mirror of
https://github.com/facebook/sapling.git
synced 2024-10-11 01:07:15 +03:00
move SslConfig & build_tls_acceptor to secure_utils
Summary: Moving to the crate allows apiserver to reuse the function. Reviewed By: jsgf Differential Revision: D8843178 fbshipit-source-id: 9d110c7f2683ff58654187222e7820240bfda98e
This commit is contained in:
parent
b9ca1809b2
commit
7aed398af3
@ -78,7 +78,6 @@ mod listener;
|
||||
mod monitoring;
|
||||
mod remotefilelog;
|
||||
mod repo;
|
||||
mod ssl;
|
||||
|
||||
use std::collections::HashMap;
|
||||
use std::io;
|
||||
@ -223,7 +222,7 @@ fn start_repo_listeners<I>(
|
||||
repos: I,
|
||||
root_log: &Logger,
|
||||
sockname: &str,
|
||||
ssl: ssl::SslConfig,
|
||||
ssl: secure_utils::SslConfig,
|
||||
) -> Result<(Vec<JoinHandle<!>>, ReadyState)>
|
||||
where
|
||||
I: IntoIterator<Item = (String, RepoConfig)>,
|
||||
@ -295,9 +294,9 @@ fn connection_acceptor(
|
||||
sockname: &str,
|
||||
root_log: Logger,
|
||||
repo_senders: HashMap<String, mpsc::Sender<(Stdio, SocketAddr)>>,
|
||||
ssl: ssl::SslConfig,
|
||||
ssl: secure_utils::SslConfig,
|
||||
) -> ! {
|
||||
let tls_acceptor = ssl::build_tls_acceptor(ssl).expect("failed to build tls acceptor");
|
||||
let tls_acceptor = secure_utils::build_tls_acceptor(ssl).expect("failed to build tls acceptor");
|
||||
|
||||
let mut core = tokio_core::reactor::Core::new().expect("failed to create tokio core");
|
||||
let remote = core.remote();
|
||||
@ -577,7 +576,7 @@ fn main() {
|
||||
let private_key = matches.value_of("private_key").unwrap().to_string();
|
||||
let ca_pem = matches.value_of("ca_pem").unwrap().to_string();
|
||||
|
||||
let ssl = ssl::SslConfig {
|
||||
let ssl = secure_utils::SslConfig {
|
||||
cert,
|
||||
private_key,
|
||||
ca_pem,
|
||||
|
@ -1,38 +0,0 @@
|
||||
// Copyright (c) 2004-present, Facebook, Inc.
|
||||
// All Rights Reserved.
|
||||
//
|
||||
// This software may be used and distributed according to the terms of the
|
||||
// GNU General Public License version 2 or any later version.
|
||||
|
||||
#![deny(warnings)]
|
||||
|
||||
use openssl::ssl::{SslAcceptor, SslMethod, SslVerifyMode};
|
||||
|
||||
use secure_utils;
|
||||
|
||||
use errors::*;
|
||||
|
||||
pub struct SslConfig {
|
||||
pub cert: String,
|
||||
pub private_key: String,
|
||||
pub ca_pem: String,
|
||||
}
|
||||
|
||||
// Builds an acceptor that has `accept_async()` method that handles tls handshake
|
||||
// and returns decrypted stream.
|
||||
pub fn build_tls_acceptor(ssl: SslConfig) -> Result<SslAcceptor> {
|
||||
let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls())?;
|
||||
|
||||
let pkcs12 =
|
||||
secure_utils::build_identity(ssl.cert, ssl.private_key).context("failed to build pkcs12")?;
|
||||
acceptor.set_certificate(&pkcs12.cert)?;
|
||||
acceptor.set_private_key(&pkcs12.pkey)?;
|
||||
|
||||
// Set up client authentication via root certificate
|
||||
acceptor
|
||||
.cert_store_mut()
|
||||
.add_cert(secure_utils::read_x509(ssl.ca_pem)?)?;
|
||||
acceptor.set_verify(SslVerifyMode::PEER | SslVerifyMode::FAIL_IF_NO_PEER_CERT);
|
||||
|
||||
Ok(acceptor.build())
|
||||
}
|
Loading…
Reference in New Issue
Block a user