diff --git a/Cargo.lock b/Cargo.lock index 92afa25..489aa1f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -614,16 +614,6 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" -[[package]] -name = "errno" -version = "0.3.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" -dependencies = [ - "libc", - "windows-sys 0.52.0", -] - [[package]] name = "execute" version = "0.1.0" @@ -647,12 +637,6 @@ dependencies = [ "once_cell", ] -[[package]] -name = "fastrand" -version = "2.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" - [[package]] name = "fdeflate" version = "0.3.3" @@ -733,21 +717,6 @@ dependencies = [ "ttf-parser 0.20.0", ] -[[package]] -name = "foreign-types" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" -dependencies = [ - "foreign-types-shared", -] - -[[package]] -name = "foreign-types-shared" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" - [[package]] name = "form_urlencoded" version = "1.2.1" @@ -908,9 +877,10 @@ dependencies = [ "env_logger", "futures-util", "log", - "native-tls", "parse-display 0.9.0", "reqwest", + "rustls 0.22.2", + "rustls-native-certs 0.7.0", "serde", "serde_json", "serde_with", @@ -1006,16 +976,17 @@ dependencies = [ ] [[package]] -name = "hyper-tls" -version = "0.5.0" +name = "hyper-rustls" +version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" +checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590" dependencies = [ - "bytes", + "futures-util", + "http 0.2.12", "hyper", - "native-tls", + "rustls 0.21.10", "tokio", - "tokio-native-tls", + "tokio-rustls 0.24.1", ] [[package]] @@ -1233,12 +1204,6 @@ dependencies = [ "pkg-config", ] -[[package]] -name = "linux-raw-sys" -version = "0.4.13" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" - [[package]] name = "lock_api" version = "0.4.11" @@ -1347,24 +1312,6 @@ dependencies = [ "getrandom", ] -[[package]] -name = "native-tls" -version = "0.2.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e" -dependencies = [ - "lazy_static", - "libc", - "log", - "openssl", - "openssl-probe", - "openssl-sys", - "schannel", - "security-framework", - "security-framework-sys", - "tempfile", -] - [[package]] name = "nix" version = "0.26.4" @@ -1421,50 +1368,12 @@ version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" -[[package]] -name = "openssl" -version = "0.10.64" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" -dependencies = [ - "bitflags 2.4.1", - "cfg-if", - "foreign-types", - "libc", - "once_cell", - "openssl-macros", - "openssl-sys", -] - -[[package]] -name = "openssl-macros" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.48", -] - [[package]] name = "openssl-probe" version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" -[[package]] -name = "openssl-sys" -version = "0.9.101" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dda2b0f344e78efc2facf7d195d098df0dd72151b26ab98da807afc26c198dff" -dependencies = [ - "cc", - "libc", - "pkg-config", - "vcpkg", -] - [[package]] name = "owo-colors" version = "3.5.0" @@ -1769,23 +1678,24 @@ dependencies = [ "http 0.2.12", "http-body", "hyper", - "hyper-tls", + "hyper-rustls", "ipnet", "js-sys", "log", "mime", - "native-tls", "once_cell", "percent-encoding", "pin-project-lite", - "rustls-pemfile", + "rustls 0.21.10", + "rustls-native-certs 0.6.3", + "rustls-pemfile 1.0.4", "serde", "serde_json", "serde_urlencoded", "sync_wrapper", "system-configuration", "tokio", - "tokio-native-tls", + "tokio-rustls 0.24.1", "tower-service", "url", "wasm-bindgen", @@ -1859,12 +1769,12 @@ dependencies = [ "flume", "futures-util", "log", - "rustls-native-certs", - "rustls-pemfile", - "rustls-webpki", + "rustls-native-certs 0.6.3", + "rustls-pemfile 1.0.4", + "rustls-webpki 0.101.7", "thiserror", "tokio", - "tokio-rustls", + "tokio-rustls 0.24.1", ] [[package]] @@ -1888,19 +1798,6 @@ dependencies = [ "semver", ] -[[package]] -name = "rustix" -version = "0.38.28" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72e572a5e8ca657d7366229cdde4bd14c4eb5499a9573d4d366fe1b599daa316" -dependencies = [ - "bitflags 2.4.1", - "errno", - "libc", - "linux-raw-sys", - "windows-sys 0.52.0", -] - [[package]] name = "rustls" version = "0.21.10" @@ -1909,10 +1806,24 @@ checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" dependencies = [ "log", "ring", - "rustls-webpki", + "rustls-webpki 0.101.7", "sct", ] +[[package]] +name = "rustls" +version = "0.22.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e87c9956bd9807afa1f77e0f7594af32566e830e088a5576d27c5b6f30f49d41" +dependencies = [ + "log", + "ring", + "rustls-pki-types", + "rustls-webpki 0.102.2", + "subtle", + "zeroize", +] + [[package]] name = "rustls-native-certs" version = "0.6.3" @@ -1920,7 +1831,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00" dependencies = [ "openssl-probe", - "rustls-pemfile", + "rustls-pemfile 1.0.4", + "schannel", + "security-framework", +] + +[[package]] +name = "rustls-native-certs" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f1fb85efa936c42c6d5fc28d2629bb51e4b2f4b8a5211e297d599cc5a093792" +dependencies = [ + "openssl-probe", + "rustls-pemfile 2.1.1", + "rustls-pki-types", "schannel", "security-framework", ] @@ -1934,6 +1858,22 @@ dependencies = [ "base64", ] +[[package]] +name = "rustls-pemfile" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f48172685e6ff52a556baa527774f61fcaa884f59daf3375c62a3f1cd2549dab" +dependencies = [ + "base64", + "rustls-pki-types", +] + +[[package]] +name = "rustls-pki-types" +version = "1.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ede67b28608b4c60685c7d54122d4400d90f62b40caee7700e700380a390fa8" + [[package]] name = "rustls-webpki" version = "0.101.7" @@ -1944,6 +1884,17 @@ dependencies = [ "untrusted", ] +[[package]] +name = "rustls-webpki" +version = "0.102.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" +dependencies = [ + "ring", + "rustls-pki-types", + "untrusted", +] + [[package]] name = "rustybuzz" version = "0.11.0" @@ -2327,6 +2278,12 @@ dependencies = [ "syn 2.0.48", ] +[[package]] +name = "subtle" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" + [[package]] name = "svgtypes" version = "0.13.0" @@ -2405,19 +2362,6 @@ dependencies = [ "libc", ] -[[package]] -name = "tempfile" -version = "3.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa" -dependencies = [ - "cfg-if", - "fastrand", - "redox_syscall", - "rustix", - "windows-sys 0.52.0", -] - [[package]] name = "thiserror" version = "1.0.56" @@ -2562,23 +2506,24 @@ dependencies = [ "syn 2.0.48", ] -[[package]] -name = "tokio-native-tls" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" -dependencies = [ - "native-tls", - "tokio", -] - [[package]] name = "tokio-rustls" version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" dependencies = [ - "rustls", + "rustls 0.21.10", + "tokio", +] + +[[package]] +name = "tokio-rustls" +version = "0.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f" +dependencies = [ + "rustls 0.22.2", + "rustls-pki-types", "tokio", ] @@ -2601,9 +2546,11 @@ checksum = "c83b561d025642014097b66e6c1bb422783339e0909e4429cde4749d1990bc38" dependencies = [ "futures-util", "log", - "native-tls", + "rustls 0.22.2", + "rustls-native-certs 0.7.0", + "rustls-pki-types", "tokio", - "tokio-native-tls", + "tokio-rustls 0.25.0", "tungstenite", ] @@ -2732,8 +2679,9 @@ dependencies = [ "http 1.1.0", "httparse", "log", - "native-tls", "rand", + "rustls 0.22.2", + "rustls-pki-types", "sha1", "thiserror", "url", @@ -2915,12 +2863,6 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" -[[package]] -name = "vcpkg" -version = "0.2.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" - [[package]] name = "version_check" version = "0.9.4" @@ -3248,3 +3190,9 @@ name = "zeno" version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dd15f8e0dbb966fd9245e7498c7e9e5055d9e5c8b676b95bd67091cd11a1e697" + +[[package]] +name = "zeroize" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" diff --git a/handlers/home_assistant/Cargo.toml b/handlers/home_assistant/Cargo.toml index dfc4224..e83a205 100644 --- a/handlers/home_assistant/Cargo.toml +++ b/handlers/home_assistant/Cargo.toml @@ -12,11 +12,14 @@ log = "0.4.20" tokio = { version = "1.35.1", features = ["macros", "parking_lot", "rt", "sync"] } serde = { version = "1.0.196", features = ["derive"] } serde_json = "1.0.114" -reqwest = "0.11.24" +reqwest = { version = "0.11.24", default-features = false, features = ["rustls-tls-native-roots"] } url = { version = "2.5.0", features = ["serde"] } -tokio-tungstenite = { version = "0.21.0", features = ["native-tls"] } +tokio-tungstenite = { version = "0.21.0", features = ["rustls-tls-native-roots"] } tokio-stream = "0.1.14" futures-util = "0.3.30" -native-tls = "0.2.11" parse-display = "0.9.0" -serde_with = "3.6.1" \ No newline at end of file +serde_with = "3.6.1" + +# same as tokio-tungstenite +rustls = "0.22.0" +rustls-native-certs = "0.7.0" \ No newline at end of file diff --git a/handlers/home_assistant/src/ha_client.rs b/handlers/home_assistant/src/ha_client.rs index 20c6a2b..28406e7 100644 --- a/handlers/home_assistant/src/ha_client.rs +++ b/handlers/home_assistant/src/ha_client.rs @@ -1,6 +1,5 @@ use futures_util::SinkExt; -use native_tls::TlsConnector; -use parse_display::{Display, FromStr}; +use parse_display::{Display, FromStr, IntoResult}; use reqwest::header::{HeaderMap, HeaderValue}; use serde::{Deserialize, Serialize}; use serde_json::json; @@ -62,12 +61,12 @@ impl HaClient { let state_updates_sender = broadcast::Sender::::new(min(subscribed_entity_ids.len(), 16)); let state_timestamp_by_entity_id = subscribed_entity_ids.iter().map(|i| (i.clone(), "".to_owned().into_boxed_str())).collect(); - let tls_connector = TlsConnector::builder().danger_accept_invalid_certs(accept_invalid_certs).build().unwrap(); + let rustls_config = rustls::ClientConfig::builder().with_root_certificates(); tokio::spawn(do_work( base_url.clone(), token, - tls_connector, + Arc::new(rustls_config), state_updates_sender.clone(), http_client.clone(), state_timestamp_by_entity_id, @@ -124,7 +123,7 @@ impl HaClient { async fn do_work( base_url: Url, token: Box, - tls_connector: TlsConnector, + rustls_config: Arc, state_updates_sender: broadcast::Sender, http_client: reqwest::Client, state_timestamp_by_entity_id: HashMap>, @@ -142,7 +141,7 @@ async fn do_work( loop { let connection_result = - tokio_tungstenite::connect_async_tls_with_config(&websocket_url, None, false, Some(Connector::NativeTls(tls_connector.clone()))).await; + tokio_tungstenite::connect_async_tls_with_config(&websocket_url, None, false, Some(Connector::Rustls(Arc::clone(&rustls_config)))).await; match connection_result { Err(tungstenite::Error::Io(error)) => { diff --git a/handlers/home_assistant/src/main.rs b/handlers/home_assistant/src/main.rs index 7c86e09..6ef67d1 100644 --- a/handlers/home_assistant/src/main.rs +++ b/handlers/home_assistant/src/main.rs @@ -6,6 +6,7 @@ use crate::handler::Handler; mod config; mod ha_client; mod handler; +mod tls; mod util; #[derive(Debug, Parser)] diff --git a/handlers/home_assistant/src/tls.rs b/handlers/home_assistant/src/tls.rs new file mode 100644 index 0000000..6902ca1 --- /dev/null +++ b/handlers/home_assistant/src/tls.rs @@ -0,0 +1,44 @@ +use rustls::client::danger::ServerCertVerifier; +use rustls::{ClientConfig, RootCertStore, SignatureScheme}; +use std::sync::Arc; + +// tokio-tungstenite does not provide a way to allow invalid certs. +// Because of that, we need to build our own rustls config. +pub fn get_rustls_client_config() -> Arc { + let mut root_store = RootCertStore::empty(); + let native_certs = rustls_native_certs::load_native_certs().unwrap(); + _ = root_store.add_parsable_certificates(native_certs); + + let mut config = ClientConfig::builder().with_root_certificates(root_store).with_no_client_auth(); + + config.dangerous().set_certificate_verifier(Arc::new(NoVerifier)); + + Arc::new(config) +} + +pub struct NoVerifier; + +impl ServerCertVerifier for NoVerifier { + fn supported_verify_schemes(&self) -> Vec { + todo!() + } + fn verify_server_cert( + &self, + _end_entity: &rustls::Certificate, + _intermediates: &[rustls::Certificate], + _server_name: &ServerName, + _scts: &mut dyn Iterator, + _ocsp_response: &[u8], + _now: std::time::SystemTime, + ) -> Result { + Ok(ServerCertVerified::assertion()) + } + + fn verify_tls12_signature(&self, _message: &[u8], _cert: &rustls::Certificate, _dss: &DigitallySignedStruct) -> Result { + Ok(HandshakeSignatureValid::assertion()) + } + + fn verify_tls13_signature(&self, _message: &[u8], _cert: &rustls::Certificate, _dss: &DigitallySignedStruct) -> Result { + Ok(HandshakeSignatureValid::assertion()) + } +}