Merge pull request redis-rs#305 from gferon/redis-tls

Author: badboy

.travis.yml

@@ -21,7 +21,7 @@ before_cache:
 before_install: |
   sudo add-apt-repository ppa:chris-lea/redis-server -y
   sudo apt-get update
-  sudo apt-get install redis-server=5:6.0.5-1chl1~xenial1 -y
+  sudo apt-get install redis-server=5:6.0.5-1chl1~xenial1 stunnel -y
 
 matrix:
   include:

Cargo.toml

@@ -53,6 +53,11 @@ rand = { version = "0.7.0", optional = true }
 async-std = { version = "1.5.0", optional = true}
 async-trait = "0.1.24"
 
+# Only needed for TLS
+native-tls = { version = "0.2", optional = true }
+tokio-tls = { version = "0.3", optional = true }
+async-native-tls = { version = "0.3", optional = true }
+
 [features]
 default = ["acl", "streams", "geospatial", "tokio-comp", "async-std-comp", "script"]
 acl = []
@@ -61,8 +66,11 @@ tokio-rt-core = ["tokio-comp", "tokio/rt-core"]
 geospatial = []
 cluster = ["crc16", "rand"]
 script = ["sha1"]
+tls = ["native-tls"]
 async-std-comp = ["aio", "async-std"]
+async-std-tls-comp = ["async-std-comp", "async-native-tls", "tls"]
 tokio-comp = ["aio", "tokio"]
+tokio-tls-comp = ["tls", "tokio-tls"]
 connection-manager = ["tokio-rt-core", "arc-swap", "futures"]
 streams = []
 
@@ -77,6 +85,7 @@ criterion = "0.3"
 partial-io = { version = "0.3", features = ["tokio", "quickcheck"] }
 quickcheck = "0.6"
 tokio = { version = "0.2", features = ["rt-core", "macros", "time"] }
+tempdir = "0.3"
 
 [[test]]
 name = "test_async"

Makefile

@@ -5,28 +5,32 @@ test:
 	@echo "===================================================================="
 	@echo "Testing Connection Type TCP without features"
 	@echo "===================================================================="
-	@REDISRS_SERVER_TYPE=tcp RUST_TEST_THREADS=1 cargo test --no-default-features --tests -- --nocapture
+	@REDISRS_SERVER_TYPE=tcp cargo test --no-default-features --tests -- --nocapture --test-threads=1
 
 	@echo "===================================================================="
 	@echo "Testing Connection Type TCP with all features"
 	@echo "===================================================================="
-	@REDISRS_SERVER_TYPE=tcp RUST_TEST_THREADS=1 cargo test --all-features -- --nocapture
+	@REDISRS_SERVER_TYPE=tcp cargo test --all-features -- --nocapture --test-threads=1
+
+	@echo "===================================================================="
+	@echo "Testing Connection Type TCP with all features and TLS support"
+	@echo "===================================================================="
+	@REDISRS_SERVER_TYPE=tcp+tls cargo test --all-features -- --nocapture --test-threads=1
 
 	@echo "===================================================================="
 	@echo "Testing Connection Type UNIX"
 	@echo "===================================================================="
-	@REDISRS_SERVER_TYPE=unix cargo test --test parser --test test_basic --test test_types --all-features
+	@REDISRS_SERVER_TYPE=unix cargo test --test parser --test test_basic --test test_types --all-features -- --test-threads=1
 
 	@echo "===================================================================="
 	@echo "Testing Connection Type UNIX SOCKETS"
 	@echo "===================================================================="
 	@REDISRS_SERVER_TYPE=unix cargo test --all-features -- --skip test_cluster
 
-test-single: RUST_TEST_THREADS=1
 test-single: test
 
 bench:
-	@RUST_TEST_THREADS=1 cargo bench --all-features
+	cargo bench --all-features --test-threads=1
 
 docs: build
 	@cargo doc --no-deps

examples/basic.rs

@@ -1,6 +1,7 @@
 use redis::{self, transaction, Commands};
 
 use std::collections::HashMap;
+use std::env;
 
 /// This function demonstrates how a return value can be coerced into a
 /// hashmap of tuples.  This is particularly useful for responses like
@@ -134,9 +135,9 @@ fn do_atomic_increment(con: &mut redis::Connection) -> redis::RedisResult<()> {
 }
 
 /// Runs all the examples and propagates errors up.
-fn do_redis_code() -> redis::RedisResult<()> {
+fn do_redis_code(url: &str) -> redis::RedisResult<()> {
     // general connection handling
-    let client = redis::Client::open("redis://127.0.0.1/")?;
+    let client = redis::Client::open(url)?;
     let mut con = client.get_connection()?;
 
     // read some config and print it.
@@ -154,7 +155,12 @@ fn do_redis_code() -> redis::RedisResult<()> {
 
 fn main() {
     // at this point the errors are fatal, let's just fail hard.
-    match do_redis_code() {
+    let url = if env::args().nth(1) == Some("--tls".into()) {
+        "rediss://127.0.0.1:6380/#insecure"
+    } else {
+        "redis://127.0.0.1:6379/"
+    };
+    match do_redis_code(url) {
         Err(err) => {
             println!("Could not execute example:");
             println!("  {}: {}", err.category(), err);

src/aio.rs

@@ -23,6 +23,12 @@ use tokio::{
 #[cfg(feature = "tokio-comp")]
 use tokio::net::TcpStream as TcpStreamTokio;
 
+#[cfg(feature = "tokio-tls-comp")]
+use tokio_tls::TlsStream as TlsStreamTokio;
+
+#[cfg(feature = "tls")]
+use native_tls::TlsConnector;
+
 #[cfg(any(feature = "tokio-comp", feature = "async-std-comp"))]
 use tokio_util::codec::Decoder;
 
@@ -52,7 +58,16 @@ use crate::aio_async_std;
 pub(crate) trait Connect {
     /// Performs a TCP connection
     async fn connect_tcp(socket_addr: SocketAddr) -> RedisResult<ActualConnection>;
-    /// Performans an UNIX connection
+
+    // Performs a TCP TLS connection
+    #[cfg(feature = "tls")]
+    async fn connect_tcp_tls(
+        hostname: &str,
+        socket_addr: SocketAddr,
+        insecure: bool,
+    ) -> RedisResult<ActualConnection>;
+
+    /// Performs a UNIX connection
     #[cfg(unix)]
     async fn connect_unix(path: &Path) -> RedisResult<ActualConnection>;
 }
@@ -61,6 +76,9 @@ pub(crate) trait Connect {
 mod tokio_aio {
     use super::{async_trait, ActualConnection, Connect, RedisResult, SocketAddr, TcpStreamTokio};
 
+    #[cfg(feature = "tls")]
+    use super::TlsConnector;
+
     #[cfg(unix)]
     use super::{Path, UnixStreamTokio};
 
@@ -73,6 +91,27 @@ mod tokio_aio {
                 .await
                 .map(ActualConnection::TcpTokio)?)
         }
+        #[cfg(feature = "tls")]
+        async fn connect_tcp_tls(
+            hostname: &str,
+            socket_addr: SocketAddr,
+            insecure: bool,
+        ) -> RedisResult<ActualConnection> {
+            let tls_connector: tokio_tls::TlsConnector = if insecure {
+                TlsConnector::builder()
+                    .danger_accept_invalid_certs(true)
+                    .danger_accept_invalid_hostnames(true)
+                    .use_sni(false)
+                    .build()?
+            } else {
+                TlsConnector::new()?
+            }
+            .into();
+            Ok(tls_connector
+                .connect(hostname, TcpStreamTokio::connect(&socket_addr).await?)
+                .await
+                .map(ActualConnection::TcpTlsTokio)?)
+        }
         #[cfg(unix)]
         async fn connect_unix(path: &Path) -> RedisResult<ActualConnection> {
             Ok(UnixStreamTokio::connect(path)
@@ -87,13 +126,19 @@ pub(crate) enum ActualConnection {
     /// Represents a Tokio TCP connection.
     #[cfg(feature = "tokio-comp")]
     TcpTokio(TcpStreamTokio),
+    /// Represents a Tokio TLS encrypted TCP connection
+    #[cfg(feature = "tokio-tls-comp")]
+    TcpTlsTokio(TlsStreamTokio<TcpStreamTokio>),
     /// Represents a Tokio Unix connection.
     #[cfg(unix)]
     #[cfg(feature = "tokio-comp")]
     UnixTokio(UnixStreamTokio),
     /// Represents an Async_std TCP connection.
     #[cfg(feature = "async-std-comp")]
     TcpAsyncStd(aio_async_std::TcpStreamAsyncStdWrapped),
+    /// Represents an Async_std TLS encrypted TCP connection.
+    #[cfg(feature = "async-std-tls-comp")]
+    TcpTlsAsyncStd(aio_async_std::TlsStreamAsyncStdWrapped),
     /// Represents an Async_std Unix connection.
     #[cfg(feature = "async-std-comp")]
     #[cfg(unix)]
@@ -109,11 +154,15 @@ impl AsyncWrite for ActualConnection {
         match &mut *self {
             #[cfg(feature = "tokio-comp")]
             ActualConnection::TcpTokio(r) => Pin::new(r).poll_write(cx, buf),
+            #[cfg(feature = "tokio-tls-comp")]
+            ActualConnection::TcpTlsTokio(r) => Pin::new(r).poll_write(cx, buf),
             #[cfg(unix)]
             #[cfg(feature = "tokio-comp")]
             ActualConnection::UnixTokio(r) => Pin::new(r).poll_write(cx, buf),
             #[cfg(feature = "async-std-comp")]
             ActualConnection::TcpAsyncStd(r) => Pin::new(r).poll_write(cx, buf),
+            #[cfg(feature = "async-std-tls-comp")]
+            ActualConnection::TcpTlsAsyncStd(r) => Pin::new(r).poll_write(cx, buf),
             #[cfg(feature = "async-std-comp")]
             #[cfg(unix)]
             ActualConnection::UnixAsyncStd(r) => Pin::new(r).poll_write(cx, buf),
@@ -124,11 +173,15 @@ impl AsyncWrite for ActualConnection {
         match &mut *self {
             #[cfg(feature = "tokio-comp")]
             ActualConnection::TcpTokio(r) => Pin::new(r).poll_flush(cx),
+            #[cfg(feature = "tokio-tls-comp")]
+            ActualConnection::TcpTlsTokio(r) => Pin::new(r).poll_flush(cx),
             #[cfg(unix)]
             #[cfg(feature = "tokio-comp")]
             ActualConnection::UnixTokio(r) => Pin::new(r).poll_flush(cx),
             #[cfg(feature = "async-std-comp")]
             ActualConnection::TcpAsyncStd(r) => Pin::new(r).poll_flush(cx),
+            #[cfg(feature = "async-std-tls-comp")]
+            ActualConnection::TcpTlsAsyncStd(r) => Pin::new(r).poll_flush(cx),
             #[cfg(feature = "async-std-comp")]
             #[cfg(unix)]
             ActualConnection::UnixAsyncStd(r) => Pin::new(r).poll_flush(cx),
@@ -139,11 +192,15 @@ impl AsyncWrite for ActualConnection {
         match &mut *self {
             #[cfg(feature = "tokio-comp")]
             ActualConnection::TcpTokio(r) => Pin::new(r).poll_shutdown(cx),
+            #[cfg(feature = "tokio-tls-comp")]
+            ActualConnection::TcpTlsTokio(r) => Pin::new(r).poll_shutdown(cx),
             #[cfg(unix)]
             #[cfg(feature = "tokio-comp")]
             ActualConnection::UnixTokio(r) => Pin::new(r).poll_shutdown(cx),
             #[cfg(feature = "async-std-comp")]
             ActualConnection::TcpAsyncStd(r) => Pin::new(r).poll_shutdown(cx),
+            #[cfg(feature = "async-std-tls-comp")]
+            ActualConnection::TcpTlsAsyncStd(r) => Pin::new(r).poll_shutdown(cx),
             #[cfg(feature = "async-std-comp")]
             #[cfg(unix)]
             ActualConnection::UnixAsyncStd(r) => Pin::new(r).poll_shutdown(cx),
@@ -160,11 +217,15 @@ impl AsyncRead for ActualConnection {
         match &mut *self {
             #[cfg(feature = "tokio-comp")]
             ActualConnection::TcpTokio(r) => Pin::new(r).poll_read(cx, buf),
+            #[cfg(feature = "tokio-tls-comp")]
+            ActualConnection::TcpTlsTokio(r) => Pin::new(r).poll_read(cx, buf),
             #[cfg(unix)]
             #[cfg(feature = "tokio-comp")]
             ActualConnection::UnixTokio(r) => Pin::new(r).poll_read(cx, buf),
             #[cfg(feature = "async-std-comp")]
             ActualConnection::TcpAsyncStd(r) => Pin::new(r).poll_read(cx, buf),
+            #[cfg(feature = "async-std-tls-comp")]
+            ActualConnection::TcpTlsAsyncStd(r) => Pin::new(r).poll_read(cx, buf),
             #[cfg(feature = "async-std-comp")]
             #[cfg(unix)]
             ActualConnection::UnixAsyncStd(r) => Pin::new(r).poll_read(cx, buf),
@@ -414,10 +475,27 @@ async fn connect_simple<T: Connect>(
     Ok(match *connection_info.addr {
         ConnectionAddr::Tcp(ref host, port) => {
             let socket_addr = get_socket_addrs(host, port)?;
-
             <T>::connect_tcp(socket_addr).await?
         }
 
+        #[cfg(feature = "tls")]
+        ConnectionAddr::TcpTls {
+            ref host,
+            port,
+            insecure,
+        } => {
+            let socket_addr = get_socket_addrs(host, port)?;
+            <T>::connect_tcp_tls(host, socket_addr, insecure).await?
+        }
+
+        #[cfg(not(feature = "tls"))]
+        ConnectionAddr::TcpTls { .. } => {
+            fail!((
+                ErrorKind::InvalidClientConfig,
+                "Cannot connect to TCP with TLS without the tls feature"
+            ));
+        }
+
         #[cfg(unix)]
         ConnectionAddr::Unix(ref path) => <T>::connect_unix(path).await?,
 
@@ -796,12 +874,24 @@ impl MultiplexedConnection {
                 let (pipeline, driver) = Pipeline::new(codec);
                 (pipeline, boxed(driver))
             }
+            #[cfg(feature = "tokio-tls-comp")]
+            ActualConnection::TcpTlsTokio(tls) => {
+                let codec = ValueCodec::default().framed(tls);
+                let (pipeline, driver) = Pipeline::new(codec);
+                (pipeline, boxed(driver))
+            }
             #[cfg(feature = "async-std-comp")]
             ActualConnection::TcpAsyncStd(tcp) => {
                 let codec = ValueCodec::default().framed(tcp);
                 let (pipeline, driver) = Pipeline::new(codec);
                 (pipeline, boxed(driver))
             }
+            #[cfg(feature = "async-std-tls-comp")]
+            ActualConnection::TcpTlsAsyncStd(tcp) => {
+                let codec = ValueCodec::default().framed(tcp);
+                let (pipeline, driver) = Pipeline::new(codec);
+                (pipeline, boxed(driver))
+            }
             #[cfg(unix)]
             #[cfg(feature = "tokio-comp")]
             ActualConnection::UnixTokio(unix) => {