Skip to content

Commit 83ccfec

Browse files
j-chmielewskij-chmielewski
authored
Gateway TLS verification (#2049)
* move tls code to separate crate, make it generic * prime the cache * restore error log when certs don't match * non-optional ProxyHandler::shutdown_signal * gateway cert verification * defguard_gateway_manager crate * fix tests * cargo fmt * remove unused imports * allow(clippy::result_large_err) * rename proxy_handler module to handler * defguard_gateway_manager::error module * move gateway handler-related structs to handler module * move gen_config function to handler module * tighten modules visibility * remove unused GatewayError variants * send purge request on gateway delete trigger, GatewayManager * refactor TriggerOperation::Delete match branch * cert verification throws CertificateError::ApplicationVerificationFailure * move auth, generic grpc methods to core * fix imports, cargo fmt * fix sync Mutex used across await issue * GatewayManager::run * update protos * cargo update * update sqlx query data * fix clippy issues * cargo fmt * fix cargo deny issues * cargo machete, i32::cast_unsigned * more i32::cast_unsigned conversions * cargo fmt
1 parent a9a0f94 commit 83ccfec

61 files changed

Lines changed: 1200 additions & 1228 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.sqlx/query-b43694450d7abe3b93ea88fa7c95c38d3e2deb43d5ca3458724deb3ead69389a.json renamed to .sqlx/query-161dca354966b0bc33849d2ef1245351bf9bf9650acca042a12ad75a71fdee71.json

Lines changed: 5 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.sqlx/query-2f614ae8a1c1c62c11ed2e9b11e7004f869008e9dec303033ddbec8b0cee53f5.json

Lines changed: 0 additions & 35 deletions
This file was deleted.

.sqlx/query-ae3e3cef524f2a911808bf72e7c57b7f32e22adefc9b9185a9b3cd80c169a6e2.json renamed to .sqlx/query-5eee502cace9cd11b8d12f7345660fb8517656b090c5f93e017a1d4ffe552975.json

Lines changed: 5 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.sqlx/query-5af0fbf61295a5a23149c6248ea0b4a7afcbee1b63e34932c143f4697a0bc2cc.json renamed to .sqlx/query-6bcef8e62bfbb66c4787a95bea3187d9bdb32e1938592cd31ba98aca73d69746.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.sqlx/query-d10c9a7b0b391aeb8b4869f6bddf997807b66e0b532da747b146513c34e15c5c.json

Lines changed: 8 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.sqlx/query-e9ca71b61f7a3736ca335d90aca36ab5a93dc8a00ad622267f13b3cd4cdb4a5a.json

Lines changed: 8 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

.sqlx/query-ed3266f5f0d7b1613ad8745c9be953a7d9ef0becedf668c1d2225a1673003c77.json renamed to .sqlx/query-f653c2bf5fc813e1358004e2dfb77ffa5343609a16229c4a86726cc5d5148402.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.lock

Lines changed: 42 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ edition = "2024"
33
license-file = "LICENSE.md"
44
homepage = "https://defguard.net/"
55
repository = "https://github.com/DefGuard/defguard"
6-
rust-version = "1.85.1"
6+
rust-version = "1.87.0"
77

88
[workspace]
99
members = ["crates/*", "tools/*"]
@@ -16,6 +16,7 @@ defguard_common = { path = "./crates/defguard_common", version = "2.0.0" }
1616
defguard_core = { path = "./crates/defguard_core", version = "0.0.0" }
1717
defguard_event_logger = { path = "./crates/defguard_event_logger", version = "0.0.0" }
1818
defguard_event_router = { path = "./crates/defguard_event_router", version = "0.0.0" }
19+
defguard_gateway_manager = { path = "./crates/defguard_gateway_manager", version = "0.0.0" }
1920
defguard_mail = { path = "./crates/defguard_mail", version = "0.0.0" }
2021
defguard_proto = { path = "./crates/defguard_proto", version = "0.0.0" }
2122
defguard_proxy_manager = { path = "./crates/defguard_proxy_manager", version = "0.0.0" }
@@ -24,6 +25,7 @@ defguard_version = { path = "./crates/defguard_version", version = "0.0.0" }
2425
defguard_vpn_stats_purge = { path = "./crates/defguard_vpn_stats_purge", version = "0.0.0" }
2526
defguard_web_ui = { path = "./crates/defguard_web_ui", version = "0.0.0" }
2627
defguard_certs = { path = "./crates/defguard_certs", version = "0.0.0" }
28+
defguard_grpc_tls = { path = "./crates/defguard_grpc_tls", version = "0.0.0" }
2729
defguard_setup = { path = "./crates/defguard_setup", version = "0.0.0" }
2830
model_derive = { path = "./crates/model_derive", version = "0.0.0" }
2931

@@ -49,6 +51,7 @@ claims = "0.8"
4951
clap = { version = "4.5", features = ["derive", "env"] }
5052
futures = "0.3"
5153
http = "1.4"
54+
hyper-rustls = { version = "0.27", features = ["http2"] }
5255
humantime = "2.1"
5356
# match version used by sqlx
5457
ipnetwork = "0.20"
@@ -61,6 +64,7 @@ md4 = "0.10"
6164
openidconnect = { version = "4.0", default-features = false, features = [
6265
"reqwest",
6366
] }
67+
os_info = "3.12"
6468
parse_link_header = "0.4"
6569
paste = "1.0"
6670
pgp = { version = "0.19", default-features = false }
@@ -72,6 +76,7 @@ rcgen = { version = "0.14", features = ["x509-parser", "pem"] }
7276
reqwest = { version = "0.12", features = ["json"] }
7377
rsa = "0.9"
7478
rust-ini = "0.21"
79+
rustls = { version = "0.23", features = ["ring"] }
7580
rustls-pki-types = "1.14"
7681
semver = { version = "1.0", features = ["serde"] }
7782
secrecy = { version = "0.10", features = ["serde"] }
@@ -115,7 +120,9 @@ tonic-health = "0.14"
115120
tonic-prost = "0.14"
116121
tonic-prost-build = "0.14"
117122
totp-lite = { version = "2.0" }
123+
tower = "0.5"
118124
tower-http = { version = "0.6", features = ["fs", "trace", "set-header"] }
125+
tower-service = "0.3"
119126
tracing = "0.1"
120127
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
121128
trait-variant = "0.1"

crates/defguard/Cargo.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ defguard_common = { workspace = true }
1313
defguard_core = { workspace = true }
1414
defguard_event_router = { workspace = true }
1515
defguard_event_logger = { workspace = true }
16+
defguard_gateway_manager = { workspace = true }
1617
defguard_proxy_manager = { workspace = true }
1718
defguard_session_manager = { workspace = true }
1819
defguard_version = { workspace = true }

0 commit comments

Comments
 (0)