From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id DFCA793F4A for ; Wed, 21 Feb 2024 13:22:30 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id BA0F716B33 for ; Wed, 21 Feb 2024 13:22:00 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 21 Feb 2024 13:21:59 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 7CDC344469 for ; Wed, 21 Feb 2024 13:21:59 +0100 (CET) Date: Wed, 21 Feb 2024 13:21:58 +0100 From: Christoph Heiss To: Aaron Lauterer Cc: Proxmox VE development discussion Message-ID: <2646kro74j2uxigvijpy3zzen7ddv7aodft6fgvxfmp2gkqydw@upmuhbxzl23i> References: <20240221110805.931925-1-a.lauterer@proxmox.com> <20240221110805.931925-21-a.lauterer@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240221110805.931925-21-a.lauterer@proxmox.com> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.004 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [post.rs] Subject: Re: [pve-devel] [PATCH v2 20/22] auto-installer: fetch: add http post utility module X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2024 12:22:30 -0000 On Wed, Feb 21, 2024 at 12:08:03PM +0100, Aaron Lauterer wrote: > It sends a http(s) POST request with the sysinfo as payload and expects > an answer file in return. > [..] > diff --git a/proxmox-auto-installer/src/fetch_plugins/utils/post.rs b/proxmox-auto-installer/src/fetch_plugins/utils/post.rs > new file mode 100644 > index 0000000..c9f6ddb > --- /dev/null > +++ b/proxmox-auto-installer/src/fetch_plugins/utils/post.rs > @@ -0,0 +1,93 @@ > +use anyhow::Result; > +use rustls::ClientConfig; > +use sha2::{Digest, Sha256}; > +use std::sync::Arc; > +use ureq::{Agent, AgentBuilder}; > + > +/// Issues a POST request with the payload (JSON). Optionally a SHA256 fingerprint can be used to > +/// check the cert against it, instead of the regular cert validation. > +/// To gather the sha256 fingerprint you can use the following command: > +/// ```no_compile > +/// openssl s_client -connect :443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -sha256 -noout -in /dev/stdin > +/// ``` > +/// > +/// # Arguemnts > +/// * `url` - URL to call > +/// * `fingerprint` - SHA256 cert fingerprint if certificate pinning should be used. Optional. > +/// * `payload` - The payload to send to the server. Expected to be a JSON formatted string. > +pub fn call(url: String, fingerprint: Option<&str>, payload: String) -> Result { > + let answer ; Bit to much whitespaces? > + > + if let Some(fingerprint) = fingerprint { > + let tls_config = ClientConfig::builder() > + .with_safe_defaults() > + .with_custom_certificate_verifier(VerifyCertFingerprint::new(fingerprint)?) > + .with_no_client_auth(); > + > + let agent: Agent = AgentBuilder::new().tls_config(Arc::new(tls_config)).build(); > + > + answer = agent > + .post(&url) > + .set("Content-type", "application/json; charset=utf-") ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Should probably read "application/json; charset=utf-8" I assume? :^) > + .send_string(&payload)? > + .into_string()?; > + } else { > + let mut roots = rustls::RootCertStore::empty(); > + for cert in rustls_native_certs::load_native_certs()? { > + roots.add(&rustls::Certificate(cert.0)).unwrap(); > + } > + > + let tls_config = rustls::ClientConfig::builder() > + .with_safe_defaults() > + .with_root_certificates(roots) > + .with_no_client_auth(); > + > + let agent = AgentBuilder::new() > + .tls_connector(Arc::new(native_tls::TlsConnector::new()?)) > + .tls_config(Arc::new(tls_config)) > + .build(); > + answer = agent > + .post(&url) > + .set("Content-type", "application/json; charset=utf-") .. and same here