deps: use quinn rustls re-export, try fixing tests

Author: mempirate

Cargo.lock

@@ -58,8 +58,6 @@ rand = "0.8"
 
 # networking
 quinn = "0.11.9"
-# (rustls needs to be the same version as the one used by quinn)
-rustls = { version = "0.23", default-features = false }
 rcgen = "0.12"
 
 # benchmarking & profiling

Cargo.toml

@@ -22,16 +22,11 @@ thiserror = { workspace = true, optional = true }
 
 # QUIC
 quinn = { workspace = true, optional = true }
-rustls = { workspace = true, optional = true, features = [
-    "std",
-    "aws_lc_rs",
-    "tls12",
-] }
 rcgen = { workspace = true, optional = true }
 
 [dev-dependencies]
 tracing-subscriber = "0.3"
 
 [features]
 default = []
-quic = ["dep:quinn", "dep:rustls", "dep:rcgen", "dep:thiserror"]
+quic = ["dep:quinn", "dep:rcgen", "dep:thiserror"]

msg-transport/Cargo.toml

@@ -125,13 +125,14 @@ impl Transport<SocketAddr> for Quic {
         let client_config = self.config.client_config.clone();
 
         Box::pin(async move {
+            debug!(target = %addr, "Initiating connection");
+
             // This `"l"` seems necessary because an empty string is an invalid domain
             // name. While we don't use domain names, the underlying rustls library
             // is based upon the assumption that we do.
-            let connection =
-                endpoint.connect_with(client_config, addr, "l")?.await.map_err(Error::from)?;
+            let connection = endpoint.connect_with(client_config, addr, "localhost")?.await?;
 
-            debug!("Connected to {}, opening stream", addr);
+            debug!(target = %addr, "Connected, opening stream...");
 
             // Open a bi-directional stream and return it. We'll think about multiplexing per topic
             // later.
@@ -158,7 +159,8 @@ impl Transport<SocketAddr> for Quic {
 
                         // Return a future that resolves to the output.
                         return Poll::Ready(Box::pin(async move {
-                            let connection = connecting.await.map_err(Error::from)?;
+                            debug!(client = %peer, "Accepting connection...");
+                            let connection = connecting.await?;
                             debug!(
                                 "Accepted connection from {}, opening stream",
                                 connection.remote_address()
@@ -238,7 +240,7 @@ mod tests {
     use super::*;
 
     #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn test_quic_connection() {
+    async fn test_quic_connection_simple() {
         let _ = tracing_subscriber::fmt::try_init();
 
         let config = Config::default();
@@ -252,7 +254,7 @@ mod tests {
         let (tx, rx) = oneshot::channel();
 
         tokio::spawn(async move {
-            tokio::time::sleep(Duration::from_secs(1)).await;
+            // tokio::time::sleep(Duration::from_secs(1)).await;
 
             let mut stream = server.accept().await.unwrap();
 

msg-transport/src/quic/mod.rs

@@ -1,10 +1,12 @@
 use std::sync::Arc;
 
-use quinn::crypto::rustls::{QuicClientConfig, QuicServerConfig};
-use rustls::{
-    SignatureScheme,
-    client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
-    pki_types::{CertificateDer, PrivateKeyDer},
+use quinn::{
+    crypto::rustls::{QuicClientConfig, QuicServerConfig},
+    rustls::{
+        self, SignatureScheme,
+        client::danger::{ServerCertVerified, ServerCertVerifier},
+        pki_types::{CertificateDer, PrivateKeyDer},
+    },
 };
 
 use crate::quic::ALPN_PROTOCOL;
@@ -15,7 +17,7 @@ pub(crate) struct SkipServerVerification(Arc<rustls::crypto::CryptoProvider>);
 
 impl SkipServerVerification {
     fn new() -> Arc<Self> {
-        Arc::new(Self(Arc::new(rustls::crypto::aws_lc_rs::default_provider())))
+        Arc::new(Self(Arc::new(rustls::crypto::ring::default_provider())))
     }
 }
 
@@ -28,36 +30,54 @@ impl ServerCertVerifier for SkipServerVerification {
         _ocsp_response: &[u8],
         _now: rustls::pki_types::UnixTime,
     ) -> Result<rustls::client::danger::ServerCertVerified, rustls::Error> {
+        tracing::debug!(target = "quic.tls", "Skipping server verification");
         Ok(ServerCertVerified::assertion())
     }
 
     fn verify_tls12_signature(
         &self,
-        _message: &[u8],
-        _cert: &rustls::pki_types::CertificateDer<'_>,
-        _dss: &rustls::DigitallySignedStruct,
+        message: &[u8],
+        cert: &rustls::pki_types::CertificateDer<'_>,
+        dss: &rustls::DigitallySignedStruct,
     ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
-        Ok(HandshakeSignatureValid::assertion())
+        tracing::debug!(target = "quic.tls", "Verifying TLS 1.2 signature");
+        rustls::crypto::verify_tls12_signature(
+            message,
+            cert,
+            dss,
+            &self.0.signature_verification_algorithms,
+        )
     }
 
     fn verify_tls13_signature(
         &self,
-        _message: &[u8],
-        _cert: &rustls::pki_types::CertificateDer<'_>,
-        _dss: &rustls::DigitallySignedStruct,
+        message: &[u8],
+        cert: &rustls::pki_types::CertificateDer<'_>,
+        dss: &rustls::DigitallySignedStruct,
     ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
-        Ok(HandshakeSignatureValid::assertion())
+        tracing::debug!(target = "quic.tls", "Verifying TLS 1.3 signature");
+        rustls::crypto::verify_tls13_signature(
+            message,
+            cert,
+            dss,
+            &self.0.signature_verification_algorithms,
+        )
     }
 
     fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
+        tracing::debug!(
+            target = "quic.tls",
+            "Supported verify schemes: {:?}",
+            self.0.signature_verification_algorithms.supported_schemes()
+        );
         self.0.signature_verification_algorithms.supported_schemes()
     }
 }
 
 /// Returns a TLS configuration that skips all server verification and doesn't do any client
 /// authentication, with the correct ALPN protocol.
 pub(crate) fn unsafe_client_config() -> QuicClientConfig {
-    let provider = Arc::new(rustls::crypto::aws_lc_rs::default_provider());
+    let provider = Arc::new(rustls::crypto::ring::default_provider());
 
     let mut rustls_config = rustls::ClientConfig::builder_with_provider(provider)
         .with_protocol_versions(&[&rustls::version::TLS13])
@@ -76,7 +96,7 @@ pub(crate) fn unsafe_client_config() -> QuicClientConfig {
 /// the correct ALPN protocol.
 pub(crate) fn tls_server_config() -> QuicServerConfig {
     let (cert_chain, key_der) = self_signed_certificate();
-    let provider = Arc::new(rustls::crypto::aws_lc_rs::default_provider());
+    let provider = Arc::new(rustls::crypto::ring::default_provider());
 
     let mut rustls_config = rustls::ServerConfig::builder_with_provider(provider)
         .with_protocol_versions(&[&rustls::version::TLS13])