From 5f3fa20dbeade595503d51ca117c54fe28e9bf25 Mon Sep 17 00:00:00 2001 From: Matt Butcher Date: Thu, 24 Jun 2021 12:42:15 -0600 Subject: [PATCH] SSL/TLS configuration streamlining Signed-off-by: Matt Butcher --- .gitignore | 1 + Makefile | 13 +++++++++++-- README.md | 4 +++- bin/server.rs | 12 ++++++------ 4 files changed, 21 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index 23bb4fa..78fbaf7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ /target /.vscode .DS_Store +/ssl-example.* diff --git a/Makefile b/Makefile index cdfd560..e60b004 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,8 @@ BINDLE_LOG_LEVEL ?= debug BINDLE_ID ?= enterprise.com/warpcore/1.0.0 BINDLE_IFACE ?= 127.0.0.1:8080 MIME ?= "application/toml" +CERT_NAME ?= "./ssl-example" +TLS_OPTS ?= --tls-cert ${CERT_NAME}.crt.pem --tls-key ${CERT_NAME}.key.pem export RUST_LOG=error,warp=info,bindle=${BINDLE_LOG_LEVEL} @@ -15,9 +17,13 @@ test: build cargo test cargo test --doc --all +.PHONY: serve-tls +serve-tls: + cargo run ${SERVER_FEATURES} --bin ${SERVER_BIN} -- --directory ${HOME}/.bindle/bindles --address ${BINDLE_IFACE} ${TLS_OPTS} + .PHONY: serve -serve: - cargo run ${SERVER_FEATURES} --bin ${SERVER_BIN} -- --directory ${HOME}/.bindle/bindles --address ${BINDLE_IFACE} +serve: TLS_OPTS = +serve: serve-tls # Sort of a wacky hack if you want to do `$(make client) --help` .PHONY: client @@ -36,3 +42,6 @@ build-server: build-client: cargo build ${CLIENT_FEATURES} --bin ${CLIENT_BIN} +.PHONY: gen-cert +gen-cert: + openssl req -newkey rsa:2048 -nodes -keyout ${CERT_NAME}.key.pem -x509 -days 365 -out ${CERT_NAME}.crt.pem \ No newline at end of file diff --git a/README.md b/README.md index 4414c92..37f04dd 100644 --- a/README.md +++ b/README.md @@ -94,7 +94,9 @@ For both client and server, the `--help` flag will print out documentation. To start the compiled server, simply run `target/debug/bindle-server`. If you would like to see the available options, use the `--help` command. -If you would like to run the server with `cargo run` (useful when debugging), use `make serve`. +If you would like to run the server with `cargo run` (useful when debugging), use `make serve` or `make serve-tls`. + +You can generate self-signed testing SSL certificates with `make gen-cert`. #### Supplying a Configuration File diff --git a/bin/server.rs b/bin/server.rs index b36df41..14a2e09 100644 --- a/bin/server.rs +++ b/bin/server.rs @@ -40,8 +40,8 @@ struct Opts { #[clap( name = "cert_path", short = 'c', - long = "cert-path", - env = "BINDLE_CERT_PATH", + long = "tls-cert", + env = "BINDLE_TLS_CERT", requires = "key_path", about = "the path to the TLS certificate to use. If set, --key-path must be set as well. If not set, the server will use HTTP" )] @@ -49,8 +49,8 @@ struct Opts { #[clap( name = "key_path", short = 'k', - long = "key-path", - env = "BINDLE_KEY_PATH", + long = "tls-key", + env = "BINDLE_TLS_KEY", requires = "cert_path", about = "the path to the TLS certificate key to use. If set, --cert-path must be set as well. If not set, the server will use HTTP" )] @@ -65,7 +65,7 @@ struct Opts { name = "keyring", short = 'r', long = "keyring", - about = "the path to the keyring file" + about = "the path to the public keyring file used for verifying signatures" )] keyring_file: Option, @@ -73,7 +73,7 @@ struct Opts { name = "signing_keys", long = "signing-keys", env = "BINDLE_SIGNING_KEYS", - about = "location of the TOML file that holds the signing keys" + about = "location of the TOML file that holds the signing keys used for creating signatures" )] signing_file: Option, }