feat: force TLS shutdown after TLS ALPN 01 challenge
This commit is contained in:
Jun Kurihara
parent
597f3afd76
commit
28a6da9505
1 changed files with 39 additions and 7 deletions
|
|
@ -193,6 +193,8 @@ where
|
||||||
if server_name.is_none(){
|
if server_name.is_none(){
|
||||||
return Err(RpxyError::NoServerNameInClientHello);
|
return Err(RpxyError::NoServerNameInClientHello);
|
||||||
}
|
}
|
||||||
|
#[cfg(feature = "acme")]
|
||||||
|
let mut is_handshake_acme = false; // for shutdown just after TLS handshake
|
||||||
/* ------------------ */
|
/* ------------------ */
|
||||||
// Check for ACME TLS ALPN challenge
|
// Check for ACME TLS ALPN challenge
|
||||||
#[cfg(feature = "acme")]
|
#[cfg(feature = "acme")]
|
||||||
|
|
@ -202,6 +204,7 @@ where
|
||||||
let Some(server_crypto_acme) = server_configs_acme_challenge.get(&sni.unwrap().to_ascii_lowercase()) else {
|
let Some(server_crypto_acme) = server_configs_acme_challenge.get(&sni.unwrap().to_ascii_lowercase()) else {
|
||||||
return Err(RpxyError::NoAcmeServerConfig);
|
return Err(RpxyError::NoAcmeServerConfig);
|
||||||
};
|
};
|
||||||
|
is_handshake_acme = true;
|
||||||
server_crypto_acme
|
server_crypto_acme
|
||||||
} else {
|
} else {
|
||||||
let server_crypto = sc_map_inner.as_ref().unwrap().get(server_name.as_ref().unwrap());
|
let server_crypto = sc_map_inner.as_ref().unwrap().get(server_name.as_ref().unwrap());
|
||||||
|
|
@ -227,7 +230,14 @@ where
|
||||||
return Err(RpxyError::FailedToTlsHandshake(e.to_string()));
|
return Err(RpxyError::FailedToTlsHandshake(e.to_string()));
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
Ok((stream, client_addr, server_name))
|
#[cfg(feature = "acme")]
|
||||||
|
{
|
||||||
|
Ok((stream, client_addr, server_name, is_handshake_acme))
|
||||||
|
}
|
||||||
|
#[cfg(not(feature="acme"))]
|
||||||
|
{
|
||||||
|
Ok((stream, client_addr, server_name))
|
||||||
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
self.globals.runtime_handle.spawn( async move {
|
self.globals.runtime_handle.spawn( async move {
|
||||||
|
|
@ -239,14 +249,36 @@ where
|
||||||
error!("Timeout to handshake TLS");
|
error!("Timeout to handshake TLS");
|
||||||
return;
|
return;
|
||||||
};
|
};
|
||||||
match v {
|
/* ------------------ */
|
||||||
Ok((stream, client_addr, server_name)) => {
|
#[cfg(feature = "acme")]
|
||||||
self_inner.serve_connection(stream, client_addr, server_name);
|
{
|
||||||
}
|
match v {
|
||||||
Err(e) => {
|
Ok((mut stream, client_addr, server_name, is_handshake_acme)) => {
|
||||||
error!("{}", e);
|
if is_handshake_acme {
|
||||||
|
debug!("Shutdown TLS connection after ACME TLS ALPN challenge");
|
||||||
|
use tokio::io::AsyncWriteExt;
|
||||||
|
stream.inner_mut().shutdown().await.ok();
|
||||||
|
}
|
||||||
|
self_inner.serve_connection(stream, client_addr, server_name);
|
||||||
|
}
|
||||||
|
Err(e) => {
|
||||||
|
error!("{}", e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
/* ------------------ */
|
||||||
|
#[cfg(not(feature = "acme"))]
|
||||||
|
{
|
||||||
|
match v {
|
||||||
|
Ok((stream, client_addr, server_name)) => {
|
||||||
|
self_inner.serve_connection(stream, client_addr, server_name);
|
||||||
|
}
|
||||||
|
Err(e) => {
|
||||||
|
error!("{}", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/* ------------------ */
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
_ = server_crypto_rx.changed().fuse() => {
|
_ = server_crypto_rx.changed().fuse() => {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue