refactor: update rustls and fix response header server name

This commit is contained in:
Jun Kurihara 2023-08-08 16:27:21 +09:00
commit 3dbe9c7217
No known key found for this signature in database
GPG key ID: D992B3E3DE1DED23
5 changed files with 10 additions and 8 deletions

View file

@ -23,7 +23,7 @@ rpxy-lib = { path = "../rpxy-lib/", default-features = false, features = [
anyhow = "1.0.72"
rustc-hash = "1.1.0"
serde = { version = "1.0.180", default-features = false, features = ["derive"] }
serde = { version = "1.0.183", default-features = false, features = ["derive"] }
derive_builder = "0.12.0"
tokio = { version = "1.29.1", default-features = false, features = [
"net",
@ -36,7 +36,7 @@ async-trait = "0.1.72"
rustls-pemfile = "1.0.3"
# config
clap = { version = "4.3.19", features = ["std", "cargo", "wrap_help"] }
clap = { version = "4.3.21", features = ["std", "cargo", "wrap_help"] }
toml = { version = "0.7.6", default-features = false, features = ["parse"] }
hot_reload = "0.1.4"
@ -46,7 +46,7 @@ tracing-subscriber = { version = "0.3.17", features = ["env-filter"] }
[target.'cfg(not(target_env = "msvc"))'.dependencies]
tikv-jemallocator = "0.5.4"
tikv-jemallocator = "0.5.0"
[dev-dependencies]

View file

@ -51,9 +51,9 @@ hyper-rustls = { version = "0.24.1", default-features = false, features = [
"http2",
] }
tokio-rustls = { version = "0.24.1", features = ["early-data"] }
rustls = { version = "0.21.5", default-features = false }
rustls = { version = "0.21.6", default-features = false }
webpki = "0.22.0"
x509-parser = "0.15.0"
x509-parser = "0.15.1"
# logging
tracing = { version = "0.1.37" }

View file

@ -1,3 +1,4 @@
pub const RESPONSE_HEADER_SERVER: &str = "rpxy";
// pub const LISTEN_ADDRESSES_V4: &[&str] = &["0.0.0.0"];
// pub const LISTEN_ADDRESSES_V6: &[&str] = &["[::]"];
pub const TCP_LISTEN_BACKLOG: u32 = 1024;

View file

@ -3,6 +3,7 @@ use super::{utils_headers::*, utils_request::*, utils_synth_response::*, Handler
use crate::{
backend::{Backend, UpstreamGroup},
certs::CryptoSource,
constants::RESPONSE_HEADER_SERVER,
error::*,
globals::Globals,
log::*,
@ -15,7 +16,7 @@ use hyper::{
http::uri::Scheme,
Body, Client, Request, Response, StatusCode, Uri, Version,
};
use std::{env, net::SocketAddr, sync::Arc};
use std::{net::SocketAddr, sync::Arc};
use tokio::{io::copy_bidirectional, time::timeout};
#[derive(Clone, Builder)]
@ -208,7 +209,7 @@ where
let headers = response.headers_mut();
remove_connection_header(headers);
remove_hop_header(headers);
add_header_entry_overwrite_if_exist(headers, "server", env!("CARGO_PKG_NAME"))?;
add_header_entry_overwrite_if_exist(headers, "server", RESPONSE_HEADER_SERVER)?;
#[cfg(any(feature = "http3-quinn", feature = "http3-s2n"))]
{

View file

@ -115,7 +115,7 @@ impl ServerCryptoBase {
// add client certificate if specified
match certs_and_keys.parse_client_ca_certs() {
Ok((owned_trust_anchors, _subject_key_ids)) => {
client_ca_roots_local.add_server_trust_anchors(owned_trust_anchors.into_iter());
client_ca_roots_local.add_trust_anchors(owned_trust_anchors.into_iter());
}
Err(e) => {
warn!(