Skip to content

Commit

Permalink
Merge branch 'main' into fix-mbedtls-connector
Browse files Browse the repository at this point in the history
  • Loading branch information
algesten authored Aug 11, 2023
2 parents f2d47b8 + eccebd1 commit 4a437cd
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 1 deletion.
2 changes: 1 addition & 1 deletion examples/mbedtls/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,4 @@ edition = "2021"

[dependencies]
mbedtls = { version = "0.11.0" }
ureq = { path = "../.." }
ureq = { path = "../.." }
7 changes: 7 additions & 0 deletions src/rtls.rs
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,13 @@ impl TlsConnector for Arc<rustls::ClientConfig> {
dns_name: &str,
mut io: Box<dyn ReadWrite>,
) -> Result<Box<dyn ReadWrite>, Error> {
let dns_name = if dns_name.starts_with('[') && dns_name.ends_with(']') {
// rustls doesn't like ipv6 addresses with brackets
&dns_name[1..dns_name.len() - 1]
} else {
dns_name
};

let sni = rustls::ServerName::try_from(dns_name)
.map_err(|e| ErrorKind::Dns.msg(format!("parsing '{}'", dns_name)).src(e))?;

Expand Down
30 changes: 30 additions & 0 deletions tests/https-agent.rs
Original file line number Diff line number Diff line change
Expand Up @@ -150,3 +150,33 @@ m0Wqhhi8/24Sy934t5Txgkfoltg8ahkx934WjP6WWRnSAu+cf+vW

assert!(resp.into_string().unwrap().len() > 10);
}

// This tests that IPv6 addresses as host names work.
// This is a regression test for passing the host name to `rustls::ServerName::try_from(host_name)`
#[test]
#[cfg(any(feature = "tls", feature = "tls-native"))]
fn ipv6_addr_in_dns_name() {
let mut root_store = rustls::RootCertStore::empty();
root_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {

Check warning on line 160 in tests/https-agent.rs

View workflow job for this annotation

GitHub Actions / Test (tls, json)

use of deprecated method `rustls::RootCertStore::add_server_trust_anchors`: Please use `add_trust_anchors` instead

Check warning on line 160 in tests/https-agent.rs

View workflow job for this annotation

GitHub Actions / Test (tls, socks-proxy)

use of deprecated method `rustls::RootCertStore::add_server_trust_anchors`: Please use `add_trust_anchors` instead

Check warning on line 160 in tests/https-agent.rs

View workflow job for this annotation

GitHub Actions / Test (tls, native-certs)

use of deprecated method `rustls::RootCertStore::add_server_trust_anchors`: Please use `add_trust_anchors` instead
rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
ta.subject,
ta.spki,
ta.name_constraints,
)
}));

let tls_config = rustls::ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(root_store)
.with_no_client_auth();

let agent = ureq::builder()
.tls_config(std::sync::Arc::new(tls_config))
.build();

let resp = agent.get("https://[2606:4700:4700::1111]/").call();

assert!(
!matches!(resp, Err(ureq::Error::Transport(ref t)) if t.kind() == ureq::ErrorKind::Dns)
);
}

0 comments on commit 4a437cd

Please sign in to comment.