dnim/rust-postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement tls-unique for postgres-openssl

Browse Source 
While it's a bit sketchier than tls-server-end-point, it is supported on
the backend with all OpenSSL versions.
This commit is contained in:
Steven Fackler 2018-06-26 21:07:47 -07:00
parent 369f6e027f
commit 705ef7d5b2
1 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
postgres-openssl/src/lib.rs
View File

@ -2,9 +2,7 @@ pub extern crate openssl;
extern crate postgres;
use openssl::error::ErrorStack;
use openssl::hash::MessageDigest;
use openssl::nid::Nid;
use openssl::ssl::{ConnectConfiguration, SslConnector, SslMethod, SslStream};
use openssl::ssl::{ConnectConfiguration, SslConnector, SslMethod, SslRef, SslStream};
use postgres::tls::{Stream, TlsHandshake, TlsStream};
use std::error::Error;
use std::fmt;
@ -87,18 +85,16 @@ impl TlsStream for OpenSslStream {
self.0.get_mut()
}
fn tls_server_end_point(&self) -> Option<Vec<u8>> {
let cert = self.0.ssl().peer_certificate()?;
let algo_nid = cert.signature_algorithm().object().nid();
let signature_algorithms = algo_nid.signature_algorithms()?;
let md = match signature_algorithms.digest {
Nid::MD5 | Nid::SHA1 => MessageDigest::sha256(),
nid => MessageDigest::from_nid(nid)?,
fn tls_unique(&self) -> Option<Vec<u8>> {
let f = if self.0.ssl().session_reused() {
SslRef::peer_finished
} else {
SslRef::finished
};
let digest = cert.digest(md).ok()?;
Some(digest.to_vec())
let len = f(self.0.ssl(), &mut []);
let mut buf = vec![0; len];
f(self.0.ssl(), &mut buf);
Some(buf)
}
}