Add example client

rustls · Mar 13, 2024 · 62e154c · 62e154c
1 parent 092f3b5
commit 62e154c
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 5 deletions.
diff --git a/.github/workflows/daily-tests.yml b/.github/workflows/daily-tests.yml
@@ -118,6 +118,9 @@ jobs:
       - name: Check provider-example client
         run: cargo run --locked -p rustls-provider-example --example client
 
+      - name: Check rustls-post-quantum client
+        run: cargo run --locked -p rustls-post-quantum --example client | grep 'kex=X25519Kyber768Draft00'
+
 
   feature-powerset:
     name: Feature Powerset

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/examples/src/bin/simpleclient.rs b/examples/src/bin/simpleclient.rs
@@ -15,11 +15,9 @@ use std::sync::Arc;
 use rustls::RootCertStore;
 
 fn main() {
-    let root_store = RootCertStore::from_iter(
-        webpki_roots::TLS_SERVER_ROOTS
-            .iter()
-            .cloned(),
-    );
+    let root_store = RootCertStore {
+        roots: webpki_roots::TLS_SERVER_ROOTS.into(),
+    };
     let mut config = rustls::ClientConfig::builder()
         .with_root_certificates(root_store)
         .with_no_client_auth();

diff --git a/rustls-post-quantum/Cargo.toml b/rustls-post-quantum/Cargo.toml
@@ -7,3 +7,7 @@ publish = false
 [dependencies]
 rustls = { path = "../rustls", features = ["aws_lc_rs"] }
 aws-lc-rs = { version = "1.6", features = ["unstable"], default-features = false }
+
+[dev-dependencies]
+env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features)
+webpki-roots = "0.26"
diff --git a/rustls-post-quantum/examples/client.rs b/rustls-post-quantum/examples/client.rs
@@ -0,0 +1,58 @@
+//! This is the simplest possible client using rustls-postquantum, based on
+//! `simpleclient.rs`.
+//!
+//! It sends a HTTP request to pq.cloudflareresearch.com and prints the response to
+//! stdout.  Observe in that output: `kex=X25519Kyber768Draft00`
+//!
+//! Note that `unwrap()` is used to deal with networking errors; this is not something
+//! that is sensible outside of example code.
+
+use std::io::{stdout, Read, Write};
+use std::net::TcpStream;
+use std::sync::Arc;
+
+fn main() {
+    env_logger::init();
+    rustls_post_quantum::provider()
+        .install_default()
+        .unwrap();
+
+    let root_store = rustls::RootCertStore {
+        roots: webpki_roots::TLS_SERVER_ROOTS.into(),
+    };
+
+    let config = rustls::ClientConfig::builder()
+        .with_root_certificates(root_store)
+        .with_no_client_auth();
+
+    let server_name = "pq.cloudflareresearch.com"
+        .try_into()
+        .unwrap();
+    let mut conn = rustls::ClientConnection::new(Arc::new(config), server_name).unwrap();
+    let mut sock = TcpStream::connect("pq.cloudflareresearch.com:443").unwrap();
+    let mut tls = rustls::Stream::new(&mut conn, &mut sock);
+    tls.write_all(
+        concat!(
+            "GET /cdn-cgi/trace HTTP/1.0\r\n",
+            "Host: pq.cloudflareresearch.com\r\n",
+            "Connection: close\r\n",
+            "Accept-Encoding: identity\r\n",
+            "\r\n"
+        )
+        .as_bytes(),
+    )
+    .unwrap();
+    let ciphersuite = tls
+        .conn
+        .negotiated_cipher_suite()
+        .unwrap();
+    writeln!(
+        &mut std::io::stderr(),
+        "Current ciphersuite: {:?}",
+        ciphersuite.suite()
+    )
+    .unwrap();
+    let mut plaintext = Vec::new();
+    tls.read_to_end(&mut plaintext).unwrap();
+    stdout().write_all(&plaintext).unwrap();
+}