Feature/trim native tls and features

gremlin-client/Cargo.toml

@@ -11,20 +11,13 @@ categories = ["database"]
 readme = "README.md"
 
 
-
 [features]
 
 default = []
-
-
-
-async_gremlin = ["futures","mobc","async-tungstenite","async-trait","url","pin-project-lite"]
-
-async_std = ["async-std-runtime"]
-tokio-runtime = ["async_gremlin","tokio","mobc/tokio","async-tungstenite/tokio-runtime","async-tungstenite/tokio-native-tls","tokio-native-tls","tokio-stream"]
-async-std-runtime = ["async_gremlin","async-std","async-tungstenite/async-std-runtime","async-tungstenite/async-tls","mobc/async-std","async-tls","rustls","webpki"]
-
-derive = ["gremlin-derive"] 
+async_gremlin = ["futures", "mobc", "async-tungstenite", "async-trait", "url", "pin-project-lite"]
+tokio-runtime = ["async_gremlin", "tokio", "mobc/tokio", "async-tungstenite/tokio-runtime", "async-tungstenite/tokio-rustls-webpki-roots", "async-tls", "tokio-stream", "tokio-rustls"]
+async-std-runtime = ["async_gremlin", "async-std", "mobc/async-std", "async-tungstenite/async-std-runtime", "async-tungstenite/async-tls", "async-tls", "webpki"]
+derive = ["gremlin-derive"]
 
 [badges]
 travis-ci = { repository = "wolf4ood/gremlin-rs" }
@@ -33,42 +26,34 @@ is-it-maintained-issue-resolution = { repository = "wolf4ood/gremlin-rs" }
 is-it-maintained-open-issues = { repository = "wolf4ood/gremlin-rs" }
 maintenance = {status = "actively-developed"}
 
+
 [dependencies]
-serde = "1.0"
-serde_json = "1.0"
-serde_derive="1.0"
-r2d2 = "0.8.3"
+async-std = { version = "1.4.0", features = ["unstable","attributes"], optional = true }
+async-tls = { git = "https://github.com/mlemesle/async-tls", branch = "chore/bump-rustls", optional = true }
+async-trait = { version = "0.1.10", optional = true }
+async-tungstenite = { git = "https://github.com/mlemesle/async-tungstenite", rev = "2e1d4d8e1bb117ecd08f23d55d818ac45134b313", default-features = false, optional = true }
+base64 = "0.13.1"
 #Avoids bringing in time crate (https://github.com/time-rs/time/issues/293)
-chrono = { version = "0.4", default-features = false}
+chrono = { version = "0.4", default-features = false }
+futures = { version = "0.3.1", optional = true }
+gremlin-derive = { path = "../gremlin-derive", version = "0.1", optional = true }
 lazy_static = "1.3.0"
-base64 = "0.13.1"
-native-tls = "0.2.3"
-tungstenite = { version = "0.18.0", features = ["native-tls"] }
-async-tungstenite = { version = "0.18", optional = true, default-features=false}
-async-std =  { version = "1.4.0", optional = true, features = ["unstable","attributes"] }
-async-trait = { version = "0.1.10", optional = true }
-async-tls =  { version = "0.11", optional = true }
-tokio-native-tls = { version = "0.3.0", optional = true }
-tokio-stream = { version = "0.1.2", optional = true }
-gremlin-derive = { path="../gremlin-derive", version="0.1", optional=true }
-rustls =   { version="0.19", features = ["dangerous_configuration"], optional = true}
-webpki = { version = "0.21.3", optional = true }
+mobc = { version = "0.7", default-features = false, features = ["unstable"], optional = true }
+pin-project-lite = { version = "0.2", optional = true }
+r2d2 = "0.8.3"
+rustls = { version = "0.21", features = ["dangerous_configuration"] }
+serde = "1.0"
+serde_json = "1.0"
+serde_derive = "1.0"
 thiserror = "1.0.20"
-
-
-
-mobc = {version = "0.7", optional = true, default-features=false, features = ["unstable"] }
-url =  {version = "2.1.0", optional = true}
-futures = { version = "0.3.1", optional = true}
-pin-project-lite = { version = "0.2", optional = true}
-tokio = { version = "1", optional=true, features = ["full"] }
-
-
-[dependencies.uuid]
-features = ["serde", "v4"]
-version = "1.1.2"
-
-
+tokio = { version = "1", features = ["full"], optional = true }
+tokio-rustls = { version = "0.24", features = ["dangerous_configuration"], optional = true }
+tokio-stream = { version = "0.1.2", optional = true }
+# tungstenite = { version = "0.18", features = ["rustls-tls-webpki-roots"] }
+tungstenite = { git = "https://github.com/snapview/tungstenite-rs", features = ["rustls-tls-webpki-roots"] }
+url = { version = "2.1.0", optional = true }
+uuid = { version = "1.1.2", features = ["serde", "v4"] }
+webpki = { version = "0.21", optional = true }
 
 
 [[example]]

gremlin-client/src/aio/connection.rs

@@ -18,7 +18,7 @@ use async_std_use::*;
 mod tokio_use {
     pub use tokio::net::TcpStream;
     pub use tokio::task;
-    pub use tokio_native_tls::TlsStream;
+    pub use tokio_rustls::client::TlsStream;
 }
 
 #[cfg(feature = "tokio-runtime")]
@@ -74,37 +74,26 @@ impl std::fmt::Debug for Conn {
 #[cfg(feature = "async-std-runtime")]
 mod tls {
 
-    use crate::connection::ConnectionOptions;
-    pub struct NoCertificateVerification {}
-
-    impl rustls::ServerCertVerifier for NoCertificateVerification {
-        fn verify_server_cert(
-            &self,
-            _roots: &rustls::RootCertStore,
-            _presented_certs: &[rustls::Certificate],
-            _dns_name: webpki::DNSNameRef<'_>,
-            _ocsp: &[u8],
-        ) -> Result<rustls::ServerCertVerified, rustls::TLSError> {
-            Ok(rustls::ServerCertVerified::assertion())
-        }
-    }
+    use rustls::ClientConfig;
+
+    use crate::{cert::NoCertificateVerification, connection::ConnectionOptions};
 
     pub fn connector(opts: &ConnectionOptions) -> Option<async_tls::TlsConnector> {
-        use rustls::ClientConfig;
         use std::sync::Arc;
         if opts
             .tls_options
             .as_ref()
             .map(|tls| tls.accept_invalid_certs)
             .unwrap_or(false)
         {
-            let mut config = ClientConfig::new();
-            config
-                .dangerous()
-                .set_certificate_verifier(Arc::new(NoCertificateVerification {}));
+            let config = ClientConfig::builder()
+                .with_safe_defaults()
+                .with_custom_certificate_verifier(Arc::new(NoCertificateVerification))
+                .with_no_client_auth();
 
-            Some(async_tls::TlsConnector::from(Arc::new(config)))
+            Some(config.into())
         } else {
+            // let connector = async_tls::TlsConnector::new();
             Some(async_tls::TlsConnector::new())
         }
     }
@@ -113,13 +102,22 @@ mod tls {
 #[cfg(feature = "tokio-runtime")]
 mod tls {
 
-    use crate::connection::ConnectionOptions;
-    use tokio_native_tls::TlsConnector;
+    use std::sync::Arc;
+
+    use crate::{cert::NoCertificateVerification, connection::ConnectionOptions};
+    use rustls::ClientConfig;
+    use tokio_rustls::TlsConnector;
 
     pub fn connector(opts: &ConnectionOptions) -> Option<TlsConnector> {
-        opts.tls_options
-            .as_ref()
-            .and_then(|tls| tls.tls_connector().map(TlsConnector::from).ok())
+        Some(
+            Arc::new(
+                ClientConfig::builder()
+                    .with_safe_defaults()
+                    .with_custom_certificate_verifier(Arc::new(NoCertificateVerification))
+                    .with_no_client_auth(),
+            )
+            .into(),
+        )
     }
 }
 impl Conn {

gremlin-client/src/cert.rs

@@ -0,0 +1,28 @@
+// use rustls::client::{ServerCertVerified, ServerCertVerifier};
+
+use rustls::client::{ServerCertVerified, ServerCertVerifier};
+
+pub struct NoCertificateVerification;
+
+impl ServerCertVerifier for NoCertificateVerification {
+    // fn verify_server_cert(
+    //     &self,
+    //     roots: &rustls::RootCertStore,
+    //     presented_certs: &[rustls::Certificate],
+    //     dns_name: webpki::DNSNameRef,
+    //     ocsp_response: &[u8],
+    // ) -> Result<ServerCertVerified, TLSError> {
+    //     Ok(ServerCertVerified::assertion())
+    // }
+    fn verify_server_cert(
+        &self,
+        _end_entity: &rustls::Certificate,
+        _intermediates: &[rustls::Certificate],
+        _server_name: &rustls::ServerName,
+        _scts: &mut dyn Iterator<Item = &[u8]>,
+        _ocsp_response: &[u8],
+        _now: std::time::SystemTime,
+    ) -> Result<rustls::client::ServerCertVerified, rustls::Error> {
+        Ok(ServerCertVerified::assertion())
+    }
+}

gremlin-client/src/connection.rs

@@ -1,7 +1,7 @@
-use std::net::TcpStream;
+use std::{net::TcpStream, sync::Arc};
 
-use crate::{GraphSON, GremlinError, GremlinResult};
-use native_tls::TlsConnector;
+use crate::{cert::NoCertificateVerification, GraphSON, GremlinError, GremlinResult};
+use rustls::ClientConfig;
 use tungstenite::{
     client::{uri_mode, IntoClientRequest},
     client_tls_with_config,
@@ -19,14 +19,13 @@ impl std::fmt::Debug for ConnectionStream {
 
 impl ConnectionStream {
     fn connect(options: ConnectionOptions) -> GremlinResult<Self> {
-        let connector = match options.tls_options.as_ref() {
-            Some(option) => Some(Connector::NativeTls(
-                option
-                    .tls_connector()
-                    .map_err(|e| GremlinError::Generic(e.to_string()))?,
-            )),
-            _ => None,
-        };
+        let connector = options.tls_options.as_ref().map(|_tls_options| {
+            let client_config = ClientConfig::builder()
+                .with_safe_defaults()
+                .with_custom_certificate_verifier(Arc::new(NoCertificateVerification))
+                .with_no_client_auth();
+            Connector::Rustls(Arc::new(client_config))
+        });
 
         let request = options
             .websocket_url()
@@ -230,14 +229,6 @@ impl Connection {
     }
 }
 
-impl TlsOptions {
-    pub(crate) fn tls_connector(&self) -> native_tls::Result<TlsConnector> {
-        TlsConnector::builder()
-            .danger_accept_invalid_certs(self.accept_invalid_certs)
-            .build()
-    }
-}
-
 #[cfg(test)]
 mod tests {
     use super::*;

gremlin-client/src/lib.rs

@@ -110,9 +110,13 @@
 //!    })
 //!}
 //!
+#[cfg(all(feature = "tokio-runtime", feature = "async-std-runtime"))]
+compile_error!("features `tokio-runtime` and `async-std-runtime` are mutually exclusive");
+
 #[macro_use]
 extern crate lazy_static;
 
+mod cert;
 mod client;
 mod connection;
 mod conversion;