From 460d2f3c2a3e94b681f5253c805f55ae9616af06 Mon Sep 17 00:00:00 2001 From: link2xt Date: Sat, 9 Nov 2024 20:54:06 +0000 Subject: [PATCH] refactor: pass ALPN around as &str --- src/imap/client.rs | 10 +++++----- src/net.rs | 2 +- src/net/http.rs | 4 ++-- src/net/proxy.rs | 2 +- src/net/tls.rs | 17 +++++++++++++---- src/smtp/connect.rs | 12 ++++++------ 6 files changed, 28 insertions(+), 19 deletions(-) diff --git a/src/imap/client.rs b/src/imap/client.rs index 84d123da9..6a6b14f97 100644 --- a/src/imap/client.rs +++ b/src/imap/client.rs @@ -37,12 +37,12 @@ impl DerefMut for Client { } /// Converts port number to ALPN list. -fn alpn(port: u16) -> &'static [&'static str] { +fn alpn(port: u16) -> &'static str { if port == 993 { // Do not request ALPN on standard port. - &[] + "" } else { - &["imap"] + "imap" } } @@ -262,7 +262,7 @@ impl Client { let buffered_tcp_stream = client.into_inner(); let tcp_stream = buffered_tcp_stream.into_inner(); - let tls_stream = wrap_tls(strict_tls, host, &[], tcp_stream) + let tls_stream = wrap_tls(strict_tls, host, "", tcp_stream) .await .context("STARTTLS upgrade failed")?; let buffered_stream = BufWriter::new(tls_stream); @@ -334,7 +334,7 @@ impl Client { let buffered_proxy_stream = client.into_inner(); let proxy_stream = buffered_proxy_stream.into_inner(); - let tls_stream = wrap_tls(strict_tls, hostname, &[], proxy_stream) + let tls_stream = wrap_tls(strict_tls, hostname, "", proxy_stream) .await .context("STARTTLS upgrade failed")?; let buffered_stream = BufWriter::new(tls_stream); diff --git a/src/net.rs b/src/net.rs index 01bd8ed9b..5830677cc 100644 --- a/src/net.rs +++ b/src/net.rs @@ -127,7 +127,7 @@ pub(crate) async fn connect_tls_inner( addr: SocketAddr, host: &str, strict_tls: bool, - alpn: &[&str], + alpn: &str, ) -> Result { let tcp_stream = connect_tcp_inner(addr).await?; let tls_stream = wrap_tls(strict_tls, host, alpn, tcp_stream).await?; diff --git a/src/net/http.rs b/src/net/http.rs index 4d09b68de..ff8212af8 100644 --- a/src/net/http.rs +++ b/src/net/http.rs @@ -76,11 +76,11 @@ where let proxy_stream = proxy_config .connect(context, host, port, load_cache) .await?; - let tls_stream = wrap_rustls(host, &[], proxy_stream).await?; + let tls_stream = wrap_rustls(host, "", proxy_stream).await?; Box::new(tls_stream) } else { let tcp_stream = crate::net::connect_tcp(context, host, port, load_cache).await?; - let tls_stream = wrap_rustls(host, &[], tcp_stream).await?; + let tls_stream = wrap_rustls(host, "", tcp_stream).await?; Box::new(tls_stream) } } diff --git a/src/net/proxy.rs b/src/net/proxy.rs index 0f657b543..14eb3f430 100644 --- a/src/net/proxy.rs +++ b/src/net/proxy.rs @@ -429,7 +429,7 @@ impl ProxyConfig { load_cache, ) .await?; - let tls_stream = wrap_rustls(&https_config.host, &[], tcp_stream).await?; + let tls_stream = wrap_rustls(&https_config.host, "", tcp_stream).await?; let auth = if let Some((username, password)) = &https_config.user_password { Some((username.as_str(), password.as_str())) } else { diff --git a/src/net/tls.rs b/src/net/tls.rs index 94b43233f..b4fe4d544 100644 --- a/src/net/tls.rs +++ b/src/net/tls.rs @@ -8,7 +8,7 @@ use crate::net::session::SessionStream; pub async fn wrap_tls<'a>( strict_tls: bool, hostname: &str, - alpn: &[&str], + alpn: &str, stream: impl SessionStream + 'static, ) -> Result { if strict_tls { @@ -19,9 +19,14 @@ pub async fn wrap_tls<'a>( // We use native_tls because it accepts 1024-bit RSA keys. // Rustls does not support them even if // certificate checks are disabled: . + let alpns = if alpn.is_empty() { + Box::from([]) + } else { + Box::from([alpn]) + }; let tls = async_native_tls::TlsConnector::new() .min_protocol_version(Some(async_native_tls::Protocol::Tlsv12)) - .request_alpns(alpn) + .request_alpns(&alpns) .danger_accept_invalid_hostnames(true) .danger_accept_invalid_certs(true); let tls_stream = tls.connect(hostname, stream).await?; @@ -32,7 +37,7 @@ pub async fn wrap_tls<'a>( pub async fn wrap_rustls<'a>( hostname: &str, - alpn: &[&str], + alpn: &str, stream: impl SessionStream + 'a, ) -> Result { let mut root_cert_store = tokio_rustls::rustls::RootCertStore::empty(); @@ -41,7 +46,11 @@ pub async fn wrap_rustls<'a>( let mut config = tokio_rustls::rustls::ClientConfig::builder() .with_root_certificates(root_cert_store) .with_no_client_auth(); - config.alpn_protocols = alpn.iter().map(|s| s.as_bytes().to_vec()).collect(); + config.alpn_protocols = if alpn.is_empty() { + vec![] + } else { + vec![alpn.as_bytes().to_vec()] + }; let tls = tokio_rustls::TlsConnector::from(Arc::new(config)); let name = rustls_pki_types::ServerName::try_from(hostname)?.to_owned(); diff --git a/src/smtp/connect.rs b/src/smtp/connect.rs index 1910b3de1..c1c93d481 100644 --- a/src/smtp/connect.rs +++ b/src/smtp/connect.rs @@ -19,13 +19,13 @@ use crate::net::{ use crate::oauth2::get_oauth2_access_token; use crate::tools::time; -/// Converts port number to ALPN list. -fn alpn(port: u16) -> &'static [&'static str] { +/// Converts port number to ALPN. +fn alpn(port: u16) -> &'static str { if port == 465 { // Do not request ALPN on standard port. - &[] + "" } else { - &["smtp"] + "smtp" } } @@ -249,7 +249,7 @@ async fn connect_starttls_proxy( skip_smtp_greeting(&mut buffered_stream).await?; let transport = new_smtp_transport(buffered_stream).await?; let tcp_stream = transport.starttls().await?.into_inner(); - let tls_stream = wrap_tls(strict_tls, hostname, &[], tcp_stream) + let tls_stream = wrap_tls(strict_tls, hostname, "", tcp_stream) .await .context("STARTTLS upgrade failed")?; let buffered_stream = BufStream::new(tls_stream); @@ -294,7 +294,7 @@ async fn connect_starttls( skip_smtp_greeting(&mut buffered_stream).await?; let transport = new_smtp_transport(buffered_stream).await?; let tcp_stream = transport.starttls().await?.into_inner(); - let tls_stream = wrap_tls(strict_tls, host, &[], tcp_stream) + let tls_stream = wrap_tls(strict_tls, host, "", tcp_stream) .await .context("STARTTLS upgrade failed")?;