Giter Club home page Giter Club logo

hyper-sync-rustls's Introduction

hyper-sync-rustls

This is an integration between the rustls TLS stack and the synchronous version (0.10) of the hyper HTTP library. This is a maintained fork of hyper-rustls for synchronous hyper.

Usage

These are provided as an example of the minimal changes needed to use rustls in your existing hyper-based program. Note that these are derived works of original hyper source, and are distributed under hyper's license.

Client

Enable the client feature for access to client types.

--- ../hyper/examples/client.rs	2016-10-03 23:29:00.850098245 +0100
+++ examples/client.rs	2016-10-08 07:36:05.076449122 +0100
@@ -1,6 +1,8 @@
 #![deny(warnings)]
 extern crate hyper;
 
+extern crate hyper_sync_rustls;
+
 extern crate env_logger;
 
 use std::env;
@@ -8,6 +10,7 @@
 
 use hyper::Client;
 use hyper::header::Connection;
+use hyper::net::HttpsConnector;
 
 fn main() {
     env_logger::init().unwrap();
@@ -32,7 +35,7 @@
             }
             Client::with_http_proxy(proxy, port)
         },
-        _ => Client::new()
+        _ => Client::with_connector(HttpsConnector::new(hyper_sync_rustls::TlsClient::new()))
     };
 
     let mut res = client.get(&*url)

Server

Enable the server feature for access to client types.

--- ../hyper/examples/server.rs	2016-10-03 23:29:00.850098245 +0100
+++ examples/server.rs	2016-10-08 07:31:38.720667338 +0100
@@ -1,5 +1,6 @@
 #![deny(warnings)]
 extern crate hyper;
+extern crate hyper_sync_rustls;
 extern crate env_logger;
 
 use std::io::copy;
@@ -41,7 +42,10 @@
 
 fn main() {
     env_logger::init().unwrap();
-    let server = Server::http("127.0.0.1:1337").unwrap();
+    let certs = hyper_sync_rustls::util::load_certs("examples/sample.pem").unwrap();
+    let key = hyper_sync_rustls::util::load_private_key("examples/sample.rsa").unwrap();
+    let tls = hyper_sync_rustls::TlsServer::new(certs, key);
+    let server = Server::https("127.0.0.1:1337", tls).unwrap();
     let _guard = server.handle(echo);
-    println!("Listening on http://127.0.0.1:1337");
+    println!("Listening on https://127.0.0.1:1337");
 }

License

hyper-sync-rustls is licensed under either of the following, at your option:

hyper-sync-rustls's People

Contributors

ctz avatar messense avatar mkocot avatar peterdelevoryas avatar sergiobenitez avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

korvox kmoneal brndnmtthws tercen sawyeratcrypto

hyper-sync-rustls's Issues

Performance issue on Linux

I was looking for a way to get rid of the openSSL dependency, so this crate looks really promising. I've migrated my code from hyper-native-tls and found a weird performance issue, HTTPS requests taking too long, but only under Linux.
Here is a simple code to replicate the problem:

main.rs

#[macro_use]
extern crate log;
extern crate simple_logger;

extern crate hyper;
extern crate hyper_sync_rustls;

use hyper::Client;

use hyper::net::HttpsConnector;
use hyper_sync_rustls::TlsClient;

fn main() {

    simple_logger::init().unwrap();

    let client = Client::with_connector(HttpsConnector::new(TlsClient::new()));

    info!("Start");

    client
        .get("https://dev.endticket.com/api/healthcheck")
        .send()
        .unwrap();

    info!("Done");
}

Cargo.toml

[package]
name = "test_bin"
version = "0.1.0"
authors = ["Juhasz Sandor <[email protected]>"]

[dependencies]
log = "0.3.8"
simple_logger = "0.4.0"
hyper = "0.10"
hyper-sync-rustls = "0.1.0"

On Ubuntu Zesty (running in Vagrant on Windows) the request takes 15 seconds. Running the same code on Windows, the request takes <1 seconds.

I attached both logs, note the ~15 seconds holdup between these two lines:
2017-07-16 12:47:52 DEBUG [hyper::net] http scheme
2017-07-16 12:48:07 DEBUG [hyper::net] https scheme

Same lines under windows:
2017-07-16 14:50:21 DEBUG [hyper::net] http scheme
2017-07-16 14:50:21 DEBUG [hyper::net] https scheme

log_linux.txt
log_windows.txt

What could be the reason for this? What do you think, could this be an issue in Hyper or in Rustls? Where else should I report this?

strange "connection reset by peer" error

I'm seeing odd behavior in Click for some servers. I've traced it down a bit, and can reproduce it, but it's a bit hard to give a full repro here since there's some private information. However, here's what I do know:

  1. With hyper-sync-rustls, for some servers, after a first connection every other request will fail with: Io(Os { code: 104, kind: ConnectionReset, message: "Connection reset by peer" })
  2. This doesn't happen with hyper-rustls
  3. It only seems to happen if the connection is using a client cert and key to authenticate (i.e. tls.set_single_client_cert(..) is used

I've modified the example clients from the two crates to support adding the client key/cert, and added a second get call, to reproduce it locally. Here's some logs from that.

First from hyper-sync-rustl:

$ RUST_LOG=debug cargo run --example client "https://[server]/[path] ca.cert client.cert client.key
[2020-02-13T22:33:35Z DEBUG rustls::anchors] add_pem_file processed 4 valid and 0 invalid certs
[2020-02-13T22:33:35Z DEBUG hyper::net] http scheme
[2020-02-13T22:33:35Z DEBUG hyper::net] https scheme
[2020-02-13T22:33:35Z DEBUG rustls::client::hs] No cached session for DNSNameRef("[server]")
[2020-02-13T22:33:35Z DEBUG rustls::client::hs] Not resuming any session
[2020-02-13T22:33:35Z DEBUG hyper::http::h1] request line: Get "/[path]" Http11
[2020-02-13T22:33:35Z DEBUG hyper::http::h1] headers=Headers { Host: [server]
    , }
[2020-02-13T22:33:35Z DEBUG rustls::client::hs] Using ciphersuite TLS13_AES_128_GCM_SHA256
[2020-02-13T22:33:35Z DEBUG rustls::client::tls13] Not resuming
[2020-02-13T22:33:35Z DEBUG rustls::client::tls13] TLS1.3 encrypted extensions: []
[2020-02-13T22:33:35Z DEBUG rustls::client::hs] ALPN protocol is None
[2020-02-13T22:33:35Z DEBUG rustls::client::tls13] Got CertificateRequest CertificateRequestPayloadTLS13 { context: PayloadU8([]), extensions: [Unknown(UnknownExtension { typ: StatusRequest, payload: Payload([]) }), Unknown(UnknownExtension { typ: SCT, payload: Payload([]) }), SignatureAlgorithms([RSA_PSS_SHA256, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA384, RSA_PSS_SHA512, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, ECDSA_NISTP384_SHA384, ECDSA_NISTP521_SHA512, RSA_PKCS1_SHA1, ECDSA_SHA1_Legacy]), AuthorityNames([PayloadU16([SNIP])])] }
[2020-02-13T22:33:35Z DEBUG rustls::client::tls13] Attempting client auth
[2020-02-13T22:33:35Z DEBUG rustls::client::tls13] Server cert is [Certificate([SNIP])]
[2020-02-13T22:33:35Z DEBUG rustls::client::tls13] Ticket saved
[2020-02-13T22:33:35Z DEBUG hyper::client::response] version=Http11, status=Forbidden
[2020-02-13T22:33:35Z DEBUG hyper::client::response] headers=Headers { Audit-Id: [snip]
    , Cache-Control: no-cache, private
    , Content-Type: application/json
    , X-Content-Type-Options: nosniff
    , Date: Thu, 13 Feb 2020 22:33:35 GMT
    , Content-Length: 264
    , }
Response: 403 Forbidden
Headers:
Audit-Id: [snip]
Cache-Control: no-cache, private
Content-Type: application/json
X-Content-Type-Options: nosniff
Date: Thu, 13 Feb 2020 22:33:35 GMT
Content-Length: 264

[THE BODY]

Sending second request

[2020-02-13T22:33:35Z DEBUG hyper::net] http scheme
[2020-02-13T22:33:35Z DEBUG hyper::net] https scheme
[2020-02-13T22:33:35Z DEBUG rustls::client::hs] Resuming session
[2020-02-13T22:33:35Z DEBUG hyper::http::h1] request line: Get "/[path]" Http11
[2020-02-13T22:33:35Z DEBUG hyper::http::h1] headers=Headers { Host: [server]
    , }
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Io(Os { code: 104, kind: ConnectionReset, message: "Connection reset by peer" })', src/libcore/result.rs:1188:5

and then for hyper-rustls:

$ RUST_LOG=debug cargo run --example client "https://[server]/[path] ca.cert client.cert client.key
[2020-02-13T22:44:12Z DEBUG rustls::anchors] add_pem_file processed 4 valid and 0 invalid certs
[2020-02-13T22:44:12Z DEBUG hyper::client::connect::dns] resolving host="[server]"
[2020-02-13T22:44:12Z DEBUG hyper::client::connect::http] connecting to [ip]:443
[2020-02-13T22:44:12Z DEBUG hyper::client::connect::http] connected to [ip]:443
[2020-02-13T22:44:12Z DEBUG rustls::client::hs] No cached session for DNSNameRef("[server]")
[2020-02-13T22:44:12Z DEBUG rustls::client::hs] Not resuming any session
[2020-02-13T22:44:12Z DEBUG rustls::client::hs] Using ciphersuite TLS13_AES_128_GCM_SHA256
[2020-02-13T22:44:12Z DEBUG rustls::client::tls13] Not resuming
[2020-02-13T22:44:12Z DEBUG rustls::client::tls13] TLS1.3 encrypted extensions: []
[2020-02-13T22:44:12Z DEBUG rustls::client::hs] ALPN protocol is None
[2020-02-13T22:44:12Z DEBUG rustls::client::tls13] Got CertificateRequest CertificateRequestPayloadTLS13 { context: PayloadU8([]), extensions: [Unknown(UnknownExtension { typ: StatusRequest, payload: Payload([]) }), Unknown(UnknownExtension { typ: SCT, payload: Payload([]) }), SignatureAlgorithms([RSA_PSS_SHA256, ECDSA_NISTP256_SHA256, ED25519, RSA_PSS_SHA384, RSA_PSS_SHA512, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, ECDSA_NISTP384_SHA384, ECDSA_NISTP521_SHA512, RSA_PKCS1_SHA1, ECDSA_SHA1_Legacy]), AuthorityNames([SNIP])] }
[2020-02-13T22:44:12Z DEBUG rustls::client::tls13] Attempting client auth
[2020-02-13T22:44:12Z DEBUG rustls::client::tls13] Server cert is [Certificate([SNiP)]
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::io] flushed 98 bytes
[2020-02-13T22:44:12Z DEBUG rustls::client::tls13] Ticket saved
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::io] read 495 bytes
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::io] parsed 6 headers
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::conn] incoming body is content-length (264 bytes)
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::conn] incoming body completed
[2020-02-13T22:44:12Z DEBUG hyper::client::pool] pooling idle connection for ("https", [server])
Status:
403 Forbidden
Headers:
{
    "audit-id": "[snip]",
    "cache-control": "no-cache, private",
    "content-type": "application/json",
    "x-content-type-options": "nosniff",
    "date": "Thu, 13 Feb 2020 22:44:12 GMT",
    "content-length": "264",
}
Body:
[THE BODY]

Sending second request

[2020-02-13T22:44:12Z DEBUG hyper::client::pool] reuse idle connection for ("https", [server])
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::io] flushed 98 bytes
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::io] read 495 bytes
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::io] parsed 6 headers
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::conn] incoming body is content-length (264 bytes)
[2020-02-13T22:44:12Z DEBUG hyper::proto::h1::conn] incoming body completed
[2020-02-13T22:44:12Z DEBUG hyper::client::pool] pooling idle connection for ("https", [server])
Status2:
403 Forbidden
Headers2:
{
    "audit-id": "[snip]",
    "cache-control": "no-cache, private",
    "content-type": "application/json",
    "x-content-type-options": "nosniff",
    "date": "Thu, 13 Feb 2020 22:44:12 GMT",
    "content-length": "264",
}
Body2:
[THE BODY]

I realize there's a lot of moving parts here, but if you have any ideas I'd love to help track this down. Thanks!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.