain: domain.to_owned(),
|
||||||
remote: remote.to_owned(),
|
remote: remote.to_owned(),
|
||||||
from_tcp,
|
from_tcp,
|
||||||
connecting_chan,
|
connecting_chan,
|
||||||
@ -517,11 +527,9 @@ impl ReadWriteActor {
|
|||||||
let _ = connecting_chan.send(state).await;
|
let _ = connecting_chan.send(state).await;
|
||||||
}
|
}
|
||||||
|
|
||||||
let host = self.remote.split(":").next().unwrap();
|
debug!("try connecting to {}", self.domain);
|
||||||
|
|
||||||
debug!("try connecting to {}, host = {}", self.remote, host);
|
let conn = match edge.quic_endpoint.connect(self.remote.parse().unwrap(), &self.domain) {
|
||||||
|
|
||||||
let conn = match edge.quic_endpoint.connect(self.remote.parse().unwrap(), host) {
|
|
||||||
Ok(conn) => conn,
|
Ok(conn) => conn,
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
error!("failed to connect: {}", e);
|
error!("failed to connect: {}", e);
|
||||||
|
|||||||
@ -118,6 +118,8 @@ pub struct CommandLine {
|
|||||||
#[structopt(short = "t", long = "tcp", default_value = "127.0.0.1:7656")]
|
#[structopt(short = "t", long = "tcp", default_value = "127.0.0.1:7656")]
|
||||||
pub quic: String,
|
pub quic: String,
|
||||||
|
|
||||||
|
pub quic_domain: String,
|
||||||
|
|
||||||
/// in the format of "localhost:1234"
|
/// in the format of "localhost:1234"
|
||||||
#[structopt(long = "nat1")]
|
#[structopt(long = "nat1")]
|
||||||
pub nat_server1: String,
|
pub nat_server1: String,
|
||||||
@ -172,6 +174,7 @@ impl Clone for CommandLine {
|
|||||||
Self {
|
Self {
|
||||||
sn: self.sn.clone(),
|
sn: self.sn.clone(),
|
||||||
quic: self.quic.clone(),
|
quic: self.quic.clone(),
|
||||||
|
quic_domain: self.quic_domain.clone(),
|
||||||
allow_routing: self.allow_routing,
|
allow_routing: self.allow_routing,
|
||||||
_drop_multicast: self._drop_multicast,
|
_drop_multicast: self._drop_multicast,
|
||||||
register_ttl: self.register_ttl,
|
register_ttl: self.register_ttl,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user