refactor(client): update client rustls and quinn

Itsusinn · Apr 22, 2024 · f75c6f6 · f75c6f6
1 parent c2ec072
commit f75c6f6
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 31 deletions.
diff --git a/tuic-client/Cargo.toml b/tuic-client/Cargo.toml
@@ -14,7 +14,7 @@ repository = "https://github.com/EAimTY/tuic"
 [dependencies]
 bytes = { version = "1", default-features = false, features = ["std"] }
 
-env_logger = { version = "0.10", default-features = false, features = ["humantime"] }
+env_logger = { version = "0.11", default-features = false, features = ["humantime"] }
 humantime = { version = "2", default-features = false }
 lexopt = { version = "0.3", default-features = false }
 log = { version = "0.4", default-features = false, features = ["serde", "std"] }
@@ -25,7 +25,7 @@ serde_json = { version = "1", default-features = false, features = ["std"] }
 socket2 = { version = "0.5", default-features = false }
 socks5-proto = { version = "0.3", default-features = false }
 socks5-server = { version = "0.8", default-features = false }
-thiserror = { version = "1", default-features = false }
+
 
 
 uuid = { version = "1", default-features = false, features = ["serde", "std"] }
@@ -47,3 +47,7 @@ tokio-util = { version = "0.7", default-features = false, features = ["compat"]
 rustls = { version = "0.23", default-features = false }
 rustls-native-certs = { version = "0.7", default-features = false }
 rustls-pemfile = { version = "2", default-features = false }
+
+# Error-handling
+thiserror = { version = "1", default-features = false }
+anyhow = "1"
diff --git a/tuic-client/src/connection/mod.rs b/tuic-client/src/connection/mod.rs
@@ -3,15 +3,17 @@ use crate::{
  error::Error,
  utils::{self, CongestionControl, ServerAddr, UdpRelayMode},
 };
+use anyhow::Context;
 use crossbeam_utils::atomic::AtomicCell;
 use once_cell::sync::OnceCell;
 use quinn::{
  congestion::{BbrConfig, CubicConfig, NewRenoConfig},
+ crypto::rustls::QuicClientConfig,
  ClientConfig, Connection as QuinnConnection, Endpoint as QuinnEndpoint, EndpointConfig,
  TokioRuntime, TransportConfig, VarInt, ZeroRttAccepted,
 };
 use register_count::Counter;
-use rustls::{version, ClientConfig as RustlsClientConfig};
+use rustls::ClientConfig as RustlsClientConfig;
 use std::{
  net::{Ipv4Addr, Ipv6Addr, SocketAddr, UdpSocket},
  sync::{atomic::AtomicU32, Arc},
@@ -50,19 +52,18 @@ impl Connection {
  pub fn set_config(cfg: Relay) -> Result<(), Error> {
  let certs = utils::load_certs(cfg.certificates, cfg.disable_native_certs)?;
 
- let mut crypto = RustlsClientConfig::builder()
- .with_safe_default_cipher_suites()
- .with_safe_default_kx_groups()
- .with_protocol_versions(&[&version::TLS13])
- .unwrap()
- .with_root_certificates(certs)
- .with_no_client_auth();
+ let mut crypto =
+ RustlsClientConfig::builder_with_protocol_versions(&[&rustls::version::TLS13])
+ .with_root_certificates(certs)
+ .with_no_client_auth();
 
  crypto.alpn_protocols = cfg.alpn;
  crypto.enable_early_data = true;
  crypto.enable_sni = !cfg.disable_sni;
 
- let mut config = ClientConfig::new(Arc::new(crypto));
+ let mut config = ClientConfig::new(Arc::new(
+ QuicClientConfig::try_from(crypto).context("no initial cipher suite found")?,
+ ));
  let mut tp_cfg = TransportConfig::default();
 
  tp_cfg

diff --git a/tuic-client/src/error.rs b/tuic-client/src/error.rs
@@ -26,6 +26,8 @@ pub enum Error {
  WrongPacketSource,
  #[error("invalid socks5 authentication")]
  InvalidSocks5Auth,
+ #[error(transparent)]
+ Other(#[from] anyhow::Error),
 }
 
 impl From<ConnectionError> for Error {

diff --git a/tuic-client/src/utils.rs b/tuic-client/src/utils.rs
@@ -1,9 +1,8 @@
 use crate::error::Error;
-use rustls::{Certificate, RootCertStore};
-use rustls_pemfile::Item;
+use anyhow::Context;
+use rustls::{pki_types::CertificateDer, RootCertStore};
 use std::{
- fs::{self, File},
- io::BufReader,
+ fs,
  net::{IpAddr, SocketAddr},
  path::PathBuf,
  str::FromStr,
@@ -13,25 +12,21 @@ use tokio::net;
 pub fn load_certs(paths: Vec<PathBuf>, disable_native: bool) -> Result<RootCertStore, Error> {
  let mut certs = RootCertStore::empty();
 
- for path in &paths {
- let mut file = BufReader::new(File::open(path)?);
-
- while let Ok(Some(item)) = rustls_pemfile::read_one(&mut file) {
- if let Item::X509Certificate(cert) = item {
- certs.add(&Certificate(cert))?;
- }
- }
- }
-
- if certs.is_empty() {
- for path in &paths {
- certs.add(&Certificate(fs::read(path)?))?;
- }
+ for cert_path in &paths {
+ let cert_chain = fs::read(cert_path).context("failed to read certificate chain")?;
+ let cert_chain = if cert_path.extension().map_or(false, |x| x == "der") {
+ vec![CertificateDer::from(cert_chain)]
+ } else {
+ rustls_pemfile::certs(&mut &*cert_chain)
+ .collect::<Result<_, _>>()
+ .context("invalid PEM-encoded certificate")?
+ };
+ certs.add_parsable_certificates(cert_chain);
  }
 
  if !disable_native {
  for cert in rustls_native_certs::load_native_certs().map_err(Error::LoadNativeCerts)? {
- let _ = certs.add(&Certificate(cert.0));
+ _ = certs.add(cert);
  }
  }
 

diff --git a/tuic-quinn/Cargo.toml b/tuic-quinn/Cargo.toml
@@ -14,7 +14,7 @@ repository = "https://github.com/EAimTY/tuic"
 [dependencies]
 bytes = { version = "1", default-features = false, features = ["std"] }
 futures-util = { version = "0.3", default-features = false, features = ["io", "std"] }
-quinn = { branch = "main", git = "https://github.com/quinn-rs/quinn.git", default-features = false }
+quinn = { branch = "main", git = "https://github.com/quinn-rs/quinn.git", default-features = false, features = ["futures-io"]}
 thiserror = { version = "1", default-features = false }
 tuic = { path = "../tuic", default-features = false, features = ["async_marshal", "marshal", "model"] }
 uuid = { version = "1", default-features = false, features = ["std"] }