From 6d0e74cca44bfee3506a50120b89ff3e12abd1de Mon Sep 17 00:00:00 2001 From: Markus Pettersson Date: Mon, 28 Oct 2024 19:23:39 +0100 Subject: [PATCH 1/2] Do not fallback to direct API connections when testing access methods --- mullvad-api/src/proxy.rs | 6 + mullvad-daemon/src/api.rs | 142 +++++++++++++----- mullvad-daemon/src/lib.rs | 15 +- mullvad-daemon/src/tunnel.rs | 4 +- .../src/relay_selector/detailer.rs | 4 +- .../src/relay_selector/mod.rs | 18 ++- mullvad-types/src/relay_list.rs | 11 +- test/test-manager/src/tests/ui.rs | 12 +- 8 files changed, 145 insertions(+), 67 deletions(-) diff --git a/mullvad-api/src/proxy.rs b/mullvad-api/src/proxy.rs index 279a28928926..106449bb30ab 100644 --- a/mullvad-api/src/proxy.rs +++ b/mullvad-api/src/proxy.rs @@ -98,6 +98,12 @@ impl From for ProxyConfig { } } +impl From for ProxyConfig { + fn from(value: mullvad_encrypted_dns_proxy::config::ProxyConfig) -> Self { + ProxyConfig::EncryptedDnsProxy(value) + } +} + impl ApiConnectionMode { /// Reads the proxy config from `CURRENT_CONFIG_FILENAME`. /// This returns `ApiConnectionMode::Direct` if reading from disk fails for any reason. diff --git a/mullvad-daemon/src/api.rs b/mullvad-daemon/src/api.rs index 622c9e8c8de4..2558dbfee86a 100644 --- a/mullvad-daemon/src/api.rs +++ b/mullvad-daemon/src/api.rs @@ -23,7 +23,7 @@ use mullvad_types::access_method::{ use std::{net::SocketAddr, path::PathBuf}; use talpid_core::mpsc::Sender; use talpid_types::net::{ - AllowedClients, AllowedEndpoint, Connectivity, Endpoint, TransportProtocol, + proxy::CustomProxy, AllowedClients, AllowedEndpoint, Connectivity, Endpoint, TransportProtocol, }; pub enum Message { @@ -31,7 +31,10 @@ pub enum Message { Use(ResponseTx<()>, Id), Rotate(ResponseTx), Update(ResponseTx<()>, Settings), - Resolve(ResponseTx, AccessMethodSetting), + Resolve( + ResponseTx>, + AccessMethodSetting, + ), } /// Calling [`AccessMethodEvent::send`] will cause a @@ -102,6 +105,8 @@ pub struct ResolvedConnectionMode { pub enum Error { #[error("No access methods were provided.")] NoAccessMethods, + #[error("Could not resolve access method {access_method:#?}")] + Resolve { access_method: AccessMethod }, #[error("AccessModeSelector is not receiving any messages.")] SendFailed(#[from] mpsc::TrySendError), #[error("AccessModeSelector is not receiving any messages.")] @@ -175,7 +180,14 @@ impl AccessModeSelectorHandle { }) } - pub async fn resolve(&self, setting: AccessMethodSetting) -> Result { + /// Try to resolve an access method into a set of connection details. + /// + /// This might fail if the underlying store/cache where `setting` is the key is empty. + /// In that case, `Ok(None)` is returned. + pub async fn resolve( + &self, + setting: AccessMethodSetting, + ) -> Result> { self.send_command(|tx| Message::Resolve(tx, setting)) .await .inspect_err(|_| { @@ -275,8 +287,8 @@ impl AccessModeSelector { // Always start looking from the position of `Direct`. let (index, next) = Self::find_next_active(0, &access_method_settings); - let initial_connection_mode = Self::resolve_inner( - next, + let initial_connection_mode = Self::resolve_inner_with_default( + &next, &relay_selector, &mut encrypted_dns_proxy_cache, &address_cache, @@ -397,7 +409,7 @@ impl AccessModeSelector { } async fn set_current(&mut self, access_method: AccessMethodSetting) { - let resolved = self.resolve(access_method).await; + let resolved = self.resolve_with_default(access_method).await; // Note: If the daemon is busy waiting for a call to this function // to complete while we wait for the daemon to fully handle this @@ -497,16 +509,19 @@ impl AccessModeSelector { pub async fn on_resolve_access_method( &mut self, - tx: ResponseTx, + tx: ResponseTx>, setting: AccessMethodSetting, ) -> Result<()> { let reply = self.resolve(setting).await; self.reply(tx, reply) } - async fn resolve(&mut self, access_method: AccessMethodSetting) -> ResolvedConnectionMode { + async fn resolve( + &mut self, + access_method: AccessMethodSetting, + ) -> Option { Self::resolve_inner( - access_method, + &access_method, &self.relay_selector, &mut self.encrypted_dns_proxy_cache, &self.address_cache, @@ -515,50 +530,101 @@ impl AccessModeSelector { } async fn resolve_inner( + access_method: &AccessMethodSetting, + relay_selector: &RelaySelector, + encrypted_dns_proxy_cache: &mut EncryptedDnsProxyState, + address_cache: &AddressCache, + ) -> Option { + let connection_mode = + Self::resolve_connection_mode(access_method, relay_selector, encrypted_dns_proxy_cache) + .await?; + let endpoint = + resolve_allowed_endpoint(&connection_mode, address_cache.get_address().await); + Some(ResolvedConnectionMode { + connection_mode, + endpoint, + setting: access_method.clone(), + }) + } + + /// Resolve an access method into a set of connection details - fall back to + /// [`ApiConnectionMode::Direct`] in case `access_method` does not yield anything. + async fn resolve_with_default( + &mut self, access_method: AccessMethodSetting, + ) -> ResolvedConnectionMode { + Self::resolve_inner_with_default( + &access_method, + &self.relay_selector, + &mut self.encrypted_dns_proxy_cache, + &self.address_cache, + ) + .await + } + + async fn resolve_inner_with_default( + access_method: &AccessMethodSetting, relay_selector: &RelaySelector, encrypted_dns_proxy_cache: &mut EncryptedDnsProxyState, address_cache: &AddressCache, ) -> ResolvedConnectionMode { + match Self::resolve_inner( + access_method, + relay_selector, + encrypted_dns_proxy_cache, + address_cache, + ) + .await + { + Some(resolved) => resolved, + None => { + log::trace!("Defaulting to direct API connection"); + ResolvedConnectionMode { + connection_mode: ApiConnectionMode::Direct, + endpoint: resolve_allowed_endpoint( + &ApiConnectionMode::Direct, + address_cache.get_address().await, + ), + setting: access_method.clone(), + } + } + } + } + + async fn resolve_connection_mode( + access_method: &AccessMethodSetting, + relay_selector: &RelaySelector, + encrypted_dns_proxy_cache: &mut EncryptedDnsProxyState, + ) -> Option { let connection_mode = { - let access_method = access_method.access_method.clone(); - match access_method { + match &access_method.access_method { AccessMethod::BuiltIn(BuiltInAccessMethod::Direct) => ApiConnectionMode::Direct, - AccessMethod::BuiltIn(BuiltInAccessMethod::Bridge) => relay_selector - .get_bridge_forced() - .map(ProxyConfig::from) - .map(ApiConnectionMode::Proxied) - .unwrap_or_else(|| { - log::warn!( - "Received unexpected proxy settings type. Defaulting to direct API connection" - ); - log::debug!("Defaulting to direct API connection"); - ApiConnectionMode::Direct - }), + AccessMethod::BuiltIn(BuiltInAccessMethod::Bridge) => { + let Some(bridge) = relay_selector.get_bridge_forced() else { + log::warn!("Could not select a Mullvad bridge"); + log::debug!("The relay list might be empty"); + return None; + }; + let proxy = CustomProxy::Shadowsocks(bridge); + ApiConnectionMode::Proxied(ProxyConfig::from(proxy)) + } AccessMethod::BuiltIn(BuiltInAccessMethod::EncryptedDnsProxy) => { if let Err(error) = encrypted_dns_proxy_cache.fetch_configs().await { log::warn!("Failed to fetch new Encrypted DNS Proxy configurations"); log::debug!("{error:#?}"); } - encrypted_dns_proxy_cache - .next_configuration() - .map(ProxyConfig::EncryptedDnsProxy) - .map(ApiConnectionMode::Proxied) - .unwrap_or_else(|| { + let Some(edp) = encrypted_dns_proxy_cache.next_configuration() else { log::warn!("Could not select next Encrypted DNS proxy config"); - log::debug!("Defaulting to direct API connection"); - ApiConnectionMode::Direct - })}, - AccessMethod::Custom(config) => ApiConnectionMode::Proxied(ProxyConfig::from(config)), + return None; + }; + ApiConnectionMode::Proxied(ProxyConfig::from(edp)) + } + AccessMethod::Custom(config) => { + ApiConnectionMode::Proxied(ProxyConfig::from(config.clone())) + } } }; - let endpoint = - resolve_allowed_endpoint(&connection_mode, address_cache.get_address().await); - ResolvedConnectionMode { - connection_mode, - endpoint, - setting: access_method, - } + Some(connection_mode) } } diff --git a/mullvad-daemon/src/lib.rs b/mullvad-daemon/src/lib.rs index 058458954089..7fb8193ba6bc 100644 --- a/mullvad-daemon/src/lib.rs +++ b/mullvad-daemon/src/lib.rs @@ -2752,8 +2752,19 @@ impl Daemon { } }; - let test_subject = match self.access_mode_handler.resolve(access_method).await { - Ok(test_subject) => test_subject, + let test_subject = match self + .access_mode_handler + .resolve(access_method.clone()) + .await + { + Ok(Some(test_subject)) => test_subject, + Ok(None) => { + let error = Error::ApiConnectionModeError(self::api::Error::Resolve { + access_method: access_method.access_method, + }); + reply(Err(error)); + return; + } Err(err) => { reply(Err(Error::ApiConnectionModeError(err))); return; diff --git a/mullvad-daemon/src/tunnel.rs b/mullvad-daemon/src/tunnel.rs index a9c59662853f..3fd94d591d02 100644 --- a/mullvad-daemon/src/tunnel.rs +++ b/mullvad-daemon/src/tunnel.rs @@ -185,8 +185,8 @@ impl InnerParametersGenerator { bridge: bridge_relay.cloned(), server_override, }); - let bridge_settings = bridge.as_ref().map(|bridge| bridge.settings()); - Ok(self.create_openvpn_tunnel_parameters(endpoint, data, bridge_settings.cloned())) + let bridge_settings = bridge.map(|bridge| bridge.to_proxy()); + Ok(self.create_openvpn_tunnel_parameters(endpoint, data, bridge_settings)) } GetRelay::Wireguard { endpoint, diff --git a/mullvad-relay-selector/src/relay_selector/detailer.rs b/mullvad-relay-selector/src/relay_selector/detailer.rs index 7b5f24f94cbc..e474842b6674 100644 --- a/mullvad-relay-selector/src/relay_selector/detailer.rs +++ b/mullvad-relay-selector/src/relay_selector/detailer.rs @@ -21,7 +21,7 @@ use mullvad_types::{ }; use talpid_types::net::{ all_of_the_internet, - proxy::CustomProxy, + proxy::Shadowsocks, wireguard::{PeerConfig, PublicKey}, Endpoint, IpVersion, TransportProtocol, }; @@ -266,7 +266,7 @@ fn compatible_openvpn_port_combo( } /// Picks a random bridge from a relay. -pub fn bridge_endpoint(data: &BridgeEndpointData, relay: &Relay) -> Option { +pub fn bridge_endpoint(data: &BridgeEndpointData, relay: &Relay) -> Option { use rand::seq::SliceRandom; if relay.endpoint_data != RelayEndpointData::Bridge { return None; diff --git a/mullvad-relay-selector/src/relay_selector/mod.rs b/mullvad-relay-selector/src/relay_selector/mod.rs index e7a69227272e..f53c6c4b70bb 100644 --- a/mullvad-relay-selector/src/relay_selector/mod.rs +++ b/mullvad-relay-selector/src/relay_selector/mod.rs @@ -46,7 +46,9 @@ use mullvad_types::{ }; use talpid_types::{ net::{ - obfuscation::ObfuscatorConfig, proxy::CustomProxy, Endpoint, TransportProtocol, TunnelType, + obfuscation::ObfuscatorConfig, + proxy::{CustomProxy, Shadowsocks}, + Endpoint, TransportProtocol, TunnelType, }, ErrorExt, }; @@ -228,15 +230,19 @@ pub enum GetRelay { #[derive(Clone, Debug)] pub enum SelectedBridge { - Normal { settings: CustomProxy, relay: Relay }, + Normal { + // Mullvad operated bridges will always be Shadowsocks proxies. + settings: Shadowsocks, + relay: Relay, + }, Custom(CustomProxy), } impl SelectedBridge { /// Get the bridge settings. - pub fn settings(&self) -> &CustomProxy { + pub fn to_proxy(self) -> CustomProxy { match self { - SelectedBridge::Normal { settings, .. } => settings, + SelectedBridge::Normal { settings, .. } => CustomProxy::Shadowsocks(settings), SelectedBridge::Custom(settings) => settings, } } @@ -444,7 +450,7 @@ impl RelaySelector { /// Returns a non-custom bridge based on the relay and bridge constraints, ignoring the bridge /// state. - pub fn get_bridge_forced(&self) -> Option { + pub fn get_bridge_forced(&self) -> Option { let parsed_relays = &self.parsed_relays.lock().unwrap(); let config = self.config.lock().unwrap(); let specialized_config = SpecializedSelectorConfig::from(&*config); @@ -1049,7 +1055,7 @@ impl RelaySelector { constraints: &InternalBridgeConstraints, location: Option, custom_lists: &CustomListsSettings, - ) -> Result<(CustomProxy, Relay), Error> { + ) -> Result<(Shadowsocks, Relay), Error> { let bridges = filter_matching_bridges(constraints, parsed_relays.relays(), custom_lists); let bridge_data = &parsed_relays.parsed_list().bridge; let bridge = match location { diff --git a/mullvad-types/src/relay_list.rs b/mullvad-types/src/relay_list.rs index afe8ba6378d3..c4d1d61bb7b8 100644 --- a/mullvad-types/src/relay_list.rs +++ b/mullvad-types/src/relay_list.rs @@ -4,10 +4,7 @@ use std::{ net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr}, ops::RangeInclusive, }; -use talpid_types::net::{ - proxy::{CustomProxy, Shadowsocks}, - wireguard, TransportProtocol, -}; +use talpid_types::net::{proxy::Shadowsocks, wireguard, TransportProtocol}; /// Stores a list of relays for each country obtained from the API using /// `mullvad_api::RelayListProxy`. This can also be passed to frontends. @@ -246,11 +243,11 @@ pub struct ShadowsocksEndpointData { } impl ShadowsocksEndpointData { - pub fn to_proxy_settings(&self, addr: IpAddr) -> CustomProxy { - CustomProxy::Shadowsocks(Shadowsocks { + pub fn to_proxy_settings(&self, addr: IpAddr) -> Shadowsocks { + Shadowsocks { endpoint: SocketAddr::new(addr, self.port), password: self.password.clone(), cipher: self.cipher.clone(), - }) + } } } diff --git a/test/test-manager/src/tests/ui.rs b/test/test-manager/src/tests/ui.rs index d4758d9ced61..266624cc68ed 100644 --- a/test/test-manager/src/tests/ui.rs +++ b/test/test-manager/src/tests/ui.rs @@ -146,7 +146,7 @@ async fn test_custom_access_methods_gui( ) -> anyhow::Result<()> { use mullvad_api::env; use mullvad_relay_selector::{RelaySelector, SelectorConfig}; - use talpid_types::net::proxy::CustomProxy; + // For this test to work, we need to supply the following env-variables: // // * SHADOWSOCKS_SERVER_IP @@ -179,10 +179,6 @@ async fn test_custom_access_methods_gui( let relay_selector = RelaySelector::from_list(SelectorConfig::default(), relay_list); let access_method = relay_selector .get_bridge_forced() - .and_then(|proxy| match proxy { - CustomProxy::Shadowsocks(s) => Some(s), - _ => None - }) .expect("`test_shadowsocks` needs at least one shadowsocks relay to execute. Found none in relay list."); let ui_result = run_test_env( @@ -219,7 +215,7 @@ async fn test_custom_bridge_gui( mut mullvad_client: MullvadProxyClient, ) -> Result<(), Error> { use mullvad_relay_selector::{RelaySelector, SelectorConfig}; - use talpid_types::net::proxy::CustomProxy; + // For this test to work, we need to supply the following env-variables: // // * SHADOWSOCKS_SERVER_IP @@ -236,10 +232,6 @@ async fn test_custom_bridge_gui( let relay_selector = RelaySelector::from_list(SelectorConfig::default(), relay_list); let custom_proxy = relay_selector .get_bridge_forced() - .and_then(|proxy| match proxy { - CustomProxy::Shadowsocks(s) => Some(s), - _ => None - }) .expect("`test_shadowsocks` needs at least one shadowsocks relay to execute. Found none in relay list."); let ui_result = run_test_env( From 4e57719a930a9971965101bc40defc4181019e99 Mon Sep 17 00:00:00 2001 From: Markus Pettersson Date: Wed, 30 Oct 2024 13:37:28 +0100 Subject: [PATCH 2/2] Update `test/Cargo.lock` file --- test/Cargo.lock | 164 +++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 136 insertions(+), 28 deletions(-) diff --git a/test/Cargo.lock b/test/Cargo.lock index 67f538e39aa0..dcbe9aef95a0 100644 --- a/test/Cargo.lock +++ b/test/Cargo.lock @@ -216,7 +216,7 @@ dependencies = [ "axum-core", "bytes", "futures-util", - "http", + "http 1.1.0", "http-body", "http-body-util", "itoa", @@ -242,7 +242,7 @@ dependencies = [ "async-trait", "bytes", "futures-util", - "http", + "http 1.1.0", "http-body", "http-body-util", "mime", @@ -1121,6 +1121,25 @@ dependencies = [ "subtle", ] +[[package]] +name = "h2" +version = "0.3.26" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8" +dependencies = [ + "bytes", + "fnv", + "futures-core", + "futures-sink", + "futures-util", + "http 0.2.12", + "indexmap 2.2.6", + "slab", + "tokio", + "tokio-util", + "tracing", +] + [[package]] name = "h2" version = "0.4.6" @@ -1132,7 +1151,7 @@ dependencies = [ "fnv", "futures-core", "futures-sink", - "http", + "http 1.1.0", "indexmap 2.2.6", "slab", "tokio", @@ -1183,19 +1202,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "07698b8420e2f0d6447a436ba999ec85d8fbf2a398bbd737b82cac4a2e96e512" dependencies = [ "async-trait", + "bytes", "cfg-if", "data-encoding", "enum-as-inner", "futures-channel", "futures-io", "futures-util", + "h2 0.3.26", + "http 0.2.12", "idna 0.4.0", "ipnet", "once_cell", "rand 0.8.5", + "rustls 0.21.12", + "rustls-pemfile 1.0.4", "thiserror", "tinyvec", "tokio", + "tokio-rustls 0.24.1", "tracing", "url", ] @@ -1215,9 +1240,11 @@ dependencies = [ "parking_lot 0.12.1", "rand 0.8.5", "resolv-conf", + "rustls 0.21.12", "smallvec", "thiserror", "tokio", + "tokio-rustls 0.24.1", "tracing", ] @@ -1250,6 +1277,17 @@ dependencies = [ "winapi", ] +[[package]] +name = "http" +version = "0.2.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "601cbb57e577e2f5ef5be8e7b83f0f63994f25aa94d673e54a92d5c516d101f1" +dependencies = [ + "bytes", + "fnv", + "itoa", +] + [[package]] name = "http" version = "1.1.0" @@ -1268,7 +1306,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" dependencies = [ "bytes", - "http", + "http 1.1.0", ] [[package]] @@ -1279,7 +1317,7 @@ checksum = "793429d76616a256bcb62c2a2ec2bed781c8307e797e2598c50010f2bee2544f" dependencies = [ "bytes", "futures-util", - "http", + "http 1.1.0", "http-body", "pin-project-lite", ] @@ -1311,8 +1349,8 @@ dependencies = [ "bytes", "futures-channel", "futures-util", - "h2", - "http", + "h2 0.4.6", + "http 1.1.0", "http-body", "httparse", "httpdate", @@ -1330,16 +1368,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "08afdbb5c31130e3034af566421053ab03787c640246a446327f550d11bcb333" dependencies = [ "futures-util", - "http", + "http 1.1.0", "hyper", "hyper-util", "log", - "rustls", + "rustls 0.23.13", "rustls-pki-types", "tokio", - "tokio-rustls", + "tokio-rustls 0.26.0", "tower-service", - "webpki-roots", + "webpki-roots 0.26.6", ] [[package]] @@ -1364,7 +1402,7 @@ dependencies = [ "bytes", "futures-channel", "futures-util", - "http", + "http 1.1.0", "http-body", "hyper", "pin-project-lite", @@ -1848,16 +1886,17 @@ dependencies = [ "cbindgen", "chrono", "futures", - "http", + "http 1.1.0", "http-body-util", "hyper", "hyper-util", "ipnetwork", "libc", "log", + "mullvad-encrypted-dns-proxy", "mullvad-fs", "mullvad-types", - "rustls-pemfile", + "rustls-pemfile 2.1.3", "serde", "serde_json", "shadowsocks", @@ -1865,12 +1904,24 @@ dependencies = [ "talpid-types", "thiserror", "tokio", - "tokio-rustls", + "tokio-rustls 0.26.0", "tokio-socks", "tower 0.5.1", "uuid", ] +[[package]] +name = "mullvad-encrypted-dns-proxy" +version = "0.0.0" +dependencies = [ + "hickory-resolver", + "log", + "rustls 0.21.12", + "serde", + "tokio", + "webpki-roots 0.25.4", +] + [[package]] name = "mullvad-fs" version = "0.0.0" @@ -2530,7 +2581,7 @@ dependencies = [ "quinn-proto", "quinn-udp", "rustc-hash", - "rustls", + "rustls 0.23.13", "socket2 0.5.6", "thiserror", "tokio", @@ -2547,7 +2598,7 @@ dependencies = [ "rand 0.8.5", "ring", "rustc-hash", - "rustls", + "rustls 0.23.13", "slab", "thiserror", "tinyvec", @@ -2716,7 +2767,7 @@ dependencies = [ "futures-channel", "futures-core", "futures-util", - "http", + "http 1.1.0", "http-body", "http-body-util", "hyper", @@ -2730,21 +2781,21 @@ dependencies = [ "percent-encoding", "pin-project-lite", "quinn", - "rustls", - "rustls-pemfile", + "rustls 0.23.13", + "rustls-pemfile 2.1.3", "rustls-pki-types", "serde", "serde_json", "serde_urlencoded", "sync_wrapper 1.0.1", "tokio", - "tokio-rustls", + "tokio-rustls 0.26.0", "tower-service", "url", "wasm-bindgen", "wasm-bindgen-futures", "web-sys", - "webpki-roots", + "webpki-roots 0.26.6", "windows-registry", ] @@ -2832,6 +2883,18 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "rustls" +version = "0.21.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e" +dependencies = [ + "log", + "ring", + "rustls-webpki 0.101.7", + "sct", +] + [[package]] name = "rustls" version = "0.23.13" @@ -2842,11 +2905,20 @@ dependencies = [ "once_cell", "ring", "rustls-pki-types", - "rustls-webpki", + "rustls-webpki 0.102.8", "subtle", "zeroize", ] +[[package]] +name = "rustls-pemfile" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" +dependencies = [ + "base64 0.21.7", +] + [[package]] name = "rustls-pemfile" version = "2.1.3" @@ -2863,6 +2935,16 @@ version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc0a2ce646f8655401bb81e7927b812614bd5d91dbc968696be50603510fcaf0" +[[package]] +name = "rustls-webpki" +version = "0.101.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" +dependencies = [ + "ring", + "untrusted", +] + [[package]] name = "rustls-webpki" version = "0.102.8" @@ -2901,6 +2983,16 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +[[package]] +name = "sct" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" +dependencies = [ + "ring", + "untrusted", +] + [[package]] name = "sec1" version = "0.7.3" @@ -3392,13 +3484,13 @@ dependencies = [ "hyper-rustls", "hyper-util", "log", - "rustls-pemfile", + "rustls-pemfile 2.1.3", "serde", "serde_json", "tarpc", "thiserror", "tokio", - "tokio-rustls", + "tokio-rustls 0.26.0", "tokio-serde", "tokio-util", ] @@ -3554,13 +3646,23 @@ dependencies = [ "syn 2.0.60", ] +[[package]] +name = "tokio-rustls" +version = "0.24.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" +dependencies = [ + "rustls 0.21.12", + "tokio", +] + [[package]] name = "tokio-rustls" version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0c7bc40d0e5a97695bb96e27995cd3a08538541b0a846f65bba7a359f36700d4" dependencies = [ - "rustls", + "rustls 0.23.13", "rustls-pki-types", "tokio", ] @@ -3668,8 +3770,8 @@ dependencies = [ "axum", "base64 0.22.0", "bytes", - "h2", - "http", + "h2 0.4.6", + "http 1.1.0", "http-body", "http-body-util", "hyper", @@ -4034,6 +4136,12 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "webpki-roots" +version = "0.25.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" + [[package]] name = "webpki-roots" version = "0.26.6"