Skip to content

Commit

Permalink
build(deps): bump rustls, hyper and other dependencies (#566)
Browse files Browse the repository at this point in the history 
* bump rustls

* bump hyper

* bump rustls into patched 0.23

* disable default features for hyper-rustls


---------

Co-authored-by: dev0 <dev@watfaq.com>
Co-authored-by: VendettaReborn <vendettareborn@proton.me>
  • Loading branch information
@ibigbug @VendettaReborn
3 people authored Sep 3, 2024
1 parent 78ae10a commit 3cea0b4
Show file tree
Hide file tree
Showing 31 changed files with 1,070 additions and 725 deletions.
802 changes: 402 additions & 400 deletions Cargo.lock
View file

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@ lto = true
strip = true

[patch.crates-io]
tokio-rustls = { git = "https://github.com/Watfaq/tokio-rustls.git", rev = "fcda89f6348c1e696b239bc7e0b168015cfb8c08"}
rustls = { git = "https://github.com/Watfaq/rustls.git", rev = "43ecd5c610741668488e6d57857f9900a2087a5b"}
tokio-rustls = { git = "https://github.com/Watfaq/tokio-rustls.git", rev = "6b9af8ac7bb5abc159d9a67e9ddbf84127559a4a"}
rustls = { git = "https://github.com/Watfaq/rustls.git", rev = "f84c0f8020b252978e9b157179e9a99233cd33aa"}
143 changes: 78 additions & 65 deletions clash_lib/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,114 +13,127 @@ bench = ["criterion"]
onion = ["arti-client/onion-service-client"]

[dependencies]
# Async
tokio = { version = "1", features = ["full"] }
tokio-util = { version = "0.7", features = ["net", "codec", "io", "compat"] }
thiserror = "1.0"
async-trait = "0.1"
anyhow = "1"
futures = "0.3"
bytes = "1.7"
async-recursion = "1"
ipnet = "2.9"
url = "2.5"
regex = "1"
byteorder = "1.5"
lru_time_cache = "0.11"
hyper = { version = "0.14.28", features = ["http1","http2","client", "server", "tcp"] }
http = { version = "1.1" }
httparse = "1.9.4"
h2 = "0.4.6"
prost = "0.13"
tower = { version = "0.4", features = ["util"] }
libc = "0.2"
foreign-types-shared = "0.3.1"
network-interface = "2.0.0"
base64 = "0.22"
uuid = { version = "1.10.0", features = ["v4", "fast-rng", "macro-diagnostics", "serde"] }
async-trait = "0.1"
hyper = { version = "1", features = ["http1","http2","client", "server"] }
hyper-util = "0.1"

ip_network_table-deps-treebitmap = "0.5.0"
once_cell = "1.18.0"

# opentelemetry
# Network proto
http = { version = "1" }
http-body-util = "0.1.2"
socket2 = { version = "0.5", features = ["all"] }
tokio-tungstenite = "0.23.1"

# TLS
tokio-rustls = { version = "0.26", default-features = false, features = ["logging", "tls12"] }
hyper-rustls = { version = "0.27", default-features = false, features = ["http1", "http2"] }
rustls = { version = "0.23", default-features = false, features=["ring"] }
rustls-pemfile = "2"
webpki-roots = "0.26"

# Error handing & logging
thiserror = "1"
anyhow = "1"
opentelemetry = "0.24"
opentelemetry_sdk = { version = "0.24", default-features = false, features = ["trace", "rt-tokio"] }
tracing-opentelemetry = "0.25"
opentelemetry-jaeger-propagator = "0.3"
opentelemetry-otlp = { version = "0.17" }
opentelemetry-semantic-conventions = "0.16"

crc32fast = "1.4.2"
brotli = "6.0.0"
hmac = "0.12.1"
# Data structures
url = "2"
bytes = "1"
ipnet = "2"
regex = "1"
byteorder = "1"
lru_time_cache ="0.11"
uuid = { version = "1", features = ["v4", "fast-rng", "macro-diagnostics", "serde"] }
foreign-types-shared = "0.3"
network-interface = "2"
base64 = "0.22"

httparse = "1"
h2 = "0.4"
prost = "0.13"
tower = { version = "0.5", features = ["util"] }
libc = "0.2"

ip_network_table-deps-treebitmap = "0.5"
once_cell = "1"

# Algorithms
crc32fast = "1"
brotli = "6"
hmac = "0.12"
sha1 = "0.10"
sha2 = "0.10.8"
sha2 = "0.10"
md-5 = "0.10"
chacha20poly1305 = "0.10"
aead = { version = "0.5.2", features = ["std"] }
aes = "0.8.4"
aead = { version = "0.5", features = ["std"] }
aes = "0.8"
aes-gcm = "0.10"
cfb-mode = "0.8.2"
cfb-mode = "0.8"
const-fnv1a-hash = "1"

filetime = "0.2"
axum = { version = "0.7", features = ["ws"] }
tower-http = { version = "0.5.2", features = ["fs", "trace", "cors"] }
chrono = { version = "0.4.38", features = ["serde"] }
tower-http = { version = "0.5", features = ["fs", "trace", "cors"] }
chrono = { version = "0.4", features = ["serde"] }

tun = { git = "https://github.com/Watfaq/rust-tun.git", rev = "8f7568190f1200d3e272ca534baf8d1578147e18", features = ["async"] }
netstack-lwip = { git = "https://github.com/Watfaq/netstack-lwip.git", rev = "2817bf82740e04bbee6b7bf1165f55657a6ed163" }

boringtun = { version = "0.6.0", git = "https://github.com/cloudflare/boringtun.git", rev = "f672bb6c1e1e371240a8d151f15854687eb740bb" }
boringtun = { version = "0.6", git = "https://github.com/cloudflare/boringtun.git", rev = "f672bb6c1e1e371240a8d151f15854687eb740bb" }
smoltcp = { version = "0.11", default-features = false, features = ["std", "log", "medium-ip", "proto-ipv4", "proto-ipv6", "socket-udp", "socket-tcp"] }

tokio-rustls = "0.24"
hyper-rustls = { version = "0.24", features = ["http1", "http2"] }

serde = { version = "1.0", features=["derive"] }
serde = { version = "1", features=["derive"] }
serde_yaml = "0.9"
serde_json = "1.0"
erased-serde = "0.4.5"

hickory-client = "0.24"
hickory-resolver = "0.24"
hickory-server = { version = "0.24", features = ["dns-over-rustls", "dns-over-https-rustls"] }
hickory-proto = { version = "0.24", features = ["dns-over-rustls", "dns-over-https-rustls"]}

# DoH
# ideally we should make a CryptoProvider with boringssl and get rid of rings
rustls = { version = "0.21", features=["dangerous_configuration", "quic"] }
rustls-pemfile = "1.0.4"
webpki-roots = "0.25"
serde_json = "1"
erased-serde = "0.4"

# DNS
hickory-client = "0.25.0-alpha.2"
hickory-resolver = "0.25.0-alpha.2"
hickory-server = { version = "0.25.0-alpha.2", features = ["dns-over-rustls", "dns-over-https-rustls"] }
hickory-proto = { version = "0.25.0-alpha.2", features = ["dns-over-rustls", "dns-over-https-rustls"]}



dhcproto = "0.12"
ring-compat = { version = "0.8", features = ["aead"] }

rand = "0.8"

socket2 = { version = "0.5", features = ["all"] }
tokio-tungstenite = "0.23.1"


tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
tracing-oslog = { branch = "main", git = "https://github.com/Absolucy/tracing-oslog.git" }
tracing-appender = "0.2.3"
tracing-appender = "0.2"


shadowsocks = { version = "1.20.2", optional = true, features=["aead-cipher-2022","stream-cipher"] }
maxminddb = "0.24.0"
public-suffix = "0.1.0"
murmur3 = "0.5.2"
shadowsocks = { version = "1", optional = true, features=["aead-cipher-2022","stream-cipher"] }
maxminddb = "0.24"
public-suffix = "0.1"
murmur3 = "0.5"

arti-client = { version = "0.21.0", default-features = false, features = ["tokio", "rustls", "compression", "static-sqlite"] }
tor-rtcompat = { version = "0.21.0" }
arti-client = { version = "0.21", default-features = false, features = ["tokio", "rustls", "compression", "static-sqlite"] }
tor-rtcompat = { version = "0.21", default-features = false, features = ["rustls"] }

# tuic
tuic = { rev = "82fab62", optional = true, git = "https://github.com/Itsusinn/tuic.git" }
tuic-quinn = { rev = "82fab62", optional = true, git = "https://github.com/Itsusinn/tuic.git" }
quinn = { version = "0.10", optional = true, default-features = false, features = ["futures-io", "runtime-tokio", "tls-rustls"] }
register-count = { version = "0.1.0", optional = true }
tuic = { tag = "v1.1.2-fix1", optional = true, git = "https://github.com/Itsusinn/tuic.git" }
tuic-quinn = { tag = "v1.1.2-fix1", optional = true, git = "https://github.com/Itsusinn/tuic.git" }
quinn = { version = "0.11", optional = true, default-features = false, features = ["futures-io", "runtime-tokio", "rustls"] }
register-count = { version = "0.1", optional = true }

console-subscriber = { version = "0.4.0" }
tracing-timing = { version = "0.6.0" }
console-subscriber = { version = "0.4" }
tracing-timing = { version = "0.6" }
criterion = { version = "0.5", features = ["html_reports", "async_tokio"], optional = true }

memory-stats = "1.0.0"
Expand Down
5 changes: 1 addition & 4 deletions clash_lib/src/app/api/handlers/dns.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,10 +89,7 @@ async fn query_dns(
data.insert("name".to_owned(), rr.name().to_string().into());
data.insert("type".to_owned(), u16::from(rr.record_type()).into());
data.insert("ttl".to_owned(), rr.ttl().into());
data.insert(
"data".to_owned(),
rr.data().map(|x| x.to_string()).unwrap_or_default().into(),
);
data.insert("data".to_owned(), rr.data().to_string().into());
data.into()
};

Expand Down
7 changes: 0 additions & 7 deletions clash_lib/src/app/dispatcher/tracked.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ use std::{fmt::Debug, pin::Pin, sync::Arc, task::Poll};

use async_trait::async_trait;
use futures::{Sink, Stream};
use hyper::client::connect::{Connected, Connection};
use tokio::{
io::{AsyncRead, AsyncWrite},
sync::oneshot::{error::TryRecvError, Receiver},
Expand Down Expand Up @@ -35,12 +34,6 @@ pub trait ChainedStream:
async fn append_to_chain(&self, name: &str);
}

impl Connection for BoxedChainedStream {
fn connected(&self) -> Connected {
Connected::new()
}
}

pub type BoxedChainedStream = Box<dyn ChainedStream>;

#[derive(Debug)]
Expand Down
76 changes: 22 additions & 54 deletions clash_lib/src/app/dns/config.rs
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,17 @@
use std::{
collections::HashMap,
fmt::Display,
io::BufReader,
net::{IpAddr, SocketAddr},
sync::Arc,
};

use ipnet::AddrParseError;
use regex::Regex;
use rustls::{Certificate, PrivateKey};
use rustls::pki_types::{CertificateDer, PrivateKeyDer};
use url::Url;

use crate::{
common::trie,
common::{trie, utils},
config::def::{DNSListen, DNSMode},
Error,
};
Expand Down Expand Up @@ -48,18 +47,18 @@ pub struct FallbackFilter {
pub domain: Vec<String>,
}

#[derive(Clone, Debug)]
#[derive(Debug)]
pub struct DoHConfig {
pub certificate_and_key: (Vec<Certificate>, PrivateKey),
pub certificate_and_key: (Vec<CertificateDer<'static>>, PrivateKeyDer<'static>),
pub dns_hostname: Option<String>,
}

#[derive(Clone, Debug)]
#[derive(Debug)]
pub struct DoTConfig {
pub certificate_and_key: (Vec<Certificate>, PrivateKey),
pub certificate_and_key: (Vec<CertificateDer<'static>>, PrivateKeyDer<'static>),
}

#[derive(Clone, Debug, Default)]
#[derive(Debug, Default)]
pub struct DNSListenAddr {
pub udp: Option<SocketAddr>,
pub tcp: Option<SocketAddr>,
Expand Down Expand Up @@ -271,6 +270,7 @@ impl TryFrom<&crate::config::def::Config> for Config {
})
}
DNSListen::Multiple(map) => {
use std::path::Path;
let mut udp = None;
let mut tcp = None;
let mut doh = None;
Expand All @@ -287,61 +287,29 @@ impl TryFrom<&crate::config::def::Config> for Config {
"udp" => udp = Some(addr),
"tcp" => tcp = Some(addr),
"doh" => {
let mut buf_read: Box<dyn std::io::BufRead> =
Box::new(BufReader::new(
TEST_CERT.as_bytes(),
));
let certs = rustls_pemfile::certs(&mut buf_read)
.unwrap()
.into_iter()
.map(Certificate)
.collect::<Vec<_>>();

let mut buf_read: Box<dyn std::io::BufRead> =
Box::new(BufReader::new(
TEST_KEY.as_bytes(),
));
let mut keys =
rustls_pemfile::pkcs8_private_keys(
&mut buf_read,
)
.unwrap();
let certs =
utils::load_cert_chain(Path::new(TEST_CERT))
.unwrap();
let priv_key =
utils::load_priv_key(Path::new(TEST_KEY))
.unwrap();
let c = DoHConfig {
certificate_and_key: (
certs,
PrivateKey(keys.remove(0)),
),
certificate_and_key: (certs, priv_key),
dns_hostname: Some(
"dns.example.com".to_owned(),
),
};
doh = Some((addr, c))
}
"dot" => {
let mut buf_read: Box<dyn std::io::BufRead> =
Box::new(BufReader::new(
TEST_CERT.as_bytes(),
));
let certs = rustls_pemfile::certs(&mut buf_read)
.unwrap()
.into_iter()
.map(Certificate)
.collect::<Vec<_>>();

let mut buf_read: Box<dyn std::io::BufRead> =
Box::new(BufReader::new(
TEST_KEY.as_bytes(),
));
let mut keys =
rustls_pemfile::pkcs8_private_keys(
&mut buf_read,
)
.unwrap();
let certs =
utils::load_cert_chain(Path::new(TEST_CERT))
.unwrap();
let priv_key =
utils::load_priv_key(Path::new(TEST_KEY))
.unwrap();
let c = DoTConfig {
certificate_and_key: (
certs,
PrivateKey(keys.remove(0)),
),
certificate_and_key: (certs, priv_key),
};
dot = Some((addr, c))
}
Expand Down
8 changes: 3 additions & 5 deletions clash_lib/src/app/dns/dns_client.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,7 +370,6 @@ async fn dns_stream_builder(
}
DnsConfig::Tls(addr, host, iface) => {
let mut tls_config = ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(GLOBAL_ROOT_STORE.clone())
.with_no_client_auth();
tls_config.alpn_protocols = vec!["dot".into()];
Expand Down Expand Up @@ -408,15 +407,14 @@ async fn dns_stream_builder(
}
DnsConfig::Https(addr, host, iface) => {
let mut tls_config = ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(GLOBAL_ROOT_STORE.clone())
.with_no_client_auth();
tls_config.alpn_protocols = vec!["h2".into()];

if host == &addr.ip().to_string() {
tls_config
.dangerous()
.set_certificate_verifier(Arc::new(tls::NoHostnameTlsVerifier));
tls_config.dangerous().set_certificate_verifier(Arc::new(
tls::NoHostnameTlsVerifier::new(),
));
}

let fut = new_tcp_stream(
Expand Down
Loading

0 comments on commit 3cea0b4

Please sign in to comment.