rust/greptimedb
1
0
Fork 0
mirror of https://github.com/GreptimeTeam/greptimedb.git synced 2025-12-25 23:49:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: upgrade rustls library family, opensrv-mysql and pgwire (#2927)

Browse Source 
* feat: deps up

* fmt: toml format
This commit is contained in:
Ning Sun
2023-12-14 13:56:39 +08:00
committed by GitHub
parent 181e16a11a
commit 39f80876cd
5 changed files with 171 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

148
Cargo.lock generated
View File

@@ -247,6 +247,12 @@ version = "1.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bddcadddf5e9015d310179a59bb28c4d4b9920ad0f11e8e14dbadf654890c9a6" checksum = "bddcadddf5e9015d310179a59bb28c4d4b9920ad0f11e8e14dbadf654890c9a6"
[[package]]
name = "array-init"
version = "2.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3d62b7694a562cdf5a74227903507c56ab2cc8bdd1f781ed5cb4cf9c9f810bfc"
[[package]] [[package]]
name = "arrayref" name = "arrayref"
version = "0.3.7" version = "0.3.7"
@@ -1449,7 +1455,7 @@ dependencies = [
"datafusion", "datafusion",
"datanode", "datanode",
"datatypes", "datatypes",
"derive-new", "derive-new 0.5.9",
"derive_builder 0.12.0", "derive_builder 0.12.0",
"enum_dispatch", "enum_dispatch",
"futures-util", "futures-util",
@@ -2731,6 +2737,17 @@ dependencies = [
"syn 1.0.109", "syn 1.0.109",
] ]
[[package]]
name = "derive-new"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d150dea618e920167e5973d70ae6ece4385b7164e0d799fe7c122dd0a5d912ad"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.39",
]
[[package]] [[package]]
name = "derive_builder" name = "derive_builder"
version = "0.11.2" version = "0.11.2"
@@ -5012,7 +5029,7 @@ dependencies = [
"pin-project", "pin-project",
"rand", "rand",
"rustls 0.21.9", "rustls 0.21.9",
"rustls-pemfile", "rustls-pemfile 1.0.4",
"serde", "serde",
"serde_json", "serde_json",
"socket2 0.5.5", "socket2 0.5.5",
@@ -5440,9 +5457,9 @@ dependencies = [
[[package]] [[package]]
name = "opensrv-mysql" name = "opensrv-mysql"
version = "0.5.0" version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "208bfa36c4b4a8d6ac90eda62e34efa66f7e692df91bd3626bc47329844a86b1" checksum = "a6b6a785aafb26a97c26078b9457e96cb238b386781583783a3a3d3de47fa841"
dependencies = [ dependencies = [
"async-trait", "async-trait",
"byteorder", "byteorder",
@@ -5451,7 +5468,7 @@ dependencies = [
"nom", "nom",
"pin-project-lite", "pin-project-lite",
"tokio", "tokio",
"tokio-rustls 0.24.1", "tokio-rustls 0.25.0",
] ]
[[package]] [[package]]
@@ -5902,16 +5919,6 @@ dependencies = [
"base64 0.13.1", "base64 0.13.1",
] ]
[[package]]
name = "pem"
version = "2.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6b13fe415cdf3c8e44518e18a7c95a13431d9bdf6d15367d82b23c377fdd441a"
dependencies = [
"base64 0.21.5",
"serde",
]
[[package]] [[package]]
name = "pem" name = "pem"
version = "3.0.2" version = "3.0.2"
@@ -6003,15 +6010,15 @@ dependencies = [
[[package]] [[package]]
name = "pgwire" name = "pgwire"
version = "0.16.1" version = "0.17.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "06d04982366efd653d4365175426acbabd55efb07231869e92b9e1f5b3faf7df" checksum = "7f7f181d085a224ff2b2ea46bd2066b487b87e83dabbcdfe60bf3f027f5d0593"
dependencies = [ dependencies = [
"async-trait", "async-trait",
"base64 0.21.5", "base64 0.21.5",
"bytes", "bytes",
"chrono", "chrono",
"derive-new", "derive-new 0.6.0",
"futures", "futures",
"getset", "getset",
"hex", "hex",
@@ -6019,12 +6026,12 @@ dependencies = [
"md5", "md5",
"postgres-types", "postgres-types",
"rand", "rand",
"ring 0.16.20", "ring 0.17.5",
"stringprep", "stringprep",
"thiserror", "thiserror",
"time", "time",
"tokio", "tokio",
"tokio-rustls 0.24.1", "tokio-rustls 0.25.0",
"tokio-util", "tokio-util",
"x509-certificate", "x509-certificate",
] ]
@@ -6239,6 +6246,7 @@ version = "0.2.6"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8d2234cdee9408b523530a9b6d2d6b373d1db34f6a8e51dc03ded1828d7fb67c" checksum = "8d2234cdee9408b523530a9b6d2d6b373d1db34f6a8e51dc03ded1828d7fb67c"
dependencies = [ dependencies = [
"array-init",
"bytes", "bytes",
"chrono", "chrono",
"fallible-iterator", "fallible-iterator",
@@ -7158,7 +7166,7 @@ dependencies = [
"pin-project-lite", "pin-project-lite",
"rustls 0.21.9", "rustls 0.21.9",
"rustls-native-certs", "rustls-native-certs",
"rustls-pemfile", "rustls-pemfile 1.0.4",
"serde", "serde",
"serde_json", "serde_json",
"serde_urlencoded", "serde_urlencoded",
@@ -7530,10 +7538,24 @@ checksum = "629648aced5775d558af50b2b4c7b02983a04b312126d45eeead26e7caa498b9"
dependencies = [ dependencies = [
"log", "log",
"ring 0.17.5", "ring 0.17.5",
"rustls-webpki", "rustls-webpki 0.101.7",
"sct", "sct",
] ]
[[package]]
name = "rustls"
version = "0.22.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fe6b63262c9fcac8659abfaa96cac103d28166d3ff3eaf8f412e19f3ae9e5a48"
dependencies = [
"log",
"ring 0.17.5",
"rustls-pki-types",
"rustls-webpki 0.102.0",
"subtle",
"zeroize",
]
[[package]] [[package]]
name = "rustls-native-certs" name = "rustls-native-certs"
version = "0.6.3" version = "0.6.3"
@@ -7541,7 +7563,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00" checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00"
dependencies = [ dependencies = [
"openssl-probe", "openssl-probe",
"rustls-pemfile", "rustls-pemfile 1.0.4",
"schannel", "schannel",
"security-framework", "security-framework",
] ]
@@ -7555,6 +7577,22 @@ dependencies = [
"base64 0.21.5", "base64 0.21.5",
] ]
[[package]]
name = "rustls-pemfile"
version = "2.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "35e4980fa29e4c4b212ffb3db068a564cbf560e51d3944b7c88bd8bf5bec64f4"
dependencies = [
"base64 0.21.5",
"rustls-pki-types",
]
[[package]]
name = "rustls-pki-types"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e7673e0aa20ee4937c6aacfc12bb8341cfbf054cdd21df6bec5fd0629fe9339b"
[[package]] [[package]]
name = "rustls-webpki" name = "rustls-webpki"
version = "0.101.7" version = "0.101.7"
@@ -7565,6 +7603,17 @@ dependencies = [
"untrusted 0.9.0", "untrusted 0.9.0",
] ]
[[package]]
name = "rustls-webpki"
version = "0.102.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "de2635c8bc2b88d367767c5de8ea1d8db9af3f6219eba28442242d9ab81d1b89"
dependencies = [
"ring 0.17.5",
"rustls-pki-types",
"untrusted 0.9.0",
]
[[package]] [[package]]
name = "rustpython-ast" name = "rustpython-ast"
version = "0.2.0" version = "0.2.0"
@@ -8349,8 +8398,9 @@ dependencies = [
"rand", "rand",
"regex", "regex",
"rust-embed", "rust-embed",
"rustls 0.21.9", "rustls 0.22.1",
"rustls-pemfile", "rustls-pemfile 2.0.0",
"rustls-pki-types",
"schemars", "schemars",
"script", "script",
"secrecy", "secrecy",
@@ -8367,7 +8417,7 @@ dependencies = [
"tokio", "tokio",
"tokio-postgres", "tokio-postgres",
"tokio-postgres-rustls", "tokio-postgres-rustls",
"tokio-rustls 0.24.1", "tokio-rustls 0.25.0",
"tokio-stream", "tokio-stream",
"tokio-test", "tokio-test",
"tonic 0.10.2", "tonic 0.10.2",
@@ -8804,7 +8854,7 @@ dependencies = [
"rand", "rand",
"rsa 0.6.1", "rsa 0.6.1",
"rustls 0.20.9", "rustls 0.20.9",
"rustls-pemfile", "rustls-pemfile 1.0.4",
"serde", "serde",
"serde_json", "serde_json",
"sha1", "sha1",
@@ -9606,15 +9656,15 @@ dependencies = [
[[package]] [[package]]
name = "tokio-postgres-rustls" name = "tokio-postgres-rustls"
version = "0.10.0" version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "git+https://github.com/ol-teuto/tokio-postgres-rustls.git?branch=rustls-update#d78fad4c4ece18ec51b9d139101285f8ad3b8024"
checksum = "dd5831152cb0d3f79ef5523b357319ba154795d64c7078b2daa95a803b54057f"
dependencies = [ dependencies = [
"futures", "futures",
"ring 0.16.20", "ring 0.16.20",
"rustls 0.21.9", "rustls 0.22.1",
"rustls-pki-types",
"tokio", "tokio",
"tokio-postgres", "tokio-postgres",
"tokio-rustls 0.24.1", "tokio-rustls 0.25.0",
] ]
[[package]] [[package]]
@@ -9638,6 +9688,17 @@ dependencies = [
"tokio", "tokio",
] ]
[[package]]
name = "tokio-rustls"
version = "0.25.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f"
dependencies = [
"rustls 0.22.1",
"rustls-pki-types",
"tokio",
]
[[package]] [[package]]
name = "tokio-stream" name = "tokio-stream"
version = "0.1.14" version = "0.1.14"
@@ -9779,7 +9840,7 @@ dependencies = [
"pin-project", "pin-project",
"prost 0.12.2", "prost 0.12.2",
"rustls 0.21.9", "rustls 0.21.9",
"rustls-pemfile", "rustls-pemfile 1.0.4",
"tokio", "tokio",
"tokio-rustls 0.24.1", "tokio-rustls 0.24.1",
"tokio-stream", "tokio-stream",
@@ -10894,20 +10955,21 @@ dependencies = [
[[package]] [[package]]
name = "x509-certificate" name = "x509-certificate"
version = "0.21.0" version = "0.23.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5e5d27c90840e84503cf44364de338794d5d5680bdd1da6272d13f80b0769ee0" checksum = "66534846dec7a11d7c50a74b7cdb208b9a581cad890b7866430d438455847c85"
dependencies = [ dependencies = [
"bcder", "bcder",
"bytes", "bytes",
"chrono", "chrono",
"der 0.7.8", "der 0.7.8",
"hex", "hex",
"pem 2.0.1", "pem 3.0.2",
"ring 0.16.20", "ring 0.17.5",
"signature", "signature",
"spki 0.7.2", "spki 0.7.2",
"thiserror", "thiserror",
"zeroize",
] ]
[[package]] [[package]]
@@ -10959,6 +11021,20 @@ name = "zeroize"
version = "1.7.0" version = "1.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d"
dependencies = [
"zeroize_derive",
]
[[package]]
name = "zeroize_derive"
version = "1.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.39",
]
[[package]] [[package]]
name = "zigzag" name = "zigzag"

14
src/servers/Cargo.toml
View File

@@ -54,10 +54,10 @@ lazy_static.workspace = true
mime_guess = "2.0" mime_guess = "2.0"
once_cell.workspace = true once_cell.workspace = true
openmetrics-parser = "0.4" openmetrics-parser = "0.4"
opensrv-mysql = "0.5" opensrv-mysql = "0.6"
opentelemetry-proto.workspace = true opentelemetry-proto.workspace = true
parking_lot = "0.12" parking_lot = "0.12"
pgwire = "0.16" pgwire = "0.17"
pin-project = "1.0" pin-project = "1.0"
postgres-types = { version = "0.2", features = ["with-chrono-0_4"] } postgres-types = { version = "0.2", features = ["with-chrono-0_4"] }
pprof = { version = "0.13", features = [ pprof = { version = "0.13", features = [
@@ -72,8 +72,9 @@ query.workspace = true
rand.workspace = true rand.workspace = true
regex.workspace = true regex.workspace = true
rust-embed = { version = "6.6", features = ["debug-embed"] } rust-embed = { version = "6.6", features = ["debug-embed"] }
rustls = "0.21" rustls = "0.22"
rustls-pemfile = "1.0" rustls-pemfile = "2.0"
rustls-pki-types = "1.0"
schemars = "0.8" schemars = "0.8"
secrecy = { version = "0.8", features = ["serde", "alloc"] } secrecy = { version = "0.8", features = ["serde", "alloc"] }
serde.workspace = true serde.workspace = true
@@ -85,7 +86,7 @@ snap = "1"
sql.workspace = true sql.workspace = true
strum.workspace = true strum.workspace = true
table.workspace = true table.workspace = true
tokio-rustls = "0.24" tokio-rustls = "0.25"
tokio-stream = { workspace = true, features = ["net"] } tokio-stream = { workspace = true, features = ["net"] }
tokio.workspace = true tokio.workspace = true
tonic-reflection = "0.10" tonic-reflection = "0.10"
@@ -108,13 +109,12 @@ mysql_async = { version = "0.33", default-features = false, features = [
"default-rustls", "default-rustls",
] } ] }
rand.workspace = true rand.workspace = true
rustls = { version = "0.21", features = ["dangerous_configuration"] }
script = { workspace = true, features = ["python"] } script = { workspace = true, features = ["python"] }
serde_json = "1.0" serde_json = "1.0"
session = { workspace = true, features = ["testing"] } session = { workspace = true, features = ["testing"] }
table.workspace = true table.workspace = true
tokio-postgres = "0.7" tokio-postgres = "0.7"
tokio-postgres-rustls = "0.10" tokio-postgres-rustls = { git = "https://github.com/ol-teuto/tokio-postgres-rustls.git", branch = "rustls-update" }
tokio-test = "0.4" tokio-test = "0.4"
[build-dependencies] [build-dependencies]

6
src/servers/src/postgres/handler.rs
View File

@@ -41,7 +41,11 @@ use crate::SqlPlan;
#[async_trait] #[async_trait]
impl SimpleQueryHandler for PostgresServerHandler { impl SimpleQueryHandler for PostgresServerHandler {
async fn do_query<'a, C>(&self, _client: &C, query: &'a str) -> PgWireResult<Vec<Response<'a>>> async fn do_query<'a, C>(
&self,
_client: &mut C,
query: &'a str,
) -> PgWireResult<Vec<Response<'a>>>
where where
C: ClientInfo + Unpin + Send + Sync, C: ClientInfo + Unpin + Send + Sync,
{ {

17
src/servers/src/tls.rs
View File

@@ -15,8 +15,9 @@
use std::fs::File; use std::fs::File;
use std::io::{BufReader, Error, ErrorKind}; use std::io::{BufReader, Error, ErrorKind};
use rustls::{Certificate, PrivateKey, ServerConfig}; use rustls::ServerConfig;
use rustls_pemfile::{certs, pkcs8_private_keys, rsa_private_keys}; use rustls_pemfile::{certs, pkcs8_private_keys, rsa_private_keys};
use rustls_pki_types::{CertificateDer, PrivateKeyDer};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use strum::EnumString; use strum::EnumString;
@@ -77,19 +78,20 @@ impl TlsOption {
return Ok(None); return Ok(None);
} }
let cert = certs(&mut BufReader::new(File::open(&self.cert_path)?)) let cert = certs(&mut BufReader::new(File::open(&self.cert_path)?))
.map_err(|_| Error::new(ErrorKind::InvalidInput, "invalid cert")) .collect::<Result<Vec<CertificateDer>, Error>>()?;
.map(|mut certs| certs.drain(..).map(Certificate).collect())?;
let key = { let key = {
let mut pkcs8 = pkcs8_private_keys(&mut BufReader::new(File::open(&self.key_path)?)) let mut pkcs8 = pkcs8_private_keys(&mut BufReader::new(File::open(&self.key_path)?))
.map_err(|_| Error::new(ErrorKind::InvalidInput, "invalid key"))?; .map(|key| key.map(PrivateKeyDer::from))
.collect::<Result<Vec<PrivateKeyDer>, Error>>()?;
if !pkcs8.is_empty() { if !pkcs8.is_empty() {
PrivateKey(pkcs8.remove(0)) pkcs8.remove(0)
} else { } else {
let mut rsa = rsa_private_keys(&mut BufReader::new(File::open(&self.key_path)?)) let mut rsa = rsa_private_keys(&mut BufReader::new(File::open(&self.key_path)?))
.map_err(|_| Error::new(ErrorKind::InvalidInput, "invalid key"))?; .map(|key| key.map(PrivateKeyDer::from))
.collect::<Result<Vec<PrivateKeyDer>, Error>>()?;
if !rsa.is_empty() { if !rsa.is_empty() {
PrivateKey(rsa.remove(0)) rsa.remove(0)
} else { } else {
return Err(Error::new(ErrorKind::InvalidInput, "invalid key")); return Err(Error::new(ErrorKind::InvalidInput, "invalid key"));
} }
@@ -98,7 +100,6 @@ impl TlsOption {
// TODO(SSebo): with_client_cert_verifier if TlsMode is Required. // TODO(SSebo): with_client_cert_verifier if TlsMode is Required.
let config = ServerConfig::builder() let config = ServerConfig::builder()
.with_safe_defaults()
.with_no_client_auth() .with_no_client_auth()
.with_single_cert(cert, key) .with_single_cert(cert, key)
.map_err(|err| std::io::Error::new(ErrorKind::InvalidInput, err))?; .map_err(|err| std::io::Error::new(ErrorKind::InvalidInput, err))?;

47
src/servers/tests/postgres/mod.rs
View File

@@ -14,7 +14,7 @@
use std::net::SocketAddr; use std::net::SocketAddr;
use std::sync::Arc; use std::sync::Arc;
use std::time::{Duration, SystemTime}; use std::time::Duration;
use auth::tests::{DatabaseAuthInfo, MockUserProvider}; use auth::tests::{DatabaseAuthInfo, MockUserProvider};
use auth::UserProviderRef; use auth::UserProviderRef;
@@ -23,8 +23,9 @@ use common_runtime::Builder as RuntimeBuilder;
use pgwire::api::Type; use pgwire::api::Type;
use rand::rngs::StdRng; use rand::rngs::StdRng;
use rand::Rng; use rand::Rng;
use rustls::client::{ServerCertVerified, ServerCertVerifier}; use rustls::client::danger::{ServerCertVerified, ServerCertVerifier};
use rustls::{Certificate, Error, ServerName}; use rustls::{Error, SignatureScheme};
use rustls_pki_types::{CertificateDer, ServerName};
use servers::error::Result; use servers::error::Result;
use servers::postgres::PostgresServer; use servers::postgres::PostgresServer;
use servers::server::Server; use servers::server::Server;
@@ -386,7 +387,6 @@ async fn create_secure_connection(
}; };
let mut config = rustls::ClientConfig::builder() let mut config = rustls::ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(rustls::RootCertStore::empty()) .with_root_certificates(rustls::RootCertStore::empty())
.with_no_client_auth(); .with_no_client_auth();
config config
@@ -455,16 +455,45 @@ fn unwrap_results(resp: &[SimpleQueryMessage]) -> Vec<&str> {
resp.iter().filter_map(|m| resolve_result(m, 0)).collect() resp.iter().filter_map(|m| resolve_result(m, 0)).collect()
} }
#[derive(Debug)]
struct AcceptAllVerifier {} struct AcceptAllVerifier {}
impl ServerCertVerifier for AcceptAllVerifier { impl ServerCertVerifier for AcceptAllVerifier {
fn verify_tls12_signature(
&self,
_message: &[u8],
_cert: &CertificateDer<'_>,
_dss: &rustls::DigitallySignedStruct,
) -> std::result::Result<rustls::client::danger::HandshakeSignatureValid, Error> {
Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
}
fn verify_tls13_signature(
&self,
_message: &[u8],
_cert: &CertificateDer<'_>,
_dss: &rustls::DigitallySignedStruct,
) -> std::result::Result<rustls::client::danger::HandshakeSignatureValid, Error> {
Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
}
fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
vec![
SignatureScheme::ECDSA_NISTP384_SHA384,
SignatureScheme::ECDSA_NISTP256_SHA256,
SignatureScheme::RSA_PSS_SHA512,
SignatureScheme::RSA_PSS_SHA384,
SignatureScheme::RSA_PSS_SHA256,
SignatureScheme::ED25519,
]
}
fn verify_server_cert( fn verify_server_cert(
&self, &self,
_end_entity: &Certificate, _end_entity: &CertificateDer<'_>,
_intermediates: &[Certificate], _intermediates: &[CertificateDer<'_>],
_server_name: &ServerName, _server_name: &ServerName<'_>,
_scts: &mut dyn Iterator<Item = &[u8]>,
_ocsp_response: &[u8], _ocsp_response: &[u8],
_now: SystemTime, _now: rustls_pki_types::UnixTime,
) -> std::result::Result<ServerCertVerified, Error> { ) -> std::result::Result<ServerCertVerified, Error> {
Ok(ServerCertVerified::assertion()) Ok(ServerCertVerified::assertion())
} }