Reenable certificate files in client for testing

skade · skade · commit be9c398596ac · 2019-08-18T16:35:27.000+02:00
diff --git a/README.md b/README.md
@@ -36,9 +36,17 @@ See [examples/server](examples/server/src/main.rs). You can run it with:
 
 ```sh
 cd examples/server
-cargo run -- 127.0.0.1:8000 --cert mycert.der --key mykey.der
+cargo run -- 127.0.0.1:8080 --cert ../../tests/end.cert --key ../../tests/end.rsa 
 ```
 
+and point the client at it with:
+
+```sh
+cd examples/client
+cargo run -- 127.0.0.1 --port 8080 --domain localhost --cafile ../../tests/end.chain```
+
+**NOTE**: Don't ever use those certificate files anywhere but for testing!
+
 ## Safety
 
 This crate uses ``#![deny(unsafe_code)]`` to ensure everything is implemented in
diff --git a/examples/client/Cargo.toml b/examples/client/Cargo.toml
@@ -5,6 +5,7 @@ authors = ["quininer <quininer@live.com>"]
 edition = "2018"
 
 [dependencies]
-async-std = { path = "../../../async-std" }
 structopt = "0.2"
+rustls    = "0.16"
+async-std = "0.99"
 async-tls = { path = "../.." }
diff --git a/examples/client/src/main.rs b/examples/client/src/main.rs
@@ -5,7 +5,12 @@ use async_std::io::Write;
 use async_std::net::TcpStream;
 use async_std::task;
 use async_tls::TlsConnector;
+use rustls::ClientConfig;
+use std::sync::Arc;
+use std::fs::File;
+use std::io::BufReader;
 use std::net::ToSocketAddrs;
+use std::path::{Path, PathBuf};
 use structopt::StructOpt;
 
 #[derive(StructOpt)]
@@ -20,6 +25,11 @@ struct Options {
     /// The domain to connect to. This may be different from the host!
     #[structopt(short = "d", long = "domain")]
     domain: Option<String>,
+
+    /// A file with a certificate authority chain, allows to connect
+    /// to certificate authories not included in the default set
+    #[structopt(short = "c", long = "cafile", parse(from_os_str))]
+    cafile: Option<PathBuf>,
 }
 
 fn main() -> io::Result<()> {
@@ -40,7 +50,11 @@ fn main() -> io::Result<()> {
 
     // Create default connector comes preconfigured with all you need to safely connect
     // to remote servers!
-    let connector = TlsConnector::default();
+    let connector = if let Some(cafile) = &options.cafile {
+        connector_for_ca_file(cafile)?
+    } else {
+        TlsConnector::default()
+    };
 
     task::block_on(async {
         // Open a normal TCP connection, just as you are used to
@@ -66,3 +80,13 @@ fn main() -> io::Result<()> {
         Ok(())
     })
 }
+
+fn connector_for_ca_file(cafile: &Path) -> io::Result<TlsConnector> {
+    let mut config = ClientConfig::new();
+    let mut pem = BufReader::new(File::open(cafile)?);
+    config
+        .root_store
+        .add_pem_file(&mut pem)
+        .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert"))?;
+    Ok(TlsConnector::from(Arc::new(config)))
+}
diff --git a/examples/server/Cargo.toml b/examples/server/Cargo.toml
@@ -6,7 +6,7 @@ edition = "2018"
 
 [dependencies]
 structopt = "0.2"
+async-std = "0.99"
 async-tls = { path = "../.." }
-async-std = { path = "../../../async-std" }
 rustls = "0.16"
 webpki = "0.21"
