diff options
| author | Emīls Piņķis <emils@mullvad.net> | 2018-07-05 16:06:59 +0100 |
|---|---|---|
| committer | Emīls Piņķis <emils@mullvad.net> | 2018-07-05 16:06:59 +0100 |
| commit | f0ac8a80c03a77fa325e2ef48b3a662692e4bbc2 (patch) | |
| tree | bcc420e38f8b6952fab06aa44b500b1078f43d3d | |
| parent | 93903c446629c090c9196aae3e13c39ea4795b32 (diff) | |
| parent | 41480c12406288dbe873826d6487b81e66a2cf98 (diff) | |
| download | mullvadvpn-f0ac8a80c03a77fa325e2ef48b3a662692e4bbc2.tar.xz mullvadvpn-f0ac8a80c03a77fa325e2ef48b3a662692e4bbc2.zip | |
Merge branch 'static-openssl'
| -rw-r--r-- | .travis.yml | 29 | ||||
| -rw-r--r-- | CHANGELOG.md | 6 | ||||
| -rw-r--r-- | Cargo.lock | 154 | ||||
| -rw-r--r-- | Cargo.toml | 3 | ||||
| -rw-r--r-- | README.md | 4 | ||||
| -rw-r--r-- | appveyor.yml | 4 | ||||
| -rwxr-xr-x | build.sh | 23 | ||||
| -rw-r--r-- | dist-assets/api_root_ca.pem | 20 | ||||
| m--------- | dist-assets/binaries | 0 | ||||
| -rw-r--r-- | electron-builder.yml | 2 | ||||
| -rw-r--r-- | env.ps1 | 5 | ||||
| -rw-r--r-- | env.sh | 22 | ||||
| -rw-r--r-- | mullvad-daemon/src/bin/list-relays.rs | 4 | ||||
| -rw-r--r-- | mullvad-daemon/src/geoip.rs | 5 | ||||
| -rw-r--r-- | mullvad-daemon/src/main.rs | 19 | ||||
| -rw-r--r-- | mullvad-paths/src/lib.rs | 2 | ||||
| -rw-r--r-- | mullvad-paths/src/resources.rs | 6 | ||||
| -rw-r--r-- | mullvad-problem-report/src/main.rs | 10 | ||||
| -rw-r--r-- | mullvad-rpc/Cargo.toml | 5 | ||||
| -rw-r--r-- | mullvad-rpc/src/https_client_with_sni.rs | 74 | ||||
| -rw-r--r-- | mullvad-rpc/src/lib.rs | 26 | ||||
| -rw-r--r-- | mullvad-rpc/src/rest.rs | 13 |
22 files changed, 233 insertions, 203 deletions
diff --git a/.travis.yml b/.travis.yml index 3a4dcdf3a2..965f49d16f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -34,8 +34,10 @@ matrix: rust: stable os: osx cache: cargo - - before_script: &rust_before_script + env: + - OPENSSL_LIB_DIR="$TRAVIS_BUILD_DIR/dist-assets/binaries/macos" + - OPENSSL_INCLUDE_DIR="$TRAVIS_BUILD_DIR/dist-assets/binaries/macos/include" + before_script: - env script: &rust_script - cargo build --verbose @@ -45,8 +47,19 @@ matrix: - language: rust rust: nightly os: linux + addons: &rust_linux_addons + apt: + sources: + - sourceline: "ppa:jonathonf/gcc-7.3" + key_url: "https://pgp.key-server.io/download/0xE03043828C3FF4BB" + packages: + - binutils cache: cargo - before_script: *rust_before_script + env: &rust_linux_env + - OPENSSL_LIB_DIR="$TRAVIS_BUILD_DIR/dist-assets/binaries/linux" + - OPENSSL_INCLUDE_DIR="$TRAVIS_BUILD_DIR/dist-assets/binaries/linux/include" + before_script: &rust_before_script + - env script: - cargo build --verbose - cargo test --verbose @@ -58,18 +71,20 @@ matrix: - language: rust rust: beta os: linux + addons: *rust_linux_addons cache: cargo + env: *rust_linux_env before_script: *rust_before_script - script: &rust_linux_script - - cargo build --verbose - - cargo test --verbose + script: *rust_script - language: rust rust: stable os: linux + addons: *rust_linux_addons cache: cargo + env: *rust_linux_env before_script: *rust_before_script - script: *rust_linux_script + script: *rust_script notifications: diff --git a/CHANGELOG.md b/CHANGELOG.md index 1878959afd..11e58717a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,12 @@ Line wrap the file at 100 chars. Th ## [Unreleased] +### Added +- Bundle the root CA signing the API and only trust that single one, limiting + trust to a single root CA + +### Changed +- App now uses statically linked OpenSSL on all platforms. ### Fixed - Disable account input when logging in. diff --git a/Cargo.lock b/Cargo.lock index 947439b3e7..53fcadd298 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -15,6 +15,11 @@ dependencies = [ ] [[package]] +name = "antidote" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] name = "app_dirs" version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -162,15 +167,6 @@ dependencies = [ [[package]] name = "core-foundation" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "core-foundation-sys 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.40 (registry+https://github.com/rust-lang/crates.io-index)", -] - -[[package]] -name = "core-foundation" version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ @@ -180,14 +176,6 @@ dependencies = [ [[package]] name = "core-foundation-sys" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "libc 0.2.40 (registry+https://github.com/rust-lang/crates.io-index)", -] - -[[package]] -name = "core-foundation-sys" version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ @@ -448,17 +436,21 @@ dependencies = [ ] [[package]] -name = "hyper-tls" -version = "0.1.3" +name = "hyper-openssl" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ + "antidote 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", "futures 0.1.21 (registry+https://github.com/rust-lang/crates.io-index)", "hyper 0.11.25 (registry+https://github.com/rust-lang/crates.io-index)", - "native-tls 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", + "lazy_static 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", + "linked_hash_set 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)", + "openssl 0.10.10 (registry+https://github.com/rust-lang/crates.io-index)", + "openssl-sys 0.9.34 (git+https://github.com/mullvad/rust-openssl)", "tokio-core 0.1.17 (registry+https://github.com/rust-lang/crates.io-index)", "tokio-io 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", + "tokio-openssl 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)", "tokio-service 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)", - "tokio-tls 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -639,6 +631,19 @@ version = "0.2.40" source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] +name = "linked-hash-map" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] +name = "linked_hash_set" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "linked-hash-map 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "log" version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -856,18 +861,17 @@ dependencies = [ "filetime 0.1.15 (registry+https://github.com/rust-lang/crates.io-index)", "futures 0.1.21 (registry+https://github.com/rust-lang/crates.io-index)", "hyper 0.11.25 (registry+https://github.com/rust-lang/crates.io-index)", - "hyper-tls 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)", + "hyper-openssl 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)", "jsonrpc-client-core 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)", "jsonrpc-client-http 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)", "lazy_static 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", "log 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)", "mullvad-types 0.1.0", - "native-tls 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", "serde_json 1.0.17 (registry+https://github.com/rust-lang/crates.io-index)", "tempfile 3.0.2 (registry+https://github.com/rust-lang/crates.io-index)", "tokio-core 0.1.17 (registry+https://github.com/rust-lang/crates.io-index)", + "tokio-openssl 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)", "tokio-service 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)", - "tokio-tls 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -899,20 +903,6 @@ dependencies = [ ] [[package]] -name = "native-tls" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "lazy_static 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.40 (registry+https://github.com/rust-lang/crates.io-index)", - "openssl 0.9.24 (registry+https://github.com/rust-lang/crates.io-index)", - "schannel 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)", - "security-framework 0.1.16 (registry+https://github.com/rust-lang/crates.io-index)", - "security-framework-sys 0.1.16 (registry+https://github.com/rust-lang/crates.io-index)", - "tempdir 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)", -] - -[[package]] name = "net2" version = "0.2.32" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1017,20 +1007,21 @@ dependencies = [ [[package]] name = "openssl" -version = "0.9.24" +version = "0.10.10" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ - "bitflags 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)", + "bitflags 1.0.3 (registry+https://github.com/rust-lang/crates.io-index)", + "cfg-if 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)", "foreign-types 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", "lazy_static 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", "libc 0.2.40 (registry+https://github.com/rust-lang/crates.io-index)", - "openssl-sys 0.9.30 (registry+https://github.com/rust-lang/crates.io-index)", + "openssl-sys 0.9.34 (git+https://github.com/mullvad/rust-openssl)", ] [[package]] name = "openssl-sys" -version = "0.9.30" -source = "registry+https://github.com/rust-lang/crates.io-index" +version = "0.9.34" +source = "git+https://github.com/mullvad/rust-openssl#4dbd237fe1f6454d8a0042ccf4ad157904d6eec1" dependencies = [ "cc 1.0.15 (registry+https://github.com/rust-lang/crates.io-index)", "libc 0.2.40 (registry+https://github.com/rust-lang/crates.io-index)", @@ -1250,15 +1241,6 @@ dependencies = [ ] [[package]] -name = "schannel" -version = "0.1.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "lazy_static 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", - "winapi 0.3.5 (registry+https://github.com/rust-lang/crates.io-index)", -] - -[[package]] name = "scoped-tls" version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1269,26 +1251,6 @@ version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] -name = "security-framework" -version = "0.1.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "core-foundation 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)", - "core-foundation-sys 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.40 (registry+https://github.com/rust-lang/crates.io-index)", - "security-framework-sys 0.1.16 (registry+https://github.com/rust-lang/crates.io-index)", -] - -[[package]] -name = "security-framework-sys" -version = "0.1.16" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "core-foundation-sys 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)", - "libc 0.2.40 (registry+https://github.com/rust-lang/crates.io-index)", -] - -[[package]] name = "serde" version = "1.0.45" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1518,15 +1480,6 @@ dependencies = [ ] [[package]] -name = "tempdir" -version = "0.3.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "rand 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)", - "remove_dir_all 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)", -] - -[[package]] name = "tempfile" version = "3.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1647,6 +1600,16 @@ dependencies = [ ] [[package]] +name = "tokio-openssl" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "futures 0.1.21 (registry+https://github.com/rust-lang/crates.io-index)", + "openssl 0.10.10 (registry+https://github.com/rust-lang/crates.io-index)", + "tokio-io 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "tokio-proto" version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1729,17 +1692,6 @@ dependencies = [ ] [[package]] -name = "tokio-tls" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "futures 0.1.21 (registry+https://github.com/rust-lang/crates.io-index)", - "native-tls 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", - "tokio-core 0.1.17 (registry+https://github.com/rust-lang/crates.io-index)", - "tokio-io 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", -] - -[[package]] name = "tokio-udp" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1940,6 +1892,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" [metadata] "checksum aho-corasick 0.6.4 (registry+https://github.com/rust-lang/crates.io-index)" = "d6531d44de723825aa81398a6415283229725a00fa30713812ab9323faa82fc4" "checksum ansi_term 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b" +"checksum antidote 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "34fde25430d87a9388dadbe6e34d7f72a462c8b43ac8d309b42b0a8505d7e2a5" "checksum app_dirs 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "e73a24bad9bd6a94d6395382a6c69fe071708ae4409f763c5475e14ee896313d" "checksum arrayvec 0.4.7 (registry+https://github.com/rust-lang/crates.io-index)" = "a1e964f9e24d588183fcb43503abda40d288c8657dfc27311516ce2f05675aef" "checksum assert_matches 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "664470abf00fae0f31c0eb6e1ca12d82961b2a2541ef898bc9dd51a9254d218b" @@ -1959,9 +1912,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum chrono 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)" = "1cce36c92cb605414e9b824f866f5babe0a0368e39ea07393b9b63cf3844c0e6" "checksum clap 2.31.2 (registry+https://github.com/rust-lang/crates.io-index)" = "f0f16b89cbb9ee36d87483dc939fe9f1e13c05898d56d7b230a0d4dff033a536" "checksum colored 1.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b0aa3473e85a3161b59845d6096b289bb577874cafeaf75ea1b1beaa6572c7fc" -"checksum core-foundation 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "25bfd746d203017f7d5cbd31ee5d8e17f94b6521c7af77ece6c9e4b2d4b16c67" "checksum core-foundation 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "286e0b41c3a20da26536c6000a280585d519fd07b3956b43aed8a79e9edce980" -"checksum core-foundation-sys 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "065a5d7ffdcbc8fa145d6f0746f3555025b9097a9e9cda59f7467abae670c78d" "checksum core-foundation-sys 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "716c271e8613ace48344f723b60b900a93150271e5be206212d052bbc0883efa" "checksum crossbeam-deque 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "c1bdc73742c36f7f35ebcda81dbb33a7e0d33757d03a06d9ddca762712ec5ea2" "checksum crossbeam-epoch 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "9b4e2817eb773f770dcb294127c011e22771899c21d18fce7dd739c0b9832e81" @@ -1991,7 +1942,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum httparse 1.2.4 (registry+https://github.com/rust-lang/crates.io-index)" = "c2f407128745b78abc95c0ffbe4e5d37427fdc0d45470710cfef8c44522a2e37" "checksum humantime 1.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "0484fda3e7007f2a4a0d9c3a703ca38c71c54c55602ce4660c419fd32e188c9e" "checksum hyper 0.11.25 (registry+https://github.com/rust-lang/crates.io-index)" = "549dbb86397490ce69d908425b9beebc85bbaad25157d67479d4995bb56fdf9a" -"checksum hyper-tls 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "a5aa51f6ae9842239b0fac14af5f22123b8432b4cc774a44ff059fcba0f675ca" +"checksum hyper-openssl 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)" = "0800c7b541e9b5be3e3cf8c8773d2fdb33975d07551fa1279d90e154c18db4d8" "checksum idna 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)" = "014b298351066f1512874135335d62a789ffe78a9974f94b43ed5621951eaf7d" "checksum inotify 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "887fcc180136e77a85e6a6128579a719027b1bab9b1c38ea4444244fe262c20c" "checksum ioctl-sys 0.5.2 (registry+https://github.com/rust-lang/crates.io-index)" = "5e2c4b26352496eaaa8ca7cfa9bd99e93419d3f7983dc6e99c2a35fe9e33504a" @@ -2012,6 +1963,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum lazy_static 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "c8f31047daa365f19be14b47c29df4f7c3b581832407daabe6ae77397619237d" "checksum lazycell 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "a6f08839bc70ef4a3fe1d566d5350f519c5912ea86be0df1740a7d247c7fc0ef" "checksum libc 0.2.40 (registry+https://github.com/rust-lang/crates.io-index)" = "6fd41f331ac7c5b8ac259b8bf82c75c0fb2e469bbf37d2becbba9a6a2221965b" +"checksum linked-hash-map 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "70fb39025bc7cdd76305867c4eccf2f2dcf6e9a57f5b21a93e1c2d86cd03ec9e" +"checksum linked_hash_set 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "3c7c91c4c7bbeb4f2f7c4e5be11e6a05bd6830bc37249c47ce1ad86ad453ff9c" "checksum log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)" = "e19e8d5c34a3e0e2223db8e060f9e8264aeeb5c5fc64a4ee9965c062211c024b" "checksum log 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "89f010e843f2b1a31dbd316b3b8d443758bc634bed37aabade59c686d644e0a2" "checksum matches 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "100aabe6b8ff4e4a7e32c1c13523379802df0772b82466207ac25b013f193376" @@ -2025,7 +1978,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum miow 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "8c1f2f3b1cf331de6896aabf6e9d55dca90356cc9960cca7eaaf408a355ae919" "checksum mnl 0.1.0 (git+https://github.com/mullvad/mnl-rs)" = "<none>" "checksum mnl-sys 0.1.0 (git+https://github.com/mullvad/mnl-rs)" = "<none>" -"checksum native-tls 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "f74dbadc8b43df7864539cedb7bc91345e532fdd913cfdc23ad94f4d2d40fbc0" "checksum net2 0.2.32 (registry+https://github.com/rust-lang/crates.io-index)" = "9044faf1413a1057267be51b5afba8eb1090bd2231c693664aa1db716fe1eae0" "checksum nftnl 0.1.0 (git+https://github.com/mullvad/nftnl-rs)" = "<none>" "checksum nftnl-sys 0.1.0 (git+https://github.com/mullvad/nftnl-rs)" = "<none>" @@ -2037,8 +1989,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum num-traits 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "dee092fcdf725aee04dd7da1d21debff559237d49ef1cb3e69bcb8ece44c7364" "checksum num_cpus 1.8.0 (registry+https://github.com/rust-lang/crates.io-index)" = "c51a3322e4bca9d212ad9a158a02abc6934d005490c054a2778df73a70aa0a30" "checksum ole32-sys 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "5d2c49021782e5233cd243168edfa8037574afed4eba4bbaf538b3d8d1789d8c" -"checksum openssl 0.9.24 (registry+https://github.com/rust-lang/crates.io-index)" = "a3605c298474a3aa69de92d21139fb5e2a81688d308262359d85cdd0d12a7985" -"checksum openssl-sys 0.9.30 (registry+https://github.com/rust-lang/crates.io-index)" = "73ae718c3562989cd3a0a5c26610feca02f8116822f6f195e6cf4887481e57f5" +"checksum openssl 0.10.10 (registry+https://github.com/rust-lang/crates.io-index)" = "ed18a0f40ec4e9a8a81f8865033d823b7195d16a0a5721e10963ee1b0c2980ca" +"checksum openssl-sys 0.9.34 (git+https://github.com/mullvad/rust-openssl)" = "<none>" "checksum openvpn-plugin 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "f01f94fa077e8648fa20c654f6aef90e1a0feae5455a7b5d80c19eadeb97c7e8" "checksum os_pipe 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "7f547689aea1f11fac90333d573854a8e3e52a9160df1c42aefa8cd16734a3c0" "checksum owning_ref 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "cdf84f41639e037b484f93433aa3897863b561ed65c6e59c7073d7c561710f37" @@ -2065,11 +2017,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum rustc-demangle 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)" = "76d7ba1feafada44f2d38eed812bd2489a03c0f5abb975799251518b68848649" "checksum safemem 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "e27a8b19b835f7aea908818e871f5cc3a5a186550c30773be987e155e8163d8f" "checksum same-file 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "cfb6eded0b06a0b512c8ddbcf04089138c9b4362c2f696f3c3d76039d68f3637" -"checksum schannel 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)" = "85fd9df495640643ad2d00443b3d78aae69802ad488debab4f1dd52fc1806ade" "checksum scoped-tls 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "332ffa32bf586782a3efaeb58f127980944bbc8c4d6913a86107ac2a5ab24b28" "checksum scopeguard 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "94258f53601af11e6a49f722422f6e3425c52b06245a5cf9bc09908b174f5e27" -"checksum security-framework 0.1.16 (registry+https://github.com/rust-lang/crates.io-index)" = "dfa44ee9c54ce5eecc9de7d5acbad112ee58755239381f687e564004ba4a2332" -"checksum security-framework-sys 0.1.16 (registry+https://github.com/rust-lang/crates.io-index)" = "5421621e836278a0b139268f36eee0dc7e389b784dc3f79d8f11aabadf41bead" "checksum serde 1.0.45 (registry+https://github.com/rust-lang/crates.io-index)" = "6a49d806123bcdaacdefe7aab3721c64ec11d05921bf64d888a857d3a92024a0" "checksum serde_derive 1.0.45 (registry+https://github.com/rust-lang/crates.io-index)" = "0409f5130e9b06444e07d4c71f55d6a2c4d1290d79faa612d9b0b540a9703fcd" "checksum serde_derive_internals 0.23.1 (registry+https://github.com/rust-lang/crates.io-index)" = "9d30c4596450fd7bbda79ef15559683f9a79ac0193ea819db90000d7e1cae794" @@ -2092,7 +2041,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum system-configuration 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "2646789845add5fa0adcbe7684cb89509ae98c404284471bf4f9faf995d88a58" "checksum system-configuration-sys 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "7d8b463ff8bb4585b46e3e23f44dd41b3f52d0ad09b6b9cf03aae55c74d74cff" "checksum take 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b157868d8ac1f56b64604539990685fa7611d8fa9e5476cf0c02cf34d32917c5" -"checksum tempdir 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)" = "15f2b5fb00ccdf689e0149d1b1b3c03fead81c2b37735d812fa8bddbbf41b6d8" "checksum tempfile 3.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "47776f63b85777d984a50ce49d6b9e58826b6a3766a449fc95bc66cd5663c15b" "checksum termcolor 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)" = "adc4587ead41bf016f11af03e55a624c06568b5a19db4e90fde573d805074f83" "checksum termion 1.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "689a3bdfaab439fd92bc87df5c4c78417d3cbe537487274e9b0b2dce76e92096" @@ -2104,6 +2052,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum tokio-executor 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "8cac2a7883ff3567e9d66bb09100d09b33d90311feca0206c7ca034bc0c55113" "checksum tokio-fs 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "76766830bbf9a2d5bfb50c95350d56a2e79e2c80f675967fff448bc615899708" "checksum tokio-io 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "6af9eb326f64b2d6b68438e1953341e00ab3cf54de7e35d92bfc73af8555313a" +"checksum tokio-openssl 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "4646ae1fd623393de3d796ea53af75acd02938dd5579544fbd6d236d041978a6" "checksum tokio-proto 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "8fbb47ae81353c63c487030659494b295f6cb6576242f907f203473b191b0389" "checksum tokio-reactor 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "b3cedc8e5af5131dc3423ffa4f877cce78ad25259a9a62de0613735a13ebc64b" "checksum tokio-service 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "24da22d077e0f15f55162bdbdc661228c1581892f52074fb242678d015b45162" @@ -2111,7 +2060,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum tokio-threadpool 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "5783254b10c7c84a56f62c74766ef7e5b83d1f13053218c7cab8d3f2c826fa0e" "checksum tokio-timer 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "6131e780037787ff1b3f8aad9da83bca02438b72277850dd6ad0d455e0e20efc" "checksum tokio-timer 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "535fed0ccee189f3d48447587697ba3fd234b3dbbb091f0ec4613ddfec0a7c4c" -"checksum tokio-tls 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)" = "772f4b04e560117fe3b0a53e490c16ddc8ba6ec437015d91fa385564996ed913" "checksum tokio-udp 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "137bda266504893ac4774e0ec4c2108f7ccdbcb7ac8dced6305fe9e4e0b5041a" "checksum ucd-util 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "fd2be2d6639d0f8fe6cdda291ad456e23629558d466e2789d2c3e9892bda285d" "checksum unicase 2.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "284b6d3db520d67fbe88fd778c21510d1b0ba4a551e5d0fbb023d33405f6de8a" diff --git a/Cargo.toml b/Cargo.toml index 8e68361379..cb296616d2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,3 +12,6 @@ members = [ "talpid-core", "talpid-ipc", ] + +[patch.crates-io] +openssl-sys = { git = "https://github.com/mullvad/rust-openssl" } @@ -70,6 +70,10 @@ homebrew: ## Building and running mullvad-daemon +1. Firstly, one should source `env.sh` to set the default environment + variables. One can also source the variables on Powershell with `env.ps1`, + however most of our scripts require bash. + 1. If you are on Windows, then you have to build the C++ libraries before compiling the daemon. Run `build_winfw.sh` to build a C++ library that sets firewall rules on Windows. ```bash diff --git a/appveyor.yml b/appveyor.yml index 9a26b5104d..bb2cb78f50 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -14,6 +14,7 @@ environment: RUST_VERSION: stable RUST_BACKTRACE: "1" CPP_BUILD_MODES: "Debug" + OPENSSL_STATIC: "1" # These are all the build jobs. Adjust as necessary. Comment out what you # don't need @@ -36,6 +37,9 @@ install: } ElseIf ($Env:TARGET -eq 'i686-pc-windows-gnu') { $Env:PATH += ';C:\msys64\mingw32\bin' } + - ps: $Env:OPENSSL_LIB_DIR = $Env:APPVEYOR_BUILD_FOLDER + "\dist-assets\binaries\windows" + - ps: $Env:OPENSSL_INCLUDE_DIR = $Env:APPVEYOR_BUILD_FOLDER + "\dist-assets\binaries\windows\include" + - curl -sSf -o rustup-init.exe https://win.rustup.rs/ - rustup-init.exe -y --default-host %TARGET% --default-toolchain %RUST_VERSION% - set PATH=%PATH%;C:\Users\appveyor\.cargo\bin @@ -7,30 +7,11 @@ set -eu -SCRIPT_DIR="$( cd "$(dirname "$0")" ; pwd -P )" - -################################################################################ -# Platform specific configuration. -################################################################################ - -case "$(uname -s)" in - Linux*) - # Use static builds of libmnl and libnftnl from the binaries submodule - export LIBMNL_LIB_DIR="$SCRIPT_DIR/dist-assets/binaries/linux" - export LIBNFTNL_LIB_DIR="$SCRIPT_DIR/dist-assets/binaries/linux" - ;; - Darwin*) - export MACOSX_DEPLOYMENT_TARGET="10.7" - ;; - MINGW*) - # config - ;; -esac - ################################################################################ # Verify and configure environment. ################################################################################ +SCRIPT_DIR="$( cd "$(dirname "$0")" ; pwd -P )" RUSTC_VERSION=`rustc +stable --version` PRODUCT_VERSION=$(node -p "require('./package.json').version" | sed -Ee 's/\.0//g') @@ -133,7 +114,7 @@ if [[ "$(uname -s)" != "MINGW"* ]]; then fi echo "Updating relay list..." -./target/release/list-relays > dist-assets/relays.json +MULLVAD_RESOURCE_DIR="$SCRIPT_DIR/dist-assets/" ./target/release/list-relays > dist-assets/relays.json echo "Installing JavaScript dependencies..." yarn install diff --git a/dist-assets/api_root_ca.pem b/dist-assets/api_root_ca.pem new file mode 100644 index 0000000000..b2e43c9381 --- /dev/null +++ b/dist-assets/api_root_ca.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O +rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq +OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b +xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw +7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD +aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG +SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 +ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr +AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz +R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 +JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo +Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- diff --git a/dist-assets/binaries b/dist-assets/binaries -Subproject 6e287421c2c0908091d7e1e47b6130a9b1f0558 +Subproject bf46caf014706ba6dc30e7c304ae74bc359e43b diff --git a/electron-builder.yml b/electron-builder.yml index 529a47c88a..4323fb3bc0 100644 --- a/electron-builder.yml +++ b/electron-builder.yml @@ -12,6 +12,8 @@ extraResources: to: . - from: dist-assets/crl.pem to: . + - from: dist-assets/api_root_ca.pem + to: . - from: dist-assets/relays.json to: . - from: CHANGELOG.md diff --git a/env.ps1 b/env.ps1 new file mode 100644 index 0000000000..90cb95e8f6 --- /dev/null +++ b/env.ps1 @@ -0,0 +1,5 @@ +$SCRIPT_DIR = split-path -parent $MyInvocation.MyCommand.Definition + +$env:OPENSSL_STATIC="1" +$env:OPENSSL_LIB_DIR="$SCRIPT_DIR\dist-assets\binaries\windows" +$env:OPENSSL_INCLUDE_DIR="$SCRIPT_DIR\dist-assets\binaries\windows\include" diff --git a/env.sh b/env.sh new file mode 100644 index 0000000000..1889f1ee71 --- /dev/null +++ b/env.sh @@ -0,0 +1,22 @@ +# Sourcing this file should set up the environment to build the app + +SCRIPT_DIR="$( cd "$(dirname "$0")" ; pwd -P )" + +case "$(uname -s)" in + Linux*) + export LIBMNL_LIB_DIR="$SCRIPT_DIR/dist-assets/binaries/linux" + export LIBNFTNL_LIB_DIR="$SCRIPT_DIR/dist-assets/binaries/linux" + PLATFORM="linux" + ;; + Darwin*) + export MACOSX_DEPLOYMENT_TARGET="10.7" + PLATFORM="macos" + ;; + MINGW*) + PLATFORM="windows" + ;; +esac + +export OPENSSL_STATIC="1" +export OPENSSL_LIB_DIR="$SCRIPT_DIR/dist-assets/binaries/$PLATFORM" +export OPENSSL_INCLUDE_DIR="$SCRIPT_DIR/dist-assets/binaries/$PLATFORM/include" diff --git a/mullvad-daemon/src/bin/list-relays.rs b/mullvad-daemon/src/bin/list-relays.rs index 581ef06d1a..a330297e20 100644 --- a/mullvad-daemon/src/bin/list-relays.rs +++ b/mullvad-daemon/src/bin/list-relays.rs @@ -9,6 +9,7 @@ #[macro_use] extern crate error_chain; +extern crate mullvad_paths; extern crate mullvad_rpc; extern crate serde_json; @@ -17,7 +18,8 @@ error_chain!{} quick_main!(run); fn run() -> Result<()> { - let mut rpc_manager = mullvad_rpc::MullvadRpcFactory::new(); + let ca_path = mullvad_paths::resources::get_api_ca_path(); + let mut rpc_manager = mullvad_rpc::MullvadRpcFactory::new(ca_path); let rpc_http_handle = rpc_manager .new_connection() .chain_err(|| "Unable to connect RPC")?; diff --git a/mullvad-daemon/src/geoip.rs b/mullvad-daemon/src/geoip.rs index 4118ed7871..01f42ec6c9 100644 --- a/mullvad-daemon/src/geoip.rs +++ b/mullvad-daemon/src/geoip.rs @@ -4,7 +4,7 @@ use mullvad_types::location::GeoIpLocation; use serde_json; -static URI: &str = "https://am.i.mullvad.net/json"; +const URI: &str = "https://am.i.mullvad.net/json"; error_chain! { errors { @@ -18,12 +18,13 @@ error_chain! { } } + pub fn send_location_request( request_sender: mullvad_rpc::rest::RequestSender, ) -> Box<Future<Item = GeoIpLocation, Error = Error>> { let (response_tx, response_rx) = futures::sync::oneshot::channel(); let request = mullvad_rpc::rest::create_get_request(URI.parse().unwrap()); - let future = futures::Sink::send(request_sender, (request, response_tx)) + let future = futures::Sink::send(request_sender.clone(), (request, response_tx)) .map_err(|e| Error::with_chain(e, ErrorKind::NoResponse)) .and_then(|_| response_rx.map_err(|e| Error::with_chain(e, ErrorKind::NoResponse))) .and_then(|response_result| response_result.map_err(Error::from)) diff --git a/mullvad-daemon/src/main.rs b/mullvad-daemon/src/main.rs index d5e50f88b0..d2dc1da4f7 100644 --- a/mullvad-daemon/src/main.rs +++ b/mullvad-daemon/src/main.rs @@ -199,7 +199,7 @@ struct Daemon { settings: settings::Settings, accounts_proxy: AccountsProxy<HttpHandle>, version_proxy: AppVersionProxy<HttpHandle>, - http_handle: mullvad_rpc::rest::RequestSender, + https_handle: mullvad_rpc::rest::RequestSender, tokio_remote: tokio_core::reactor::Remote, relay_selector: relays::RelaySelector, firewall: FirewallProxy, @@ -220,19 +220,20 @@ impl Daemon { !rpc_uniqueness_check::is_another_instance_running(), ErrorKind::DaemonIsAlreadyRunning ); + let ca_path = resource_dir.join(mullvad_paths::resources::API_CA_FILENAME); - let mut rpc_manager = mullvad_rpc::MullvadRpcFactory::with_cache_dir(&cache_dir); + let mut rpc_manager = mullvad_rpc::MullvadRpcFactory::with_cache_dir(&cache_dir, &ca_path); - let (rpc_handle, http_handle, tokio_remote) = + let (rpc_handle, https_handle, tokio_remote) = mullvad_rpc::event_loop::create(move |core| { let handle = core.handle(); let rpc = rpc_manager.new_connection_on_event_loop(&handle); - let http = mullvad_rpc::rest::create_http_client(&handle); + let https_handle = mullvad_rpc::rest::create_https_client(&ca_path, &handle); let remote = core.remote(); - (rpc, http, remote) + (rpc, https_handle, remote) }).chain_err(|| "Unable to initialize network event loop")?; let rpc_handle = rpc_handle.chain_err(|| "Unable to create RPC client")?; - let http_handle = http_handle.chain_err(|| "Unable to create HTTP client")?; + let https_handle = https_handle.chain_err(|| "Unable to create am.i.mullvad client")?; let relay_selector = Self::create_relay_selector(rpc_handle.clone(), &resource_dir, &cache_dir); @@ -257,7 +258,7 @@ impl Daemon { settings: settings::Settings::load().chain_err(|| "Unable to read settings")?, accounts_proxy: AccountsProxy::new(rpc_handle.clone()), version_proxy: AppVersionProxy::new(rpc_handle), - http_handle, + https_handle, tokio_remote, relay_selector, firewall: FirewallProxy::new(&cache_dir).chain_err(|| ErrorKind::FirewallError)?, @@ -432,9 +433,9 @@ impl Daemon { }; Self::oneshot_send(tx, geo_ip_location, "current location"); } else { - let http_handle = self.http_handle.clone(); + let https_handle = self.https_handle.clone(); self.tokio_remote.spawn(move |_| { - geoip::send_location_request(http_handle) + geoip::send_location_request(https_handle) .map(move |location| Self::oneshot_send(tx, location, "current location")) .map_err(|e| { warn!("Unable to fetch GeoIP location: {}", e.display_chain()); diff --git a/mullvad-paths/src/lib.rs b/mullvad-paths/src/lib.rs index 12c209c718..e7a8ffbc9e 100644 --- a/mullvad-paths/src/lib.rs +++ b/mullvad-paths/src/lib.rs @@ -48,7 +48,7 @@ pub use cache::cache_dir; mod logs; pub use logs::{get_log_dir, log_dir}; -mod resources; +pub mod resources; pub use resources::get_resource_dir; mod rpc_address; diff --git a/mullvad-paths/src/resources.rs b/mullvad-paths/src/resources.rs index 4f60a88287..60c4406620 100644 --- a/mullvad-paths/src/resources.rs +++ b/mullvad-paths/src/resources.rs @@ -1,6 +1,8 @@ use std::env; use std::path::PathBuf; +pub const API_CA_FILENAME: &str = "api_root_ca.pem"; + pub fn get_resource_dir() -> PathBuf { match env::var_os("MULLVAD_RESOURCE_DIR") { Some(path) => PathBuf::from(path), @@ -23,3 +25,7 @@ fn get_default_resource_dir() -> PathBuf { } } } + +pub fn get_api_ca_path() -> PathBuf { + get_resource_dir().join(API_CA_FILENAME) +} diff --git a/mullvad-problem-report/src/main.rs b/mullvad-problem-report/src/main.rs index b15f14415d..0749aa2946 100644 --- a/mullvad-problem-report/src/main.rs +++ b/mullvad-problem-report/src/main.rs @@ -218,9 +218,15 @@ fn send_problem_report(user_email: &str, user_message: &str, report_path: &Path) .chain_err(|| ErrorKind::ReadLogError(report_path.to_path_buf()))?, ); let metadata = collect_metadata(); - let mut rpc_manager = mullvad_rpc::MullvadRpcFactory::new(); - let mut rpc_client = mullvad_rpc::ProblemReportProxy::connect(&mut rpc_manager) + + let ca_path = mullvad_paths::resources::get_api_ca_path(); + + let mut rpc_manager = mullvad_rpc::MullvadRpcFactory::new(ca_path); + let rpc_http_handle = rpc_manager + .new_connection() .chain_err(|| ErrorKind::RpcError)?; + let mut rpc_client = mullvad_rpc::ProblemReportProxy::new(rpc_http_handle); + rpc_client .problem_report(user_email, user_message, &report_content, &metadata) .call() diff --git a/mullvad-rpc/Cargo.toml b/mullvad-rpc/Cargo.toml index 2f34fdd800..944de63245 100644 --- a/mullvad-rpc/Cargo.toml +++ b/mullvad-rpc/Cargo.toml @@ -15,10 +15,9 @@ lazy_static = "1.0" serde_json = "1.0" tokio-core = "0.1" hyper = "0.11" -hyper-tls = "0.1" -native-tls = "0.1" +hyper-openssl = "0.5" tokio-service = "0.1" -tokio-tls = "0.1" +tokio-openssl = "0.2" log = "0.4" mullvad-types = { path = "../mullvad-types" } diff --git a/mullvad-rpc/src/https_client_with_sni.rs b/mullvad-rpc/src/https_client_with_sni.rs index 319576da5e..9c91cc8e7f 100644 --- a/mullvad-rpc/src/https_client_with_sni.rs +++ b/mullvad-rpc/src/https_client_with_sni.rs @@ -1,43 +1,43 @@ +extern crate tokio_openssl; extern crate tokio_service; -extern crate tokio_tls; use std::fmt; use std::io; +use std::path::{Path, PathBuf}; use std::str; use std::sync::Arc; use futures::{Future, Poll}; use hyper::client::{Client, Connect, HttpConnector}; use hyper::{Body, Uri}; -use hyper_tls::MaybeHttpsStream; +pub use hyper_openssl::openssl::error::ErrorStack; +use hyper_openssl::openssl::ssl::{SslConnector, SslMethod}; use jsonrpc_client_http::ClientCreator; -pub use native_tls::Error; -use native_tls::TlsConnector; use tokio_core::reactor::Handle; +use self::tokio_openssl::{SslConnectorExt, SslStream}; use self::tokio_service::Service; -use self::tokio_tls::TlsConnectorExt; - -/// Number of threads in the thread pool doing DNS resolutions. -/// Since DNS is resolved via blocking syscall they must be run on separate threads. -static DNS_THREADS: usize = 2; pub struct HttpsClientWithSni { sni_hostname: String, + ca_path: Box<Path>, } impl HttpsClientWithSni { - pub fn new(sni_hostname: String) -> Self { - HttpsClientWithSni { sni_hostname } + pub fn new<P: Into<PathBuf>>(sni_hostname: String, ca_path: P) -> Self { + HttpsClientWithSni { + sni_hostname, + ca_path: ca_path.into().into_boxed_path(), + } } } impl ClientCreator for HttpsClientWithSni { type Connect = HttpsConnectorWithSni<HttpConnector>; - type Error = Error; + type Error = ErrorStack; fn create(&self, handle: &Handle) -> Result<Client<Self::Connect, Body>, Self::Error> { - let mut connector = HttpsConnectorWithSni::new(DNS_THREADS, handle)?; + let mut connector = HttpsConnectorWithSni::new(&self.ca_path, handle)?; connector.set_sni_hostname(Some(self.sni_hostname.clone())); let client = Client::configure().connector(connector).build(handle); Ok(client) @@ -49,7 +49,7 @@ impl ClientCreator for HttpsClientWithSni { pub struct HttpsConnectorWithSni<T> { sni_hostname: Option<String>, http: T, - tls: Arc<TlsConnector>, + tls: Arc<SslConnector>, } impl HttpsConnectorWithSni<HttpConnector> { @@ -59,11 +59,14 @@ impl HttpsConnectorWithSni<HttpConnector> { /// /// This uses hyper's default `HttpConnector`, and default `TlsConnector`. /// If you wish to use something besides the defaults, use `From::from`. - fn new(threads: usize, handle: &Handle) -> Result<Self, Error> { - let mut http = HttpConnector::new(threads, handle); + pub fn new<P: AsRef<Path>>(ca_path: P, handle: &Handle) -> Result<Self, ErrorStack> { + let mut http = HttpConnector::new(::DNS_THREADS, handle); http.enforce_http(false); - let tls = TlsConnector::builder()?.build()?; - Ok(HttpsConnectorWithSni::from((http, tls))) + let mut ssl_builder = SslConnector::builder(SslMethod::tls())?; + ssl_builder.set_ca_file(ca_path)?; + let ssl = ssl_builder.build(); + + Ok(HttpsConnectorWithSni::from((http, ssl))) } } @@ -75,13 +78,13 @@ where /// /// Configures the TLS connection handshake to request a certificate for a given domain, /// instead of the domain obtained from the URI. Use `None` to use the domain from the URI. - fn set_sni_hostname(&mut self, hostname: Option<String>) { + pub fn set_sni_hostname(&mut self, hostname: Option<String>) { self.sni_hostname = hostname; } } -impl<T> From<(T, TlsConnector)> for HttpsConnectorWithSni<T> { - fn from(args: (T, TlsConnector)) -> HttpsConnectorWithSni<T> { +impl<T> From<(T, SslConnector)> for HttpsConnectorWithSni<T> { + fn from(args: (T, SslConnector)) -> HttpsConnectorWithSni<T> { HttpsConnectorWithSni { sni_hostname: None, http: args.0, @@ -98,12 +101,17 @@ impl<T> fmt::Debug for HttpsConnectorWithSni<T> { impl<T: Connect> Service for HttpsConnectorWithSni<T> { type Request = Uri; - type Response = MaybeHttpsStream<T::Output>; + type Response = SslStream<T::Output>; type Error = io::Error; type Future = HttpsConnecting<T::Output>; fn call(&self, uri: Uri) -> Self::Future { - let is_https = uri.scheme() == Some("https"); + if uri.scheme() != Some("https") { + return HttpsConnecting(Box::new(::futures::future::err(io::Error::new( + io::ErrorKind::InvalidInput, + "invalid url, not https", + )))); + } let maybe_host = self .sni_hostname .as_ref() @@ -122,28 +130,22 @@ impl<T: Connect> Service for HttpsConnectorWithSni<T> { let connecting = self.http.connect(uri); let tls = self.tls.clone(); - let fut: BoxedFut<T::Output> = if is_https { - let fut = connecting.and_then(move |tcp| { - tls.connect_async(&host, tcp) - .map(|conn| MaybeHttpsStream::Https(conn)) - .map_err(|e| io::Error::new(io::ErrorKind::Other, e)) - }); - Box::new(fut) - } else { - Box::new(connecting.map(|tcp| MaybeHttpsStream::Http(tcp))) - }; - HttpsConnecting(fut) + let fut = connecting.and_then(move |tcp| { + tls.connect_async(&host, tcp) + .map_err(|e| io::Error::new(io::ErrorKind::Other, e)) + }); + HttpsConnecting(Box::new(fut)) } } -type BoxedFut<T> = Box<Future<Item = MaybeHttpsStream<T>, Error = io::Error>>; +type BoxedFut<T> = Box<Future<Item = SslStream<T>, Error = io::Error>>; /// A Future representing work to connect to a URL, and a TLS handshake. pub struct HttpsConnecting<T>(BoxedFut<T>); impl<T> Future for HttpsConnecting<T> { - type Item = MaybeHttpsStream<T>; + type Item = SslStream<T>; type Error = io::Error; fn poll(&mut self) -> Poll<Self::Item, Self::Error> { diff --git a/mullvad-rpc/src/lib.rs b/mullvad-rpc/src/lib.rs index 2fad63bfe4..6873fe926a 100644 --- a/mullvad-rpc/src/lib.rs +++ b/mullvad-rpc/src/lib.rs @@ -11,7 +11,7 @@ extern crate chrono; extern crate error_chain; extern crate futures; extern crate hyper; -extern crate hyper_tls; +extern crate hyper_openssl; #[macro_use] extern crate jsonrpc_client_core; extern crate jsonrpc_client_http; @@ -19,7 +19,6 @@ extern crate jsonrpc_client_http; extern crate lazy_static; #[macro_use] extern crate log; -extern crate native_tls; extern crate serde_json; extern crate tokio_core; @@ -40,7 +39,7 @@ use mullvad_types::version; use std::collections::HashMap; use std::net::{IpAddr, Ipv4Addr}; -use std::path::Path; +use std::path::{Path, PathBuf}; use std::time::Duration; pub mod event_loop; @@ -50,7 +49,11 @@ mod cached_dns_resolver; use cached_dns_resolver::CachedDnsResolver; mod https_client_with_sni; -use https_client_with_sni::HttpsClientWithSni; +use https_client_with_sni::{HttpsClientWithSni, HttpsConnectorWithSni}; + +/// Number of threads in the thread pool doing DNS resolutions. +/// Since DNS is resolved via blocking syscall they must be run on separate threads. +const DNS_THREADS: usize = 2; const API_HOST: &str = "api.mullvad.net"; const RPC_TIMEOUT: Duration = Duration::from_secs(5); @@ -63,23 +66,26 @@ lazy_static! { /// A type that helps with the creation of RPC connections. pub struct MullvadRpcFactory { address_cache: Option<CachedDnsResolver>, + ca_path: PathBuf, } impl MullvadRpcFactory { /// Create a new `MullvadRpcFactory`. - pub fn new() -> Self { + pub fn new<P: Into<PathBuf>>(ca_path: P) -> Self { MullvadRpcFactory { address_cache: None, + ca_path: ca_path.into(), } } /// Create a new `MullvadRpcFactory` using the specified cache directory. - pub fn with_cache_dir(cache_dir: &Path) -> Self { + pub fn with_cache_dir<P: Into<PathBuf>>(cache_dir: &Path, ca_path: P) -> Self { let cache_file = cache_dir.join(API_IP_CACHE_FILENAME); let cached_dns_resolver = CachedDnsResolver::new(API_HOST.to_owned(), cache_file, *API_IP); MullvadRpcFactory { address_cache: Some(cached_dns_resolver), + ca_path: ca_path.into(), } } @@ -101,7 +107,7 @@ impl MullvadRpcFactory { F: FnOnce(HttpTransportBuilder<HttpsClientWithSni>) -> jsonrpc_client_http::Result<HttpTransport>, { - let client = HttpsClientWithSni::new(API_HOST.to_owned()); + let client = HttpsClientWithSni::new(API_HOST.to_owned(), self.ca_path.clone()); let transport_builder = HttpTransportBuilder::with_client(client).timeout(RPC_TIMEOUT); let transport = create_transport(transport_builder)?; @@ -137,12 +143,6 @@ jsonrpc_client!(pub struct ProblemReportProxy { -> RpcRequest<()>; }); -impl ProblemReportProxy<HttpHandle> { - pub fn connect(manager: &mut MullvadRpcFactory) -> Result<Self, HttpError> { - Ok(ProblemReportProxy::new(manager.new_connection()?)) - } -} - jsonrpc_client!(pub struct RelayListProxy { pub fn relay_list(&mut self) -> RpcRequest<RelayList>; }); diff --git a/mullvad-rpc/src/rest.rs b/mullvad-rpc/src/rest.rs index 0d8ed16027..988dfba7c0 100644 --- a/mullvad-rpc/src/rest.rs +++ b/mullvad-rpc/src/rest.rs @@ -1,14 +1,16 @@ +use std::path::Path; + use futures::sync::{mpsc, oneshot}; use futures::{future, Future, Stream}; use hyper; use hyper::client::Client; use hyper::{Request, StatusCode, Uri}; -use hyper_tls::HttpsConnector; -use native_tls; +use hyper_openssl::openssl::error::ErrorStack; use tokio_core::reactor::Handle; +use HttpsConnectorWithSni; error_chain! { errors { @@ -19,9 +21,9 @@ error_chain! { } } foreign_links { - Tls(native_tls::Error); Hyper(hyper::Error) #[doc = "An error occured in Hyper."]; Uri(hyper::error::UriError) #[doc = "The string given was not a valid URI."]; + OpenSsl(ErrorStack) #[doc = "Error in OpenSSL"]; } } @@ -29,9 +31,10 @@ error_chain! { pub type RequestSender = mpsc::UnboundedSender<(Request, oneshot::Sender<Result<Vec<u8>>>)>; type RequestReceiver = mpsc::UnboundedReceiver<(Request, oneshot::Sender<Result<Vec<u8>>>)>; -pub fn create_http_client(handle: &Handle) -> Result<RequestSender> { - let connector = HttpsConnector::new(1, handle)?; +pub fn create_https_client<P: AsRef<Path>>(ca_path: P, handle: &Handle) -> Result<RequestSender> { + let connector = HttpsConnectorWithSni::new(ca_path, handle)?; let client = Client::configure().connector(connector).build(handle); + let (request_tx, request_rx) = mpsc::unbounded(); handle.spawn(create_request_processing_future(request_rx, client)); Ok(request_tx) |