在最基本的 L4 连接建立完成之后,如果有需要,Pingora 就可以在此基础之开始建立 TLS 连接了。TLS 建立有两种选择:openssl 和 boringssl。Pingora 分别为二者包装了 pingora-openssl 和 pingora-boringssl 两个库。
在本文中,我们以 OpenSSL 为核心去描绘基本的连接建立流程,因此与 BoringSSL 相关的代码将会折叠。
事先声明,这篇文章整体会比较水,因为 TLS 客户端的实现其实也没什么可说的,而且基本都是一看就懂。所以本文也不会讲解太多。
此外,对 Rustls 的支持在 #29 中讨论。
ToC
connect
TLS 部分的 connect 基本就是根据 peer 的情况做一些参数上的调整,包括但不限于 ca、cert、可用的 curve、second keyshare 相关的检查与设置。在这些都配置完之后,就进入了 handshake 的流程。根据 connection_timeout 的配置,handshake 会有一个可选的超时时间。
pub(crate) async fn connect<T, P>(
stream: T,
peer: &P,
alpn_override: Option<ALPN>,
tls_ctx: &SslConnector,
) -> Result<SslStream<T>>
where
T: IO,
P: Peer + Send + Sync,
{
let mut ssl_conf = tls_ctx.configure().unwrap();
3 collapsed lines
ssl_set_renegotiate_mode_freely(&mut ssl_conf);
// Set up CA/verify cert store
// TODO: store X509Store in the peer directly
if let Some(ca_list) = peer.get_ca() {
let mut store_builder = X509StoreBuilder::new().unwrap();
for ca in &***ca_list {
store_builder.add_cert(ca.clone()).unwrap();
}
ssl_set_verify_cert_store(&mut ssl_conf, &store_builder.build())
.or_err(InternalError, "failed to load cert store")?;
}
// Set up client cert/key
if let Some(key_pair) = peer.get_client_cert_key() {
debug!("setting client cert and key");
ssl_use_certificate(&mut ssl_conf, key_pair.leaf())
.or_err(InternalError, "invalid client cert")?;
ssl_use_private_key(&mut ssl_conf, key_pair.key())
.or_err(InternalError, "invalid client key")?;
let intermediates = key_pair.intermediates();
if !intermediates.is_empty() {
debug!("adding intermediate certificates for mTLS chain");
for int in intermediates {
ssl_add_chain_cert(&mut ssl_conf, int)
.or_err(InternalError, "invalid intermediate client cert")?;
}
}
}
if let Some(curve) = peer.get_peer_options().and_then(|o| o.curves) {
ssl_set_groups_list(&mut ssl_conf, curve).or_err(InternalError, "invalid curves")?;
}
6 collapsed lines
// second_keyshare is default true
if !peer.get_peer_options().map_or(true, |o| o.second_keyshare) {
ssl_use_second_key_share(&mut ssl_conf, false);
}
// disable verification if sni does not exist
// XXX: verify on empty string cause null string seg fault
if peer.sni().is_empty() {
ssl_conf.set_use_server_name_indication(false);
/* NOTE: technically we can still verify who signs the cert but turn it off to be
consistent with nginx's behavior */
ssl_conf.set_verify(SslVerifyMode::NONE);
} else if peer.verify_cert() {
if peer.verify_hostname() {
let verify_param = ssl_conf.param_mut();
add_host(verify_param, peer.sni()).or_err(InternalError, "failed to add host")?;
// if sni had underscores in leftmost label replace and add
if let Some(sni_s) = replace_leftmost_underscore(peer.sni()) {
add_host(verify_param, sni_s.as_ref()).unwrap();
}
if let Some(alt_cn) = peer.alternative_cn() {
if !alt_cn.is_empty() {
add_host(verify_param, alt_cn).unwrap();
// if alt_cn had underscores in leftmost label replace and add
if let Some(alt_cn_s) = replace_leftmost_underscore(alt_cn) {
add_host(verify_param, alt_cn_s.as_ref()).unwrap();
}
}
}
}
ssl_conf.set_verify(SslVerifyMode::PEER);
} else {
ssl_conf.set_verify(SslVerifyMode::NONE);
}
/*
We always set set_verify_hostname(false) here because:
- verify case.) otherwise ssl.connect calls X509_VERIFY_PARAM_set1_host
which overrides the names added by add_host. Verify is
essentially on as long as the names are added.
- off case.) the non verify hostname case should have it disabled
*/
ssl_conf.set_verify_hostname(false);
if let Some(alpn) = alpn_override.as_ref().or(peer.get_alpn()) {
ssl_conf.set_alpn_protos(alpn.to_wire_preference()).unwrap();
}
clear_error_stack();
let connect_future = handshake(ssl_conf, peer.sni(), stream);
match peer.connection_timeout() {
Some(t) => match pingora_timeout::timeout(t, connect_future).await {
Ok(res) => res,
Err(_) => Error::e_explain(
ConnectTimedout,
format!("connecting to server {}, timeout {:?}", peer, t),
),
},
None => connect_future.await,
}
}
handshake
和 connect 相比,handshake 能讲的其实更少了。主要的内容就是两个:36 行的 SslSteram::new 和 38 行的 connect。
其中,SslStream 是 pingora 对不同 SSL 实现的抽象这个我们接下来马上会讲到;而 connect 则是直接调用了各种 SSL 实现的 connect 方法,比如 openssl 就是调用了 tokio-openssl 的 SslStream::connect。
其他本身大部分都是在做错误处理,这里就不多赘述了。
/// Perform the TLS handshake for the given connection with the given configuration
pub async fn handshake<S: IO>(
conn_config: ConnectConfiguration,
domain: &str,
io: S,
) -> Result<SslStream<S>> {
let ssl = conn_config
.into_ssl(domain)
.explain_err(TLSHandshakeFailure, |e| format!("ssl config error: {e}"))?;
let mut stream = SslStream::new(ssl, io)
.explain_err(TLSHandshakeFailure, |e| format!("ssl stream error: {e}"))?;
let handshake_result = stream.connect().await;
match handshake_result {
33 collapsed lines
Ok(()) => Ok(stream),
Err(e) => {
let context = format!("TLS connect() failed: {e}, SNI: {domain}");
match e.code() {
ssl::ErrorCode::SSL => {
// Unify the return type of `verify_result` for openssl
#[cfg(not(feature = "boringssl"))]
fn verify_result<S>(stream: SslStream<S>) -> Result<(), i32> {
match stream.ssl().verify_result().as_raw() {
crate::tls::ssl_sys::X509_V_OK => Ok(()),
e => Err(e),
}
}
// Unify the return type of `verify_result` for boringssl
#[cfg(feature = "boringssl")]
fn verify_result<S>(stream: SslStream<S>) -> Result<(), i32> {
stream.ssl().verify_result().map_err(|e| e.as_raw())
}
match verify_result(stream) {
Ok(()) => Error::e_explain(TLSHandshakeFailure, context),
// X509_V_ERR_INVALID_CALL in case verify result was never set
Err(X509_V_ERR_INVALID_CALL) => {
Error::e_explain(TLSHandshakeFailure, context)
}
_ => Error::e_explain(InvalidCert, context),
}
}
/* likely network error, but still mark as TLS error */
_ => Error::e_explain(TLSHandshakeFailure, context),
}
}
}
}
SslStream
先来看定义吧。这个 struct 里定义了:
- ssl: 实际的工作部分。这里的
InnerSsl实际就是tokio_ssl::SslStream。 - digest: TLS 连接的相关信息,包括
cipher、版本、证书等信息。 - timing: 用于记录一些时间,当前版本只记录了连接的建立时间。
/// The TLS connection
#[derive(Debug)]
pub struct SslStream<T> {
ssl: InnerSsl<T>,
digest: Option<Arc<SslDigest>>,
timing: TimingDigest,
}
来看主要的部分。可以看到,SslStream 对 T 的要求是 AsyncRead + AsyncWrite + Unpin。由于 SslStream 本身需要 Async Readable/Writable,所以自然其内部承载的流也需要具备该特性。初次之外就都是对 self.ssl 的一般包装,看看就好(
impl<T> SslStream<T>
where
T: AsyncRead + AsyncWrite + std::marker::Unpin,
{
/// Create a new TLS connection from the given `stream`
///
/// The caller needs to perform [`Self::connect()`] or [`Self::accept()`] to perform TLS
/// handshake after.
pub fn new(ssl: ssl::Ssl, stream: T) -> Result<Self> {
let ssl = InnerSsl::new(ssl, stream)
.explain_err(TLSHandshakeFailure, |e| format!("ssl stream error: {e}"))?;
Ok(SslStream {
ssl,
digest: None,
timing: Default::default(),
})
}
/// Connect to the remote TLS server as a client
pub async fn connect(&mut self) -> Result<(), ssl::Error> {
Self::clear_error();
Pin::new(&mut self.ssl).connect().await?;
self.timing.established_ts = SystemTime::now();
self.digest = Some(Arc::new(SslDigest::from_ssl(self.ssl())));
Ok(())
}
/// Finish the TLS handshake from client as a server
pub async fn accept(&mut self) -> Result<(), ssl::Error> {
Self::clear_error();
Pin::new(&mut self.ssl).accept().await?;
self.timing.established_ts = SystemTime::now();
self.digest = Some(Arc::new(SslDigest::from_ssl(self.ssl())));
Ok(())
}
#[inline]
fn clear_error() {
let errs = tls::error::ErrorStack::get();
if !errs.errors().is_empty() {
warn!("Clearing dirty TLS error stack: {}", errs);
}
}
}