chore(e2e): use rustls instead of openssl

Signed-off-by: Florentin Dubois <florentin.dubois@clever-cloud.com>
sozu-proxy · May 4, 2023 · d5297dd · d5297dd
1 parent 1ec5545
commit d5297dd
Show file tree

Hide file tree

Showing 5 changed files with 234 additions and 153 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/e2e/Cargo.toml b/e2e/Cargo.toml
@@ -7,9 +7,10 @@ edition = "2021"
 futures = "^0.3.28"
 futures-lite = "^1.13.0"
 hyper = { version = "^0.14.26", features = ["client", "http1"] }
-hyper-tls = "0.5.0"
+hyper-rustls = { version = "^0.24.0", default-features = false, features = ["webpki-tokio", "http1", "tls12", "logging"] }
 libc = "^0.2.142"
 mio = "^0.8.6"
+rustls = { version = "^0.21.1", features = ["dangerous_configuration"] }
 serial_test = "^2.0.0"
 slab = "^0.4.8"
 sozu-command-lib = { path = "../command" }

diff --git a/e2e/src/mock/https_client.rs b/e2e/src/mock/https_client.rs
@@ -1,20 +1,48 @@
+use std::{sync::Arc, time::SystemTime};
+
 use hyper::{
     self,
     client::{connect::dns::GaiResolver, HttpConnector, ResponseFuture},
     StatusCode,
 };
-use hyper_tls::HttpsConnector;
+use hyper_rustls::HttpsConnector;
+use rustls::{
+    client::{ClientConfig, ServerCertVerified, ServerCertVerifier},
+    Certificate, ServerName,
+};
+
+// We implement our own verifier to allow self-signed certificates
+#[derive(PartialEq, Eq, Clone, Debug)]
+pub struct Verifier;
+
+impl ServerCertVerifier for Verifier {
+    fn verify_server_cert(
+        &self,
+        _end_entity: &Certificate,
+        _intermediates: &[Certificate],
+        _server_name: &ServerName,
+        _scts: &mut dyn Iterator<Item = &[u8]>,
+        _ocsp_response: &[u8],
+        _now: SystemTime,
+    ) -> Result<ServerCertVerified, rustls::Error> {
+        Ok(ServerCertVerified::assertion())
+    }
+}
 
 /// Build a Hyper HTTP Client that supports TLS and self signed certificates
 pub fn build_https_client() -> hyper::Client<HttpsConnector<HttpConnector<GaiResolver>>, hyper::Body>
 {
-    let mut http = HttpConnector::new();
-    http.enforce_http(false);
-    let tls = hyper_tls::native_tls::TlsConnector::builder()
-        .danger_accept_invalid_certs(true)
-        .build()
-        .expect("Could not build TlsConnector");
-    let https = HttpsConnector::from((http, tls.into()));
+    let config = ClientConfig::builder()
+        .with_safe_defaults()
+        .with_custom_certificate_verifier(Arc::new(Verifier))
+        .with_no_client_auth();
+
+    let https = hyper_rustls::HttpsConnectorBuilder::new()
+        .with_tls_config(config)
+        .https_or_http()
+        .enable_http1()
+        .build();
+
     hyper::Client::builder().build::<_, hyper::Body>(https)
 }