Skip to content

Instantly share code, notes, and snippets.

@davidB davidB/Cargo.toml
Last active Dec 25, 2019

Embed
What would you like to do?
GKE access failed via reqwest
[package]
name = "test_gke_cert"
version = "0.1.0"
authors = ["David Bernard"]
edition = "2018"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
openssl = { version = "^0.10", features = ["vendored"] }
tokio = { version = "^0.2.5", features = ["full"]}
# curl = "0.4.25" # ok
# curl = {version = "0.4.25", features = ["static-ssl"] } # ok
curl = {version = "0.4.25", features = ["mesalink"] } # ok
# curl = {version = "0.4.25", features = ["static-curl"] } # failed
# curl = {version = "0.4.25", features = ["static-curl", "mesalink"] } # failed
# curl = {version = "0.4.25", features = ["static-curl", "static-ssl"] } # failed
[dependencies.reqwest]
#version = "0.10.0"
# version = " 0.10.0-alpha.2"
git = "https://github.com/seanmonstar/reqwest"
rev = "18fd9a63b0eb7bf51d2e2b7fe31b4567f0b05779"
features = ["json", "gzip", "rustls-tls"]
# features = ["rustls-tls"]
# # TODO: rustls
// Mac OSX (Catalina 10.15.2):
// ```
// --- with curl ---
// {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"forbidden: User \"system:anonymous\" cannot get path \"/\"","reason":"Forbidden","details":{},"code":403}
// [src/main.rs:51] main_with_curl().await = Ok(
// (),
// )
// --- with reqwest ---
// [src/main.rs:53] main_with_reqwest().await = Err(
// reqwest::Error {
// kind: Request,
// url: "https://35.232.6.83/",
// source: hyper::Error(
// Connect,
// Error {
// code: -67843,
// message: "The certificate was not trusted.",
// },
// ),
// },
// )
// ```
//
// Linux:
// ```
// Response {
// url: "https://35.232.6.83/",
// status: 403,
// headers: {
// "audit-id": "83ac14e8-8beb-4456-b495-35c81ba9b348",
// "content-type": "application/json",
// "x-content-type-options": "nosniff",
// "date": "Sat, 21 Dec 2019 18:21:52 GMT",
// "content-length": "185",
// },
// }
///```
///
const SERVERAPI_URL: &str = "https://35.232.6.83";
const CACERT_PEM: &str = r#"
-----BEGIN CERTIFICATE-----
MIIDDDCCAfSgAwIBAgIRANMRvVXXaTbXyxpbqXtlgyEwDQYJKoZIhvcNAQELBQAw
LzEtMCsGA1UEAxMkMzg1NTM1MzEtOTgwNS00NzcwLTllMzItMmY1MmM1NDU3NWY4
MB4XDTE5MTIxOTA3NTM1OVoXDTI0MTIxNzA4NTM1OVowLzEtMCsGA1UEAxMkMzg1
NTM1MzEtOTgwNS00NzcwLTllMzItMmY1MmM1NDU3NWY4MIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAmX8Eg6r6tygSiIM3nMS4VwnYoXrrIuixlCGqsI4L
sw5j9oTslbNvsOjfFnRGyMK6wPm7x/htMC5B44Jyh2BedZbfcp7WXZJr7Dq/9SgR
/TPZmb1GwqVvqfE4RmzwK6wcaMSEkF/mqc9+IWiEpmMRmkdsvj2/8fydQM2+Wj8y
qSzaIgMopsaNuA4EWIKABeQH8vzIMjiEsvSpGDRRF14G6OMeCUypa780HCUwNKkc
BaAUc1VzAcQYTNzx78Y4IZCJjkwtBfKYWUibIWWeJaDAzNEbYGeBNtc6/kbvUuCL
VmibQ5+Qo6kgjchElRECZU4dhz8FKOMWh3YFyNpE7hZqrwIDAQABoyMwITAOBgNV
HQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEA
b0qhFcv4LriftJrB5RX0XHjEjGiEirv4Xq9rUgGOTYGnrtKtqu7DPIoZagYgByTX
VnpqGJczQ/ZGZyAeE502uH6np6ftmQi98NFNe5W7btv/U4ZHN8VzQ2+77uBw/orY
YuVKNMMcc+CfO8pX2rv8Z4YUUvBz3/YO9h5K1IBjXuLCI+PM6+2OMFfaoSI0Iz8q
sazWeeT8orW1/LdJMokCkGqgPZC8X15j2/E6YlzPeebAQK/QgpMYg9XoHWJcuhSx
RgGI71iQAaYoBYSxSgV2cteECEiJlMoInkU0HCX7JlZlR/ypZl+ybPFVQigsAfpu
o098cHJLzIFII9icY8n1dQ==
-----END CERTIFICATE-----
"#;
#[tokio::main]
async fn main() {
println!("--- with curl ---");
dbg!(main_with_curl().await);
println!("--- with reqwest ---");
dbg!(main_with_reqwest().await);
}
async fn main_with_reqwest() -> Result<(), Box<dyn std::error::Error>> {
use openssl::x509::X509;
// use reqwest;
let ca = X509::from_pem(CACERT_PEM.as_bytes())?;
let cert = reqwest::Certificate::from_der(&ca.to_der()?)?;
// dbg!(&ca.subject_name());
// dbg!(&ca.subject_name());
// dbg!(&cert);
let mut client_builder = reqwest::Client::builder();
client_builder = client_builder
.add_root_certificate(cert)
// .danger_accept_invalid_certs(true)
;
let client = client_builder.build()?;
let resp = client.get(SERVERAPI_URL).send().await?;
println!("{:#?}", resp);
Ok(())
}
// curl -i -v https://35.232.6.83 --cacert ./cert3.x509.crt
async fn main_with_curl() -> Result<(), Box<dyn std::error::Error>> {
use curl::easy::Easy;
use std::io::{stdout, Write};
// Write the contents of rust-lang.org to stdout
let mut easy = Easy::new();
let cacert = std::path::Path::new("ca.x509.crt");
std::fs::write(cacert, CACERT_PEM)?;
easy.cainfo(cacert)?;
easy.url(SERVERAPI_URL)?;
easy.write_function(|data| {
stdout().write_all(data).unwrap();
Ok(data.len())
})?;
easy.perform()?;
Ok(())
}
cat >ca.x509.crt <<EOF
-----BEGIN CERTIFICATE-----
MIIDDDCCAfSgAwIBAgIRANMRvVXXaTbXyxpbqXtlgyEwDQYJKoZIhvcNAQELBQAw
LzEtMCsGA1UEAxMkMzg1NTM1MzEtOTgwNS00NzcwLTllMzItMmY1MmM1NDU3NWY4
MB4XDTE5MTIxOTA3NTM1OVoXDTI0MTIxNzA4NTM1OVowLzEtMCsGA1UEAxMkMzg1
NTM1MzEtOTgwNS00NzcwLTllMzItMmY1MmM1NDU3NWY4MIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAmX8Eg6r6tygSiIM3nMS4VwnYoXrrIuixlCGqsI4L
sw5j9oTslbNvsOjfFnRGyMK6wPm7x/htMC5B44Jyh2BedZbfcp7WXZJr7Dq/9SgR
/TPZmb1GwqVvqfE4RmzwK6wcaMSEkF/mqc9+IWiEpmMRmkdsvj2/8fydQM2+Wj8y
qSzaIgMopsaNuA4EWIKABeQH8vzIMjiEsvSpGDRRF14G6OMeCUypa780HCUwNKkc
BaAUc1VzAcQYTNzx78Y4IZCJjkwtBfKYWUibIWWeJaDAzNEbYGeBNtc6/kbvUuCL
VmibQ5+Qo6kgjchElRECZU4dhz8FKOMWh3YFyNpE7hZqrwIDAQABoyMwITAOBgNV
HQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEA
b0qhFcv4LriftJrB5RX0XHjEjGiEirv4Xq9rUgGOTYGnrtKtqu7DPIoZagYgByTX
VnpqGJczQ/ZGZyAeE502uH6np6ftmQi98NFNe5W7btv/U4ZHN8VzQ2+77uBw/orY
YuVKNMMcc+CfO8pX2rv8Z4YUUvBz3/YO9h5K1IBjXuLCI+PM6+2OMFfaoSI0Iz8q
sazWeeT8orW1/LdJMokCkGqgPZC8X15j2/E6YlzPeebAQK/QgpMYg9XoHWJcuhSx
RgGI71iQAaYoBYSxSgV2cteECEiJlMoInkU0HCX7JlZlR/ypZl+ybPFVQigsAfpu
o098cHJLzIFII9icY8n1dQ==
-----END CERTIFICATE-----
EOF
openssl x509 -in ca.x509.crt -noout -text
curl -i -v https://35.232.6.83 --cacert ./ca.x509.crt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.