From 05e31254ba6ff8093ea665aea56fe46de93ea1bd Mon Sep 17 00:00:00 2001 From: asonix Date: Sun, 4 Feb 2024 20:25:50 -0600 Subject: [PATCH] Update rustls for actix-web, log less --- Cargo.lock | 144 ++++++++++++++++++++++++++++++++------------------ Cargo.toml | 6 +-- src/config.rs | 17 +++--- src/error.rs | 2 +- src/main.rs | 29 +++++----- 5 files changed, 117 insertions(+), 81 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e713111..32a0bc7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -56,9 +56,9 @@ dependencies = [ [[package]] name = "actix-http" -version = "3.5.1" +version = "3.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "129d4c88e98860e1758c5de288d1632b07970a16d59bdf7b8d66053d582bb71f" +checksum = "d223b13fd481fc0d1f83bb12659ae774d9e3601814c68a0bc539731698cca743" dependencies = [ "actix-codec", "actix-rt", @@ -157,9 +157,9 @@ dependencies = [ [[package]] name = "actix-tls" -version = "3.2.0" +version = "3.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "929e47cc23865cdb856e59673cfba2d28f00b3bbd060dfc80e33a00a3cea8317" +checksum = "d4cce60a2f2b477bc72e5cde0af1812a6e82d8fd85b5570a5dcf2a5bf2c5be5f" dependencies = [ "actix-rt", "actix-service", @@ -167,11 +167,11 @@ dependencies = [ "futures-core", "impl-more", "pin-project-lite", + "rustls-pki-types", "tokio", - "tokio-rustls", + "tokio-rustls 0.25.0", "tokio-util", "tracing", - "webpki-roots", ] [[package]] @@ -186,9 +186,9 @@ dependencies = [ [[package]] name = "actix-web" -version = "4.4.1" +version = "4.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e43428f3bf11dee6d166b00ec2df4e3aa8cc1606aaa0b7433c146852e2f4e03b" +checksum = "43a6556ddebb638c2358714d853257ed226ece6023ef9364f23f0c70737ea984" dependencies = [ "actix-codec", "actix-http", @@ -421,7 +421,7 @@ dependencies = [ "rsa", "rsa-magic-public-key", "ructe", - "rustls", + "rustls 0.22.2", "rustls-channel-resolver", "rustls-pemfile 2.0.0", "serde", @@ -749,9 +749,9 @@ checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" [[package]] name = "bytecheck" -version = "0.6.11" +version = "0.6.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b6372023ac861f6e6dc89c8344a8f398fb42aaba2b5dbc649ca0c0e9dbcb627" +checksum = "23cdc57ce23ac53c931e88a43d06d070a6fd142f2617be5855eb75efc9beb1c2" dependencies = [ "bytecheck_derive", "ptr_meta", @@ -760,9 +760,9 @@ dependencies = [ [[package]] name = "bytecheck_derive" -version = "0.6.11" +version = "0.6.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7ec4c6f261935ad534c0c22dbef2201b45918860eb1c574b972bd213a76af61" +checksum = "3db406d29fbcd95542e92559bed4d8ad92636d1ca8b3b72ede10b4bcc010e659" dependencies = [ "proc-macro2", "quote", @@ -1489,7 +1489,7 @@ dependencies = [ "futures-sink", "futures-util", "http", - "indexmap 2.2.1", + "indexmap 2.2.2", "slab", "tokio", "tokio-util", @@ -1683,9 +1683,9 @@ dependencies = [ "futures-util", "http", "hyper", - "rustls", + "rustls 0.21.10", "tokio", - "tokio-rustls", + "tokio-rustls 0.24.1", ] [[package]] @@ -1734,9 +1734,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.2.1" +version = "2.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "433de089bd45971eecf4668ee0ee8f4cec17db4f8bd8f7bc3197a6ce37aa7d9b" +checksum = "824b2ae422412366ba479e8111fd301f7b5faece8149317bb81925979a53f520" dependencies = [ "equivalent", "hashbrown 0.14.3", @@ -2107,9 +2107,9 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" -version = "0.7.1" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" +checksum = "9d811f3e15f28568be3407c8e7fdb6514c1cda3cb30683f15b6a1a1dc4ea14a7" dependencies = [ "adler", ] @@ -2211,6 +2211,12 @@ dependencies = [ "zeroize", ] +[[package]] +name = "num-conv" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" + [[package]] name = "num-integer" version = "0.1.45" @@ -2287,7 +2293,7 @@ checksum = "1e32339a5dc40459130b3bd269e9892439f55b33e772d2a9d402a789baaf4e8a" dependencies = [ "futures-core", "futures-sink", - "indexmap 2.2.1", + "indexmap 2.2.2", "js-sys", "once_cell", "pin-project-lite", @@ -2994,9 +3000,9 @@ checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "rend" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2571463863a6bd50c32f94402933f03457a3fbaf697a707c5be741e459f08fd" +checksum = "71fe3824f5629716b1589be05dacd749f6aa084c87e00e016714a8cdfccc997c" dependencies = [ "bytecheck", ] @@ -3025,7 +3031,7 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", - "rustls", + "rustls 0.21.10", "rustls-pemfile 1.0.4", "serde", "serde_json", @@ -3033,7 +3039,7 @@ dependencies = [ "sync_wrapper", "system-configuration", "tokio", - "tokio-rustls", + "tokio-rustls 0.24.1", "tokio-util", "tower-service", "url", @@ -3092,9 +3098,9 @@ dependencies = [ [[package]] name = "rkyv" -version = "0.7.43" +version = "0.7.44" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "527a97cdfef66f65998b5f3b637c26f5a5ec09cc52a3f9932313ac645f4190f5" +checksum = "5cba464629b3394fc4dbc6f940ff8f5b4ff5c7aef40f29166fd4ad12acbc99c0" dependencies = [ "bitvec", "bytecheck", @@ -3110,9 +3116,9 @@ dependencies = [ [[package]] name = "rkyv_derive" -version = "0.7.43" +version = "0.7.44" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5c462a1328c8e67e4d6dbad1eb0355dd43e8ab432c6e227a43657f16ade5033" +checksum = "a7dddfff8de25e6f62b9d64e6e432bf1c6736c57d20323e15ee10435fbda7c65" dependencies = [ "proc-macro2", "quote", @@ -3233,18 +3239,32 @@ checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" dependencies = [ "log", "ring", - "rustls-webpki", + "rustls-webpki 0.101.7", "sct", ] [[package]] -name = "rustls-channel-resolver" -version = "0.1.0" +name = "rustls" +version = "0.22.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de0a6bf546dc283b4c1413532d2bf53a64b3a006ee57f7ca0f4984f35841cacb" +checksum = "e87c9956bd9807afa1f77e0f7594af32566e830e088a5576d27c5b6f30f49d41" +dependencies = [ + "log", + "ring", + "rustls-pki-types", + "rustls-webpki 0.102.2", + "subtle", + "zeroize", +] + +[[package]] +name = "rustls-channel-resolver" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ffbd1941204442f051576a9a7ea8e8db074ad7fd43db1eb3378c3633f9f9e166" dependencies = [ "nanorand", - "rustls", + "rustls 0.22.2", ] [[package]] @@ -3268,9 +3288,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.1.0" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e9d979b3ce68192e42760c7810125eb6cf2ea10efae545a156063e61f314e2a" +checksum = "0a716eb65e3158e90e17cd93d855216e27bde02745ab842f2cab4a39dba1bacf" [[package]] name = "rustls-webpki" @@ -3282,6 +3302,17 @@ dependencies = [ "untrusted", ] +[[package]] +name = "rustls-webpki" +version = "0.102.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" +dependencies = [ + "ring", + "rustls-pki-types", + "untrusted", +] + [[package]] name = "rustversion" version = "1.0.14" @@ -3459,9 +3490,9 @@ checksum = "38b58827f4464d87d377d175e90bf58eb00fd8716ff0a62f80356b5e61555d0d" [[package]] name = "sketches-ddsketch" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68a406c1882ed7f29cd5e248c9848a80e7cb6ae0fea82346d2746f2f941c07e1" +checksum = "85636c14b73d81f541e525f585c0a2109e6744e1565b5c1668e31c70c10ed65c" [[package]] name = "slab" @@ -3765,12 +3796,13 @@ dependencies = [ [[package]] name = "time" -version = "0.3.31" +version = "0.3.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f657ba42c3f86e7680e53c8cd3af8abbe56b5491790b46e22e19c0d57463583e" +checksum = "c8248b6521bb14bc45b4067159b9b6ad792e2d6d754d6c41fb50e29fefe38749" dependencies = [ "deranged", "itoa", + "num-conv", "powerfmt", "serde", "time-core", @@ -3785,10 +3817,11 @@ checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" [[package]] name = "time-macros" -version = "0.2.16" +version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26197e33420244aeb70c3e8c78376ca46571bc4e701e4791c2cd9f57dcb3a43f" +checksum = "7ba3a3ef41e6672a2f0f001392bb5dcd3ff0a9992d618ca761a11c3121547774" dependencies = [ + "num-conv", "time-core", ] @@ -3809,9 +3842,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.35.1" +version = "1.36.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104" +checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931" dependencies = [ "backtrace", "bytes", @@ -3854,7 +3887,18 @@ version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" dependencies = [ - "rustls", + "rustls 0.21.10", + "tokio", +] + +[[package]] +name = "tokio-rustls" +version = "0.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f" +dependencies = [ + "rustls 0.22.2", + "rustls-pki-types", "tokio", ] @@ -3919,7 +3963,7 @@ version = "0.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a8534fd7f78b5405e860340ad6575217ce99f38d4d5c8f2442cb5ecb50090e1" dependencies = [ - "indexmap 2.2.1", + "indexmap 2.2.2", "serde", "serde_spanned", "toml_datetime", @@ -4355,9 +4399,9 @@ dependencies = [ [[package]] name = "webpki-roots" -version = "0.25.3" +version = "0.25.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1778a42e8b3b90bff8d0f5032bf22250792889a5cdc752aa0020c84abe3aaf10" +checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" [[package]] name = "winapi" @@ -4515,9 +4559,9 @@ checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" [[package]] name = "winnow" -version = "0.5.36" +version = "0.5.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "818ce546a11a9986bc24f93d0cdf38a8a1a400f1473ea8c82e59f6e0ffab9249" +checksum = "a7cad8365489051ae9f054164e459304af2e7e9bb407c958076c8bf4aef52da5" dependencies = [ "memchr", ] diff --git a/Cargo.toml b/Cargo.toml index dbdcd63..189d451 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -22,7 +22,7 @@ default = [] [dependencies] anyhow = "1.0" -actix-web = { version = "4.4.0", default-features = false, features = ["compress-brotli", "compress-gzip", "rustls-0_21"] } +actix-web = { version = "4.4.0", default-features = false, features = ["compress-brotli", "compress-gzip", "rustls-0_22"] } actix-webfinger = { version = "0.5.0", default-features = false } activitystreams = "0.7.0-alpha.25" activitystreams-ext = "0.1.0-alpha.3" @@ -57,8 +57,8 @@ reqwest-tracing = "0.4.5" ring = "0.17.5" rsa = { version = "0.9" } rsa-magic-public-key = "0.8.0" -rustls = "0.21.0" -rustls-channel-resolver = "0.1.0" +rustls = "0.22.0" +rustls-channel-resolver = "0.2.0" rustls-pemfile = "2" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" diff --git a/src/config.rs b/src/config.rs index 49dcecd..bba4fd6 100644 --- a/src/config.rs +++ b/src/config.rs @@ -12,7 +12,7 @@ use activitystreams::{ }; use config::Environment; use http_signature_normalization_actix::{digest::ring::Sha256, prelude::VerifyDigest}; -use rustls::{sign::CertifiedKey, Certificate, PrivateKey}; +use rustls::sign::CertifiedKey; use std::{ net::{IpAddr, SocketAddr}, path::PathBuf, @@ -315,14 +315,13 @@ impl Config { let tls = if let Some(tls) = &self.tls { tls } else { - tracing::warn!("No TLS config present"); + tracing::info!("No TLS config present"); return Ok(None); }; let certs_bytes = tokio::fs::read(&tls.cert).await?; - let certs = rustls_pemfile::certs(&mut certs_bytes.as_slice()) - .map(|res| res.map(|c| Certificate(c.to_vec()))) - .collect::, _>>()?; + let certs = + rustls_pemfile::certs(&mut certs_bytes.as_slice()).collect::, _>>()?; if certs.is_empty() { tracing::warn!("No certs read from certificate file"); @@ -330,16 +329,14 @@ impl Config { } let key_bytes = tokio::fs::read(&tls.key).await?; - let key = rustls_pemfile::private_key(&mut key_bytes.as_slice())?; - - let key = if let Some(key) = key { - PrivateKey(Vec::from(key.secret_der())) + let key = if let Some(key) = rustls_pemfile::private_key(&mut key_bytes.as_slice())? { + key } else { tracing::warn!("Failed to read private key"); return Ok(None); }; - let key = rustls::sign::any_supported_type(&key)?; + let key = rustls::crypto::ring::sign::any_supported_type(&key)?; Ok(Some(CertifiedKey::new(certs, key))) } diff --git a/src/error.rs b/src/error.rs index fd379f3..545aa38 100644 --- a/src/error.rs +++ b/src/error.rs @@ -115,7 +115,7 @@ pub(crate) enum ErrorKind { Signature(#[from] rsa::signature::Error), #[error("Couldn't prepare TLS private key")] - PrepareKey(#[from] rustls::sign::SignError), + PrepareKey(#[from] rustls::Error), #[error("Couldn't verify signature")] VerifySignature, diff --git a/src/main.rs b/src/main.rs index 51e77c1..284825e 100644 --- a/src/main.rs +++ b/src/main.rs @@ -21,7 +21,7 @@ use tokio::task::JoinHandle; use tracing_actix_web::TracingLogger; use tracing_error::ErrorLayer; use tracing_log::LogTracer; -use tracing_subscriber::{filter::Targets, fmt::format::FmtSpan, layer::SubscriberExt, Layer}; +use tracing_subscriber::{filter::Targets, layer::SubscriberExt, Layer}; mod admin; mod apub; @@ -60,12 +60,10 @@ fn init_subscriber( LogTracer::init()?; let targets: Targets = std::env::var("RUST_LOG") - .unwrap_or_else(|_| "warn,actix_web=debug,actix_server=debug,tracing_actix_web=info".into()) + .unwrap_or_else(|_| "info".into()) .parse()?; - let format_layer = tracing_subscriber::fmt::layer() - .with_span_events(FmtSpan::NEW | FmtSpan::CLOSE) - .with_filter(targets.clone()); + let format_layer = tracing_subscriber::fmt::layer().with_filter(targets.clone()); #[cfg(feature = "console")] let console_layer = ConsoleLayer::builder() @@ -173,16 +171,16 @@ async fn main() -> Result<(), anyhow::Error> { collector.install()?; } - tracing::warn!("Opening DB"); + tracing::info!("Opening DB"); let db = Db::build(&config)?; - tracing::warn!("Building caches"); + tracing::info!("Building caches"); let actors = ActorCache::new(db.clone()); let media = MediaCache::new(db.clone()); server_main(db, actors, media, collector, config).await?; - tracing::warn!("Application exit"); + tracing::info!("Application exit"); Ok(()) } @@ -289,7 +287,7 @@ async fn server_main( config.proxy_config(), )?; - tracing::warn!("Creating state"); + tracing::info!("Creating state"); let (signature_threads, verify_threads) = match config.signature_threads() { 0 | 1 => (1, 1), @@ -309,7 +307,7 @@ async fn server_main( let state = State::build(db.clone(), key_id, sign_spawner.clone(), client).await?; if let Some((token, admin_handle)) = config.telegram_info() { - tracing::warn!("Creating telegram handler"); + tracing::info!("Creating telegram handler"); telegram::start(admin_handle.to_owned(), db.clone(), token); } @@ -407,29 +405,26 @@ async fn server_main( } }); - tracing::warn!("Binding to {}:{} with TLS", bind_address.0, bind_address.1); + tracing::info!("Binding to {}:{} with TLS", bind_address.0, bind_address.1); let server_config = ServerConfig::builder() - .with_safe_default_cipher_suites() - .with_safe_default_kx_groups() - .with_safe_default_protocol_versions()? .with_no_client_auth() .with_cert_resolver(cert_rx); server - .bind_rustls_021(bind_address, server_config)? + .bind_rustls_0_22(bind_address, server_config)? .run() .await?; handle.abort(); let _ = handle.await; } else { - tracing::warn!("Binding to {}:{}", bind_address.0, bind_address.1); + tracing::info!("Binding to {}:{}", bind_address.0, bind_address.1); server.bind(bind_address)?.run().await?; } sign_spawner2.close().await; verify_spawner2.close().await; - tracing::warn!("Server closed"); + tracing::info!("Server closed"); Ok(()) }