Initial dump for a boring-rustls-provider

This is just a dump of me figuring out how to interface with boring and rustls. It works to establish a connection and exchange data but I haven't written real tests yet, nor did I cleanup the code or made the effort to make it look nice. There is probably some code in here that should rather live in the `boring` crate.
2023-11-19 17:41:54 +01:00 · 2023-11-19 17:41:54 +01:00 · 5c45b9426b
commit 5c45b9426b
parent db339f7161
24 changed files with 2355 additions and 0 deletions
--- a/examples/Cargo.toml
+++ b/examples/Cargo.toml
@ -0,0 +1,21 @@
+[package]
+name = "boring-rustls-provider-examples"
+version = "0.0.1"
+edition = "2021"
+license = "MIT"
+description = "Boring Rustls provider example code and tests."
+publish = false
+
+[dependencies]
+docopt = "~1.1"
+env_logger = "0.10"
+log = { version = "0.4.4" }
+mio = { version = "0.8", features = ["net", "os-poll"] }
+pki-types = { package = "rustls-pki-types", version = "0.2" }
+rcgen = { version = "0.11.3", features = ["pem"], default-features = false }
+rustls = { workspace = true, features = [ "logging" ]}
+boring-rustls-provider = { path = "../boring-rustls-provider", features = ["logging"] }
+rustls-pemfile = "=2.0.0-alpha.1"
+serde = "1.0"
+serde_derive = "1.0"
+webpki-roots = "=0.26.0-alpha.1"
--- a/examples/src/bin/client.rs
+++ b/examples/src/bin/client.rs
@ -0,0 +1,43 @@
+use std::io::{stdout, Read, Write};
+use std::net::TcpStream;
+use std::sync::Arc;
+
+use boring_rustls_provider::PROVIDER;
+
+fn main() {
+    env_logger::init();
+
+    let mut root_store = rustls::RootCertStore::empty();
+    root_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
+
+    let config = rustls::ClientConfig::builder_with_provider(PROVIDER)
+        .with_safe_defaults()
+        .with_root_certificates(root_store)
+        .with_no_client_auth();
+
+    let server_name = "www.rust-lang.org".try_into().unwrap();
+    let mut conn = rustls::ClientConnection::new(Arc::new(config), server_name).unwrap();
+    let mut sock = TcpStream::connect("www.rust-lang.org:443").unwrap();
+    let mut tls = rustls::Stream::new(&mut conn, &mut sock);
+    tls.write_all(
+        concat!(
+            "GET / HTTP/1.1\r\n",
+            "Host: www.rust-lang.org\r\n",
+            "Connection: close\r\n",
+            "Accept-Encoding: identity\r\n",
+            "\r\n"
+        )
+        .as_bytes(),
+    )
+    .unwrap();
+    let ciphersuite = tls.conn.negotiated_cipher_suite().unwrap();
+    writeln!(
+        &mut std::io::stderr(),
+        "Current ciphersuite: {:?}",
+        ciphersuite.suite()
+    )
+    .unwrap();
+    let mut plaintext = Vec::new();
+    tls.read_to_end(&mut plaintext).unwrap();
+    stdout().write_all(&plaintext).unwrap();
+}