1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
use crate::{Error, Result};
use std::{sync::Arc, time::Duration};
pub const DEFAULT_IDLE_TIMEOUT_MSEC: u64 = 30_000;
pub const DEFAULT_KEEP_ALIVE_INTERVAL_MSEC: u32 = 10_000;
pub fn new_client_cfg(
idle_timeout_msec: u64,
keep_alive_interval_msec: u32,
) -> quinn::ClientConfig {
let mut cfg = quinn::ClientConfigBuilder::default().build();
let crypto_cfg =
Arc::get_mut(&mut cfg.crypto).expect("the crypto config should not be shared yet");
crypto_cfg
.dangerous()
.set_certificate_verifier(SkipServerVerification::new());
cfg.transport = Arc::new(new_transport_cfg(
idle_timeout_msec,
keep_alive_interval_msec,
));
cfg
}
pub fn new_our_cfg(
idle_timeout_msec: u64,
keep_alive_interval_msec: u32,
our_cert: quinn::Certificate,
our_key: quinn::PrivateKey,
) -> Result<quinn::ServerConfig> {
let mut our_cfg_builder = {
let mut our_cfg = quinn::ServerConfig::default();
our_cfg.transport = Arc::new(new_transport_cfg(
idle_timeout_msec,
keep_alive_interval_msec,
));
quinn::ServerConfigBuilder::new(our_cfg)
};
let _ = our_cfg_builder
.certificate(quinn::CertificateChain::from_certs(vec![our_cert]), our_key)?
.use_stateless_retry(true);
Ok(our_cfg_builder.build())
}
fn new_transport_cfg(
idle_timeout_msec: u64,
keep_alive_interval_msec: u32,
) -> quinn::TransportConfig {
let mut transport_config = quinn::TransportConfig::default();
let _ = transport_config
.max_idle_timeout(Some(Duration::from_millis(idle_timeout_msec)))
.map_err(|e| Error::Configuration(e.to_string()))
.unwrap_or(&mut Default::default());
let _ = transport_config
.keep_alive_interval(Some(Duration::from_millis(keep_alive_interval_msec.into())));
transport_config
}
struct SkipServerVerification;
impl SkipServerVerification {
fn new() -> Arc<Self> {
Arc::new(Self)
}
}
impl rustls::ServerCertVerifier for SkipServerVerification {
fn verify_server_cert(
&self,
_roots: &rustls::RootCertStore,
_presented_certs: &[rustls::Certificate],
_dns_name: webpki::DNSNameRef,
_ocsp_response: &[u8],
) -> std::result::Result<rustls::ServerCertVerified, rustls::TLSError> {
Ok(rustls::ServerCertVerified::assertion())
}
}