From 2a8aba6346d5c9c70472ca06d22341c7d0033568 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pascal=20Eng=C3=A9libert?= Date: Mon, 1 Dec 2025 17:05:26 +0100 Subject: [PATCH] Disable resumption --- Cargo.lock | 8 +------- Cargo.toml | 6 +++++- rpxy-bin/Cargo.toml | 7 +++++-- rpxy-bin/src/log.rs | 2 +- rpxy-bin/src/main.rs | 4 +--- rpxy-certs/src/certs.rs | 2 +- rpxy-lib/Cargo.toml | 2 +- rpxy-lib/src/forwarder/client.rs | 17 ++++++++++++----- 8 files changed, 27 insertions(+), 21 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8ed956a..c6601e8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2678,8 +2678,6 @@ dependencies = [ [[package]] name = "rustls" version = "0.23.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd3c25631629d034ce7cd9940adc9d45762d46de2b0f57193c4443b92c6d4d40" dependencies = [ "aws-lc-rs", "log", @@ -2763,8 +2761,6 @@ dependencies = [ [[package]] name = "rustls-platform-verifier" version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be59af91596cac372a6942530653ad0c3a246cdd491aaa9dcaee47f88d67d5a0" dependencies = [ "core-foundation 0.10.1", "core-foundation-sys", @@ -2778,14 +2774,12 @@ dependencies = [ "security-framework 3.5.1", "security-framework-sys", "webpki-root-certs", - "windows-sys 0.59.0", + "windows-sys 0.52.0", ] [[package]] name = "rustls-platform-verifier-android" version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f87165f0995f63a9fbeea62b64d10b4d9d8e78ec6d7d51fb2125fda7bb36788f" [[package]] name = "rustls-post-quantum" diff --git a/Cargo.toml b/Cargo.toml index cda555b..035abd1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -19,4 +19,8 @@ incremental = false lto = "fat" opt-level = 3 panic = "abort" -strip = true +#strip = true + +[patch.crates-io] +rustls = { path = "../rustls/rustls" } +rustls-platform-verifier = { path = "../rustls-platform-verifier/rustls-platform-verifier"} diff --git a/rpxy-bin/Cargo.toml b/rpxy-bin/Cargo.toml index 4238701..a8bb768 100644 --- a/rpxy-bin/Cargo.toml +++ b/rpxy-bin/Cargo.toml @@ -14,9 +14,9 @@ publish.workspace = true [features] default = [ - "provider-ring", + "provider-openssl", # "http3-quinn", - "cache", +# "cache", "rustls-backend", "sticky-cookie", # "acme", @@ -86,3 +86,6 @@ rpxy-certs = { path = "../rpxy-certs/", default-features = false, features = [ rpxy-acme = { path = "../rpxy-acme/", default-features = false, optional = true } [dev-dependencies] + +[patch.crates-io] +rustls = { path = "../rustls" } diff --git a/rpxy-bin/src/log.rs b/rpxy-bin/src/log.rs index 29e1993..a3eb059 100644 --- a/rpxy-bin/src/log.rs +++ b/rpxy-bin/src/log.rs @@ -60,7 +60,7 @@ fn init_file_logger(level: tracing::Level, log_dir_path: &str) { .with_writer(system_log) .with_filter(filter_fn(move |metadata| { (is_cargo_pkg(metadata) && metadata.name() != log_event_names::ACCESS_LOG && metadata.level() <= &level) - || metadata.level() <= &tracing::Level::WARN.min(level) + || metadata.level() <= &tracing::Level::WARN.max(level) })); tracing_subscriber::registry().with(access_layer).with(system_layer).init(); diff --git a/rpxy-bin/src/main.rs b/rpxy-bin/src/main.rs index 1419bc7..39cc5bb 100644 --- a/rpxy-bin/src/main.rs +++ b/rpxy-bin/src/main.rs @@ -27,9 +27,7 @@ fn main() { runtime.block_on(async { // Initially load options - let Ok(parsed_opts) = parse_opts() else { - std::process::exit(1); - }; + let parsed_opts = parse_opts().unwrap(); init_logger(parsed_opts.log_dir_path.as_deref()); diff --git a/rpxy-certs/src/certs.rs b/rpxy-certs/src/certs.rs index 4e27873..56d062a 100644 --- a/rpxy-certs/src/certs.rs +++ b/rpxy-certs/src/certs.rs @@ -65,7 +65,7 @@ impl SingleServerCertsKeys { .cert_keys .clone() .iter() - .find_map(|k| dbg!(any_supported_type(k)).ok()) + .find_map(|k| any_supported_type(k).ok()) .ok_or_else(|| RpxyCertError::InvalidCertificateAndKey)?; let cert = self.certs.iter().map(|c| Certificate::from(c.to_vec())).collect::>(); diff --git a/rpxy-lib/Cargo.toml b/rpxy-lib/Cargo.toml index 048f2f6..13074d6 100644 --- a/rpxy-lib/Cargo.toml +++ b/rpxy-lib/Cargo.toml @@ -87,7 +87,7 @@ hyper-rustls = { version = "0.27.7", default-features = false, features = [ # tls and cert management for server rpxy-certs = { path = "../rpxy-certs/", default-features = false } hot_reload = "0.2.0" -rustls = { version = "0.23.32", default-features = false } +rustls = { version = "0.23.32", default-features = false, features = ["std"] } boring-rustls-provider = { git = "https://github.com/janrueth/boring-rustls-provider.git", rev = "490340afa77e2c08fc45853124f99d49f4f9f8a0", optional = true } rustls-openssl = { version = "0.3.0", default-features = false, features = ["tls12"], optional = true } rustls-post-quantum = { version = "0.2.4", optional = true } diff --git a/rpxy-lib/src/forwarder/client.rs b/rpxy-lib/src/forwarder/client.rs index 3e53297..114ec13 100644 --- a/rpxy-lib/src/forwarder/client.rs +++ b/rpxy-lib/src/forwarder/client.rs @@ -216,11 +216,18 @@ where info!("Rustls backend: Mozilla WebPKI root certs used for backend connections"); #[cfg(not(feature = "webpki-roots"))] - let builder = hyper_rustls::HttpsConnectorBuilder::new().with_platform_verifier(); - #[cfg(not(feature = "webpki-roots"))] - let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_platform_verifier(); - #[cfg(not(feature = "webpki-roots"))] - info!("Rustls backend: Platform verifier used for backend connections"); + let (builder, builder_h2) = { + use rustls::{ClientConfig, client::Resumption}; + use hyper_rustls::ConfigBuilderExt; + let mut client_config = ClientConfig::builder() + .try_with_platform_verifier().unwrap() + .with_no_client_auth(); + client_config.resumption = Resumption::disabled(); + let builder = hyper_rustls::HttpsConnectorBuilder::new().with_tls_config(client_config.clone()); + let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_tls_config(client_config); + info!("Rustls backend: Platform verifier used for backend connections"); + (builder, builder_h2) + }; let mut http = HttpConnector::new(); http.enforce_http(false);