NotificationsYou must be signed in to change notification settings
Fork516
Star3.8k

Commit60c1182

committed

feat: add ssl_negotiation option

1 parent6ae17e0 commit60c1182Copy full SHA for 60c1182

File tree

9 files changed

+111

-21

lines changed

postgres/src
- config.rs
tokio-postgres
- src
- tests/test
  - parse.rs

9 files changed

+111

-21

lines changed

`‎postgres/src/config.rs‎`

Lines changed: 14 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ use std::str::FromStr;`
`10`	`10`	`use std::sync::Arc;`
`11`	`11`	`use std::time::Duration;`
`12`	`12`	`use tokio::runtime;`
	`13`	`+use tokio_postgres::config::SslNegotiation;`
`13`	`14`	`#[doc(inline)]`
`14`	`15`	`pubuse tokio_postgres::config::{`
`15`	`16`	`ChannelBinding,Host,LoadBalanceHosts,SslMode,TargetSessionAttrs,`
`@@ -40,6 +41,8 @@ use tokio_postgres::{Error, Socket};`
`40`	`41`	`/// path to the directory containing Unix domain sockets. Otherwise, it is treated as a hostname. Multiple hosts`
`41`	`42`	`/// can be specified, separated by commas. Each host will be tried in turn when connecting. Required if connecting`
`42`	`43`	/// with the `connect` method.
	`44`	+/// * `sslnegotiation` - TLS negotiation method. If set to `direct`, the client will perform direct TLS handshake, this only works for PostgreSQL 17 and newer.
	`45`	+/// If set to `postgres`, the default value, it follows original postgres wire protocol to perform the negotiation.
`43`	`46`	/// * `hostaddr` - Numeric IP address of host to connect to. This should be in the standard IPv4 address format,
`44`	`47`	`/// e.g., 172.28.40.9. If your machine supports IPv6, you can also use those addresses.`
`45`	`48`	/// If this parameter is not specified, the value of `host` will be looked up to find the corresponding IP address,
`@@ -230,6 +233,17 @@ impl Config {`
`230`	`233`	`self.config.get_ssl_mode()`
`231`	`234`	`}`
`232`	`235`
	`236`	`+/// Sets the SSL negotiation method`
	`237`	`+pubfnssl_negotiation(&mutself,ssl_negotiation:SslNegotiation) ->&mutConfig{`
	`238`	`+self.config.ssl_negotiation(ssl_negotiation);`
	`239`	`+self`
	`240`	`+}`
	`241`	`+`
	`242`	`+/// Gets the SSL negotiation method`
	`243`	`+pubfnget_ssl_negotiation(&self) ->SslNegotiation{`
	`244`	`+self.config.get_ssl_negotiation()`
	`245`	`+}`
	`246`	`+`
`233`	`247`	`/// Adds a host to the configuration.`
`234`	`248`	`///`
`235`	`249`	`/// Multiple hosts can be specified by calling this method multiple times, and each will be tried in order. On Unix`

`‎tokio-postgres/src/cancel_query.rs‎`

Lines changed: 12 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,12 +1,13 @@`
`1`	`1`	`usecrate::client::SocketConfig;`
`2`		`-usecrate::config::SslMode;`
	`2`	`+usecrate::config::{SslMode,SslNegotiation};`
`3`	`3`	`usecrate::tls::MakeTlsConnect;`
`4`	`4`	`usecrate::{cancel_query_raw, connect_socket,Error,Socket};`
`5`	`5`	`use std::io;`
`6`	`6`
`7`	`7`	`pub(crate)asyncfncancel_query<T>(`
`8`	`8`	`config:Option<SocketConfig>,`
`9`	`9`	`ssl_mode:SslMode,`
	`10`	`+ssl_negotiation:SslNegotiation,`
`10`	`11`	`muttls:T,`
`11`	`12`	`process_id:i32,`
`12`	`13`	`secret_key:i32,`
`@@ -38,6 +39,14 @@ where`
`38`	`39`	`)`
`39`	`40`	`.await?;`
`40`	`41`
`41`		`- cancel_query_raw::cancel_query_raw(socket, ssl_mode, tls, has_hostname, process_id, secret_key)`
`42`		`-.await`
	`42`	`+ cancel_query_raw::cancel_query_raw(`
	`43`	`+ socket,`
	`44`	`+ ssl_mode,`
	`45`	`+ ssl_negotiation,`
	`46`	`+ tls,`
	`47`	`+ has_hostname,`
	`48`	`+ process_id,`
	`49`	`+ secret_key,`
	`50`	`+)`
	`51`	`+.await`
`43`	`52`	`}`

`‎tokio-postgres/src/cancel_query_raw.rs‎`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-usecrate::config::SslMode;`
	`1`	`+usecrate::config::{SslMode,SslNegotiation};`
`2`	`2`	`usecrate::tls::TlsConnect;`
`3`	`3`	`usecrate::{connect_tls,Error};`
`4`	`4`	`use bytes::BytesMut;`
`@@ -8,6 +8,7 @@ use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt};`
`8`	`8`	`pubasyncfncancel_query_raw<S,T>(`
`9`	`9`	`stream:S,`
`10`	`10`	`mode:SslMode,`
	`11`	`+negotiation:SslNegotiation,`
`11`	`12`	`tls:T,`
`12`	`13`	`has_hostname:bool,`
`13`	`14`	`process_id:i32,`
`@@ -17,7 +18,7 @@ where`
`17`	`18`	`S:AsyncRead +AsyncWrite +Unpin,`
`18`	`19`	`T:TlsConnect<S>,`
`19`	`20`	`{`
`20`		`-letmut stream = connect_tls::connect_tls(stream, mode, tls, has_hostname).await?;`
	`21`	`+letmut stream = connect_tls::connect_tls(stream, mode,negotiation,tls, has_hostname).await?;`
`21`	`22`
`22`	`23`	`letmut buf =BytesMut::new();`
`23`	`24`	`frontend::cancel_request(process_id, secret_key,&mut buf);`

`‎tokio-postgres/src/cancel_token.rs‎`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-usecrate::config::SslMode;`
	`1`	`+usecrate::config::{SslMode,SslNegotiation};`
`2`	`2`	`usecrate::tls::TlsConnect;`
`3`	`3`	`#[cfg(feature ="runtime")]`
`4`	`4`	`usecrate::{cancel_query, client::SocketConfig, tls::MakeTlsConnect,Socket};`
`@@ -12,6 +12,7 @@ pub struct CancelToken {`
`12`	`12`	`#[cfg(feature ="runtime")]`
`13`	`13`	`pub(crate)socket_config:Option<SocketConfig>,`
`14`	`14`	`pub(crate)ssl_mode:SslMode,`
	`15`	`+pub(crate)ssl_negotiation:SslNegotiation,`
`15`	`16`	`pub(crate)process_id:i32,`
`16`	`17`	`pub(crate)secret_key:i32,`
`17`	`18`	`}`
`@@ -37,6 +38,7 @@ impl CancelToken {`
`37`	`38`	`cancel_query::cancel_query(`
`38`	`39`	`self.socket_config.clone(),`
`39`	`40`	`self.ssl_mode,`
	`41`	`+self.ssl_negotiation,`
`40`	`42`	`tls,`
`41`	`43`	`self.process_id,`
`42`	`44`	`self.secret_key,`
`@@ -54,6 +56,7 @@ impl CancelToken {`
`54`	`56`	`cancel_query_raw::cancel_query_raw(`
`55`	`57`	`stream,`
`56`	`58`	`self.ssl_mode,`
	`59`	`+self.ssl_negotiation,`
`57`	`60`	`tls,`
`58`	`61`	`true,`
`59`	`62`	`self.process_id,`

`‎tokio-postgres/src/client.rs‎`

Lines changed: 5 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`usecrate::codec::BackendMessages;`
`2`		`-usecrate::config::SslMode;`
	`2`	`+usecrate::config::{SslMode,SslNegotiation};`
`3`	`3`	`usecrate::connection::{Request,RequestMessages};`
`4`	`4`	`usecrate::copy_out::CopyOutStream;`
`5`	`5`	`#[cfg(feature ="runtime")]`
`@@ -180,6 +180,7 @@ pub struct Client {`
`180`	`180`	`#[cfg(feature ="runtime")]`
`181`	`181`	`socket_config:Option<SocketConfig>,`
`182`	`182`	`ssl_mode:SslMode,`
	`183`	`+ssl_negotiation:SslNegotiation,`
`183`	`184`	`process_id:i32,`
`184`	`185`	`secret_key:i32,`
`185`	`186`	`}`
`@@ -188,6 +189,7 @@ impl Client {`
`188`	`189`	`pub(crate)fnnew(`
`189`	`190`	`sender: mpsc::UnboundedSender<Request>,`
`190`	`191`	`ssl_mode:SslMode,`
	`192`	`+ssl_negotiation:SslNegotiation,`
`191`	`193`	`process_id:i32,`
`192`	`194`	`secret_key:i32,`
`193`	`195`	`) ->Client{`
`@@ -200,6 +202,7 @@ impl Client {`
`200`	`202`	`#[cfg(feature ="runtime")]`
`201`	`203`	`socket_config:None,`
`202`	`204`	`ssl_mode,`
	`205`	`+ ssl_negotiation,`
`203`	`206`	`process_id,`
`204`	`207`	`secret_key,`
`205`	`208`	`}`
`@@ -550,6 +553,7 @@ impl Client {`
`550`	`553`	`#[cfg(feature ="runtime")]`
`551`	`554`	`socket_config:self.socket_config.clone(),`
`552`	`555`	`ssl_mode:self.ssl_mode,`
	`556`	`+ssl_negotiation:self.ssl_negotiation,`
`553`	`557`	`process_id:self.process_id,`
`554`	`558`	`secret_key:self.secret_key,`
`555`	`559`	`}`

`‎tokio-postgres/src/config.rs‎`

Lines changed: 39 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,16 @@ pub enum SslMode {`
`50`	`50`	`Require,`
`51`	`51`	`}`
`52`	`52`
	`53`	`+/// TLS negotiation configuration`
	`54`	`+#[derive(Debug,Copy,Clone,PartialEq,Eq)]`
	`55`	`+#[non_exhaustive]`
	`56`	`+pubenumSslNegotiation{`
	`57`	`+/// Use PostgreSQL SslRequest for Ssl negotiation`
	`58`	`+Postgres,`
	`59`	`+/// Start Ssl handshake without negotiation, only works for PostgreSQL 17+`
	`60`	`+Direct,`
	`61`	`+}`
	`62`	`+`
`53`	`63`	`/// Channel binding configuration.`
`54`	`64`	`#[derive(Debug,Copy,Clone,PartialEq,Eq)]`
`55`	`65`	`#[non_exhaustive]`
`@@ -106,6 +116,8 @@ pub enum Host {`
`106`	`116`	`/// path to the directory containing Unix domain sockets. Otherwise, it is treated as a hostname. Multiple hosts`
`107`	`117`	`/// can be specified, separated by commas. Each host will be tried in turn when connecting. Required if connecting`
`108`	`118`	/// with the `connect` method.
	`119`	+/// * `sslnegotiation` - TLS negotiation method. If set to `direct`, the client will perform direct TLS handshake, this only works for PostgreSQL 17 and newer.
	`120`	+/// If set to `postgres`, the default value, it follows original postgres wire protocol to perform the negotiation.
`109`	`121`	/// * `hostaddr` - Numeric IP address of host to connect to. This should be in the standard IPv4 address format,
`110`	`122`	`/// e.g., 172.28.40.9. If your machine supports IPv6, you can also use those addresses.`
`111`	`123`	/// If this parameter is not specified, the value of `host` will be looked up to find the corresponding IP address,
`@@ -198,6 +210,7 @@ pub struct Config {`
`198`	`210`	`pub(crate)options:Option<String>,`
`199`	`211`	`pub(crate)application_name:Option<String>,`
`200`	`212`	`pub(crate)ssl_mode:SslMode,`
	`213`	`+pub(crate)ssl_negotiation:SslNegotiation,`
`201`	`214`	`pub(crate)host:Vec<Host>,`
`202`	`215`	`pub(crate)hostaddr:Vec<IpAddr>,`
`203`	`216`	`pub(crate)port:Vec<u16>,`
`@@ -227,6 +240,7 @@ impl Config {`
`227`	`240`	`options:None,`
`228`	`241`	`application_name:None,`
`229`	`242`	`ssl_mode:SslMode::Prefer,`
	`243`	`+ssl_negotiation:SslNegotiation::Postgres,`
`230`	`244`	`host:vec![],`
`231`	`245`	`hostaddr:vec![],`
`232`	`246`	`port:vec![],`
`@@ -325,6 +339,19 @@ impl Config {`
`325`	`339`	`self.ssl_mode`
`326`	`340`	`}`
`327`	`341`
	`342`	`+/// Sets the SSL negotiation method.`
	`343`	`+///`
	`344`	+/// Defaults to `postgres`.
	`345`	`+pubfnssl_negotiation(&mutself,ssl_negotiation:SslNegotiation) ->&mutConfig{`
	`346`	`+self.ssl_negotiation = ssl_negotiation;`
	`347`	`+self`
	`348`	`+}`
	`349`	`+`
	`350`	`+/// Gets the SSL negotiation method.`
	`351`	`+pubfnget_ssl_negotiation(&self) ->SslNegotiation{`
	`352`	`+self.ssl_negotiation`
	`353`	`+}`
	`354`	`+`
`328`	`355`	`/// Adds a host to the configuration.`
`329`	`356`	`///`
`330`	`357`	`/// Multiple hosts can be specified by calling this method multiple times, and each will be tried in order. On Unix`
`@@ -550,6 +577,18 @@ impl Config {`
`550`	`577`	`};`
`551`	`578`	`self.ssl_mode(mode);`
`552`	`579`	`}`
	`580`	`+"sslnegotiation" =>{`
	`581`	`+let mode =match value{`
	`582`	`+"postgres" =>SslNegotiation::Postgres,`
	`583`	`+"direct" =>SslNegotiation::Direct,`
	`584`	`+ _ =>{`
	`585`	`+returnErr(Error::config_parse(Box::new(InvalidValue(`
	`586`	`+"sslnegotiation",`
	`587`	`+))))`
	`588`	`+}`
	`589`	`+};`
	`590`	`+self.ssl_negotiation(mode);`
	`591`	`+}`
`553`	`592`	`"host" =>{`
`554`	`593`	`for hostin value.split(','){`
`555`	`594`	`self.host(host);`

`‎tokio-postgres/src/connect_raw.rs‎`

Lines changed: 15 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,14 @@ where`
`89`	`89`	`S:AsyncRead +AsyncWrite +Unpin,`
`90`	`90`	`T:TlsConnect<S>,`
`91`	`91`	`{`
`92`		`-let stream =connect_tls(stream, config.ssl_mode, tls, has_hostname).await?;`
	`92`	`+let stream =connect_tls(`
	`93`	`+ stream,`
	`94`	`+ config.ssl_mode,`
	`95`	`+ config.ssl_negotiation,`
	`96`	`+ tls,`
	`97`	`+ has_hostname,`
	`98`	`+)`
	`99`	`+.await?;`
`93`	`100`
`94`	`101`	`letmut stream =StartupStream{`
`95`	`102`	`inner:Framed::new(stream,PostgresCodec),`
`@@ -107,7 +114,13 @@ where`
`107`	`114`	`let(process_id, secret_key, parameters) =read_info(&mut stream).await?;`
`108`	`115`
`109`	`116`	`let(sender, receiver) = mpsc::unbounded();`
`110`		`-let client =Client::new(sender, config.ssl_mode, process_id, secret_key);`
	`117`	`+let client =Client::new(`
	`118`	`+ sender,`
	`119`	`+ config.ssl_mode,`
	`120`	`+ config.ssl_negotiation,`
	`121`	`+ process_id,`
	`122`	`+ secret_key,`
	`123`	`+);`
`111`	`124`	`let connection =Connection::new(stream.inner, stream.delayed, parameters, receiver);`
`112`	`125`
`113`	`126`	`Ok((client, connection))`

`‎tokio-postgres/src/connect_tls.rs‎`

Lines changed: 14 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-usecrate::config::SslMode;`
	`1`	`+usecrate::config::{SslMode,SslNegotiation};`
`2`	`2`	`usecrate::maybe_tls_stream::MaybeTlsStream;`
`3`	`3`	`usecrate::tls::private::ForcePrivateApi;`
`4`	`4`	`usecrate::tls::TlsConnect;`
`@@ -10,6 +10,7 @@ use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt};`
`10`	`10`	`pubasyncfnconnect_tls<S,T>(`
`11`	`11`	`mutstream:S,`
`12`	`12`	`mode:SslMode,`
	`13`	`+negotiation:SslNegotiation,`
`13`	`14`	`tls:T,`
`14`	`15`	`has_hostname:bool,`
`15`	`16`	`) ->Result<MaybeTlsStream<S,T::Stream>,Error>`
`@@ -25,18 +26,20 @@ where`
`25`	`26`	`SslMode::Prefer \|SslMode::Require =>{}`
`26`	`27`	`}`
`27`	`28`
`28`		`-letmut buf =BytesMut::new();`
`29`		`- frontend::ssl_request(&mut buf);`
`30`		`- stream.write_all(&buf).await.map_err(Error::io)?;`
	`29`	`+if negotiation ==SslNegotiation::Postgres{`
	`30`	`+letmut buf =BytesMut::new();`
	`31`	`+ frontend::ssl_request(&mut buf);`
	`32`	`+ stream.write_all(&buf).await.map_err(Error::io)?;`
`31`	`33`
`32`		`-letmut buf =[0];`
`33`		`- stream.read_exact(&mut buf).await.map_err(Error::io)?;`
	`34`	`+letmut buf =[0];`
	`35`	`+stream.read_exact(&mut buf).await.map_err(Error::io)?;`
`34`	`36`
`35`		`-if buf[0] !=b'S'{`
`36`		`-ifSslMode::Require == mode{`
`37`		`-returnErr(Error::tls("server does not support TLS".into()));`
`38`		`-}else{`
`39`		`-returnOk(MaybeTlsStream::Raw(stream));`
	`37`	`+if buf[0] !=b'S'{`
	`38`	`+ifSslMode::Require == mode{`
	`39`	`+returnErr(Error::tls("server does not support TLS".into()));`
	`40`	`+}else{`
	`41`	`+returnOk(MaybeTlsStream::Raw(stream));`
	`42`	`+}`
`40`	`43`	`}`
`41`	`44`	`}`
`42`	`45`

`‎tokio-postgres/tests/test/parse.rs‎`

Lines changed: 5 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`use std::time::Duration;`
`2`		`-use tokio_postgres::config::{Config,TargetSessionAttrs};`
	`2`	`+use tokio_postgres::config::{Config,SslNegotiation,TargetSessionAttrs};`
`3`	`3`
`4`	`4`	`fncheck(s:&str,config:&Config){`
`5`	`5`	assert_eq!(s.parse::<Config>().expect(s),*config,"`{}`", s);
`@@ -42,6 +42,10 @@ fn settings() {`
`42`	`42`	`.keepalives_idle(Duration::from_secs(30))`
`43`	`43`	`.target_session_attrs(TargetSessionAttrs::ReadOnly),`
`44`	`44`	`);`
	`45`	`+check(`
	`46`	`+"sslnegotiation=direct",`
	`47`	`+Config::new().ssl_negotiation(SslNegotiation::Direct),`
	`48`	`+);`
`45`	`49`	`}`
`46`	`50`
`47`	`51`	`#[test]`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit60c1182

File tree

9 files changed

9 files changed

`‎postgres/src/config.rs‎`

`‎tokio-postgres/src/cancel_query.rs‎`

`‎tokio-postgres/src/cancel_query_raw.rs‎`

`‎tokio-postgres/src/cancel_token.rs‎`

`‎tokio-postgres/src/client.rs‎`

`‎tokio-postgres/src/config.rs‎`

`‎tokio-postgres/src/connect_raw.rs‎`

`‎tokio-postgres/src/connect_tls.rs‎`

`‎tokio-postgres/tests/test/parse.rs‎`

0 commit comments