Disable resumption

2025-12-01 17:05:26 +01:00 · 2025-12-01 17:05:26 +01:00 · 2a8aba6346
commit 2a8aba6346
parent c053e4ada3
8 changed files with 27 additions and 21 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -2678,8 +2678,6 @@ dependencies = [
 [[package]]
 name = "rustls"
 version = "0.23.32"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cd3c25631629d034ce7cd9940adc9d45762d46de2b0f57193c4443b92c6d4d40"
 dependencies = [
 "aws-lc-rs",
 "log",
@ -2763,8 +2761,6 @@ dependencies = [
 [[package]]
 name = "rustls-platform-verifier"
 version = "0.6.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "be59af91596cac372a6942530653ad0c3a246cdd491aaa9dcaee47f88d67d5a0"
 dependencies = [
 "core-foundation 0.10.1",
 "core-foundation-sys",
@ -2778,14 +2774,12 @@ dependencies = [
 "security-framework 3.5.1",
 "security-framework-sys",
 "webpki-root-certs",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]

 [[package]]
 name = "rustls-platform-verifier-android"
 version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f87165f0995f63a9fbeea62b64d10b4d9d8e78ec6d7d51fb2125fda7bb36788f"

 [[package]]
 name = "rustls-post-quantum"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -19,4 +19,8 @@ incremental = false
 lto = "fat"
 opt-level = 3
 panic = "abort"
-strip = true
+#strip = true
+
+[patch.crates-io]
+rustls = { path = "../rustls/rustls" }
+rustls-platform-verifier = { path = "../rustls-platform-verifier/rustls-platform-verifier"}
--- a/rpxy-bin/Cargo.toml
+++ b/rpxy-bin/Cargo.toml
@ -14,9 +14,9 @@ publish.workspace = true

 [features]
 default = [
-  "provider-ring",
+  "provider-openssl",
 #  "http3-quinn",
-  "cache",
+#  "cache",
  "rustls-backend",
  "sticky-cookie",
 #  "acme",
@ -86,3 +86,6 @@ rpxy-certs = { path = "../rpxy-certs/", default-features = false, features = [
 rpxy-acme = { path = "../rpxy-acme/", default-features = false, optional = true }

 [dev-dependencies]
+
+[patch.crates-io]
+rustls = { path = "../rustls" }
--- a/rpxy-bin/src/log.rs
+++ b/rpxy-bin/src/log.rs
@ -60,7 +60,7 @@ fn init_file_logger(level: tracing::Level, log_dir_path: &str) {
    .with_writer(system_log)
    .with_filter(filter_fn(move |metadata| {
      (is_cargo_pkg(metadata) && metadata.name() != log_event_names::ACCESS_LOG && metadata.level() <= &level)
-        || metadata.level() <= &tracing::Level::WARN.min(level)
+        || metadata.level() <= &tracing::Level::WARN.max(level)
    }));

  tracing_subscriber::registry().with(access_layer).with(system_layer).init();
--- a/rpxy-bin/src/main.rs
+++ b/rpxy-bin/src/main.rs
@ -27,9 +27,7 @@ fn main() {

  runtime.block_on(async {
    // Initially load options
-    let Ok(parsed_opts) = parse_opts() else {
-      std::process::exit(1);
-    };
+    let parsed_opts = parse_opts().unwrap();

    init_logger(parsed_opts.log_dir_path.as_deref());

--- a/rpxy-certs/src/certs.rs
+++ b/rpxy-certs/src/certs.rs
@ -65,7 +65,7 @@ impl SingleServerCertsKeys {
      .cert_keys
      .clone()
      .iter()
-      .find_map(|k| dbg!(any_supported_type(k)).ok())
+      .find_map(|k| any_supported_type(k).ok())
      .ok_or_else(|| RpxyCertError::InvalidCertificateAndKey)?;

    let cert = self.certs.iter().map(|c| Certificate::from(c.to_vec())).collect::<Vec<_>>();
--- a/rpxy-lib/Cargo.toml
+++ b/rpxy-lib/Cargo.toml
@ -87,7 +87,7 @@ hyper-rustls = { version = "0.27.7", default-features = false, features = [
 # tls and cert management for server
 rpxy-certs = { path = "../rpxy-certs/", default-features = false }
 hot_reload = "0.2.0"
-rustls = { version = "0.23.32", default-features = false }
+rustls = { version = "0.23.32", default-features = false, features = ["std"] }
 boring-rustls-provider = { git = "https://github.com/janrueth/boring-rustls-provider.git", rev = "490340afa77e2c08fc45853124f99d49f4f9f8a0", optional = true }
 rustls-openssl = { version = "0.3.0", default-features = false, features = ["tls12"], optional = true }
 rustls-post-quantum = { version = "0.2.4", optional = true }
--- a/rpxy-lib/src/forwarder/client.rs
+++ b/rpxy-lib/src/forwarder/client.rs
@ -216,11 +216,18 @@ where
    info!("Rustls backend: Mozilla WebPKI root certs used for backend connections");

    #[cfg(not(feature = "webpki-roots"))]
-    let builder = hyper_rustls::HttpsConnectorBuilder::new().with_platform_verifier();
-    #[cfg(not(feature = "webpki-roots"))]
-    let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_platform_verifier();
-    #[cfg(not(feature = "webpki-roots"))]
-    info!("Rustls backend: Platform verifier used for backend connections");
+    let (builder, builder_h2) = {
+      use rustls::{ClientConfig, client::Resumption};
+      use hyper_rustls::ConfigBuilderExt;
+      let mut client_config = ClientConfig::builder()
+        .try_with_platform_verifier().unwrap()
+        .with_no_client_auth();
+      client_config.resumption = Resumption::disabled();
+      let builder = hyper_rustls::HttpsConnectorBuilder::new().with_tls_config(client_config.clone());
+      let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_tls_config(client_config);
+      info!("Rustls backend: Platform verifier used for backend connections");
+      (builder, builder_h2)
+    };

    let mut http = HttpConnector::new();
    http.enforce_http(false);