tuxmain/rust-rpxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: force TLS shutdown after TLS ALPN 01 challenge

Browse source
This commit is contained in:
Jun Kurihara 2024-07-17 21:41:23 +09:00
commit 28a6da9505
No known key found for this signature in database
GPG key ID: D992B3E3DE1DED23
1 changed files with 39 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

32
rpxy-lib/src/proxy/proxy_main.rs
View file

@ -193,6 +193,8 @@ where
if server_name.is_none(){
return Err(RpxyError::NoServerNameInClientHello);
}
#[cfg(feature = "acme")]
let mut is_handshake_acme = false; // for shutdown just after TLS handshake
/* ------------------ */
// Check for ACME TLS ALPN challenge
#[cfg(feature = "acme")]
@ -202,6 +204,7 @@ where
let Some(server_crypto_acme) = server_configs_acme_challenge.get(&sni.unwrap().to_ascii_lowercase()) else {
return Err(RpxyError::NoAcmeServerConfig);
};
is_handshake_acme = true;
server_crypto_acme
} else {
let server_crypto = sc_map_inner.as_ref().unwrap().get(server_name.as_ref().unwrap());
@ -227,7 +230,14 @@ where
return Err(RpxyError::FailedToTlsHandshake(e.to_string()));
}
};
#[cfg(feature = "acme")]
{
Ok((stream, client_addr, server_name, is_handshake_acme))
}
#[cfg(not(feature="acme"))]
{
Ok((stream, client_addr, server_name))
}
};
self.globals.runtime_handle.spawn( async move {
@ -239,6 +249,26 @@ where
error!("Timeout to handshake TLS");
return;
};
/* ------------------ */
#[cfg(feature = "acme")]
{
match v {
Ok((mut stream, client_addr, server_name, is_handshake_acme)) => {
if is_handshake_acme {
debug!("Shutdown TLS connection after ACME TLS ALPN challenge");
use tokio::io::AsyncWriteExt;
stream.inner_mut().shutdown().await.ok();
}
self_inner.serve_connection(stream, client_addr, server_name);
}
Err(e) => {
error!("{}", e);
}
}
}
/* ------------------ */
#[cfg(not(feature = "acme"))]
{
match v {
Ok((stream, client_addr, server_name)) => {
self_inner.serve_connection(stream, client_addr, server_name);
@ -247,6 +277,8 @@ where
error!("{}", e);
}
}
}
/* ------------------ */
});
}
_ = server_crypto_rx.changed().fuse() => {