зеркало из https://github.com/Azure/iotedge.git
Add TLS 1.3 support and remove TLS 1.0 and 1.1 support in edgeHub (#7173)
- Updates .NET Standard modules to .NET 6 (required for TLS 1.3 support) - Removes support for TLS 1.0 and 1.1 and adds support for TLS 1.3. The default setting for edgeHub is to enable both TLS 1.2 and 1.3. - Removes the unused `min_tls_version` setting from aziot-edged. Although removing TLS 1.0 and 1.1 is a breaking change for users, these versions are deprecated everywhere and should be removed. Furthermore, current versions of edgeHub already do not support TLS 1.0/1.1 due to being built against a version of openssl that disables TLS 1.0/1.1 support, so in reality edgeHub has already dropped support for TLS 1.0/1.1.
This commit is contained in:
Родитель
f0ab49325b
Коммит
891d701a82
|
@ -1,6 +1,6 @@
|
|||
# Edge Agent and Edge Hub Environment Variables
|
||||
|
||||
Use the following environment variables to configure the Edge Agent and Edge Hub services. These variables are used in the [deployment manifest](https://learn.microsoft.com/en-us/azure/iot-edge/module-composition) to configure the Edge Agent and Edge Hub modules.
|
||||
Use the following environment variables to configure the Edge Agent and Edge Hub services. These variables are used in the [deployment manifest](https://learn.microsoft.com/en-us/azure/iot-edge/module-composition) to configure the Edge Agent and Edge Hub modules.
|
||||
|
||||
You can set Edge Agent and Edge Hub environment variables in the Azure portal. In the details page for your IoT Edge device, select **Set Modules**. In the **IoT Edge Modules** section, select **Runtime Settings**. Choose the **Edge Agent** or **Edge Hub** tab for the module's environment variable you want to set. Add the variable detail in the **Environment Variables** section. Apply and create the deployment for the device.
|
||||
|
||||
|
@ -90,7 +90,7 @@ You can set Edge Agent and Edge Hub environment variables in the Azure portal. I
|
|||
| RocksDB_MaxManifestFileSize | Max size of a RocksDB MANIFEST file before it's rolled over | ulong | |
|
||||
| RuntimeLogLevel | Runtime diagnostic logging level | fatal, error, warning, info, debug, verbose | info |
|
||||
| ShutdownWaitPeriod | Seconds to wait on shutdown before hard termination | int32 | 60 |
|
||||
| SslProtocols | TLS protocol(s) to be supported | tls1.0, tls1.1, tls1.2, or any combination thereof separated by comma | tls1.2 |
|
||||
| SslProtocols | TLS protocol(s) to be supported | tls1.2, tls1.3, or any combination thereof separated by comma | tls1.2,tls1.3 |
|
||||
| Storage_LogLevel | RocksDB diagnostic log level | NONE, FATAL, HEADER, ERROR, WARN, INFO, DEBUG | NONE |
|
||||
| StorageFolder | Path to place the EdgeHub databases directory | string | TempPath of the current OS |
|
||||
| UpstreamFanOutFactor | Max number of message groups to concurrently process for sending, grouped by sender | int32 | 10 |
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
"value": "<proxyAddress>"
|
||||
},
|
||||
"SslProtocols": {
|
||||
"value": "tls1.2"
|
||||
"value": "tls1.2,tls1.3"
|
||||
}
|
||||
},
|
||||
"status": "running",
|
||||
|
@ -95,4 +95,4 @@
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -104,7 +104,7 @@ namespace Microsoft.Azure.Devices.Edge.Agent.Core
|
|||
hashCode = (hashCode * 397) ^ (this.Runtime != null ? this.Runtime.GetHashCode() : 0);
|
||||
hashCode = (hashCode * 397) ^ (this.SystemModules != null ? this.SystemModules.GetHashCode() : 0);
|
||||
hashCode = (hashCode * 397) ^ (this.Modules != null ? this.Modules.GetHashCode() : 0);
|
||||
hashCode = (hashCode * 397) ^ (this.Integrity != null ? this.Integrity.GetHashCode() : 0);
|
||||
hashCode = (hashCode * 397) ^ this.Integrity.GetHashCode();
|
||||
return hashCode;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<Import Project="..\..\..\netstandardVersion.props" />
|
||||
<Import Project="..\..\..\netcoreappVersion.props" />
|
||||
|
||||
<PropertyGroup>
|
||||
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
|
||||
|
@ -32,7 +32,7 @@
|
|||
</ItemGroup>
|
||||
<PropertyGroup>
|
||||
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
|
||||
</PropertyGroup>
|
||||
</PropertyGroup>
|
||||
<Import Project="..\..\..\stylecop.props" />
|
||||
|
||||
<Target Name="ChangeAliasOfAkkaNet" BeforeTargets="FindReferenceAssembliesForReferences;ResolveReferences">
|
||||
|
|
|
@ -109,7 +109,7 @@ namespace Microsoft.Azure.Devices.Edge.Agent.Core.Planner
|
|||
plan.AddRange(commands);
|
||||
}
|
||||
|
||||
// If we need to premept the constructed plan with image pull
|
||||
// If we need to preempt the constructed plan with image pull
|
||||
// commands, do so here.
|
||||
plan = upfrontImagePullPlan.Concat(plan).ToList();
|
||||
|
||||
|
|
|
@ -162,12 +162,12 @@ namespace Microsoft.Azure.Devices.Edge.Agent.Diagnostics
|
|||
return false;
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
catch
|
||||
{
|
||||
// If unexpected error publishing metrics, delete stored ones to prevent storage buildup.
|
||||
Log.LogError($"Unexpected error publishing metrics. Deleting stored metrics.");
|
||||
await this.storage.RemoveAllReturnedMetricsAsync();
|
||||
throw ex;
|
||||
throw;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<Import Project="..\..\..\netstandardVersion.props" />
|
||||
<Import Project="..\..\..\netcoreappVersion.props" />
|
||||
|
||||
<PropertyGroup>
|
||||
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<Import Project="..\..\..\netstandardVersion.props" />
|
||||
<Import Project="..\..\..\netcoreappVersion.props" />
|
||||
|
||||
<PropertyGroup>
|
||||
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
|
||||
|
@ -25,6 +25,6 @@
|
|||
</ItemGroup>
|
||||
<PropertyGroup>
|
||||
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
|
||||
</PropertyGroup>
|
||||
</PropertyGroup>
|
||||
<Import Project="..\..\..\stylecop.props" />
|
||||
</Project>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<Import Project="..\..\..\netstandardVersion.props" />
|
||||
<Import Project="..\..\..\netcoreappVersion.props" />
|
||||
|
||||
<PropertyGroup>
|
||||
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
|
||||
|
@ -19,6 +19,6 @@
|
|||
</ItemGroup>
|
||||
<PropertyGroup>
|
||||
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
|
||||
</PropertyGroup>
|
||||
</PropertyGroup>
|
||||
<Import Project="..\..\..\stylecop.props" />
|
||||
</Project>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<Import Project="..\..\..\netstandardVersion.props" />
|
||||
<Import Project="..\..\..\netcoreappVersion.props" />
|
||||
|
||||
<PropertyGroup>
|
||||
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
|
||||
|
@ -21,6 +21,6 @@
|
|||
</ItemGroup>
|
||||
<PropertyGroup>
|
||||
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
|
||||
</PropertyGroup>
|
||||
</PropertyGroup>
|
||||
<Import Project="..\..\..\stylecop.props" />
|
||||
</Project>
|
||||
|
|
|
@ -98,8 +98,8 @@ namespace Microsoft.Azure.Devices.Edge.Agent.Edgelet.Versioning
|
|||
string baseUrl = HttpClientHelper.GetBaseUrl(this.ManagementUri).TrimEnd('/');
|
||||
var logsUrl = new StringBuilder();
|
||||
logsUrl.AppendFormat(CultureInfo.InvariantCulture, LogsUrlTemplate, baseUrl, module, this.Version.Name, follow.ToString().ToLowerInvariant());
|
||||
since.ForEach(s => logsUrl.AppendFormat($"&{LogsUrlSinceParameter}={Uri.EscapeUriString(s)}"));
|
||||
until.ForEach(u => logsUrl.AppendFormat($"&{LogsUrlUntilParameter}={Uri.EscapeUriString(u)}"));
|
||||
since.ForEach(s => logsUrl.AppendFormat($"&{LogsUrlSinceParameter}={Uri.EscapeDataString(s)}"));
|
||||
until.ForEach(u => logsUrl.AppendFormat($"&{LogsUrlUntilParameter}={Uri.EscapeDataString(u)}"));
|
||||
includeTimestamp.ForEach(b => logsUrl.AppendFormat($"&{LogsIncludeTimestampParameter}={b.ToString().ToLower()}"));
|
||||
|
||||
if (!(tail.HasValue && since.HasValue && until.HasValue))
|
||||
|
|
|
@ -585,7 +585,7 @@ namespace Microsoft.Azure.Devices.Edge.Agent.IoTHub
|
|||
{
|
||||
this.deploymentMetrics.ReportTwinSignatureResult(false);
|
||||
Events.ExtractAgentTwinAndVerifyFailed(ex);
|
||||
throw ex;
|
||||
throw;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<Import Project="..\..\..\netstandardVersion.props" />
|
||||
<Import Project="..\..\..\netcoreappVersion.props" />
|
||||
|
||||
<PropertyGroup>
|
||||
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
|
||||
|
@ -23,6 +23,6 @@
|
|||
</ItemGroup>
|
||||
<PropertyGroup>
|
||||
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
|
||||
</PropertyGroup>
|
||||
</PropertyGroup>
|
||||
<Import Project="..\..\..\stylecop.props" />
|
||||
</Project>
|
||||
|
|
|
@ -229,7 +229,7 @@ namespace Microsoft.Azure.Devices.Edge.Agent.IoTHub
|
|||
|
||||
public static void ExceptionInHandleException(ModuleClient moduleClient, Exception ex, Exception e)
|
||||
{
|
||||
Log.LogWarning((int)EventIds.ExceptionInHandleException, "Encountered error - {e} while trying to handle error {ex.Message}");
|
||||
Log.LogWarning((int)EventIds.ExceptionInHandleException, "Encountered error - {0} while trying to handle error {1}", e, ex.Message);
|
||||
}
|
||||
|
||||
public static void ErrorClosingClient(Exception ex)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
<Import Project="..\..\..\..\netstandardVersion.props" />
|
||||
<Import Project="..\..\..\..\netcoreappVersion.props" />
|
||||
|
||||
<PropertyGroup>
|
||||
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
|
||||
|
@ -22,6 +22,6 @@
|
|||
</ItemGroup>
|
||||
<PropertyGroup>
|
||||
<CodeAnalysisRuleSet>..\..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
|
||||
</PropertyGroup>
|
||||
</PropertyGroup>
|
||||
<Import Project="..\..\..\..\stylecop.props" />
|
||||
</Project>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<Import Project="..\..\..\..\netstandardVersion.props" />
|
||||
<Import Project="..\..\..\..\netcoreappVersion.props" />
|
||||
|
||||
<PropertyGroup>
|
||||
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
|
||||
|
@ -23,6 +23,6 @@
|
|||
</ItemGroup>
|
||||
<PropertyGroup>
|
||||
<CodeAnalysisRuleSet>..\..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
|
||||
</PropertyGroup>
|
||||
</PropertyGroup>
|
||||
<Import Project="..\..\..\..\stylecop.props" />
|
||||
</Project>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<Import Project="..\..\..\..\netstandardVersion.props" />
|
||||
<Import Project="..\..\..\..\netcoreappVersion.props" />
|
||||
|
||||
<PropertyGroup>
|
||||
<LangVersion>latest</LangVersion>
|
||||
|
@ -46,6 +46,6 @@
|
|||
</ItemGroup>
|
||||
<PropertyGroup>
|
||||
<CodeAnalysisRuleSet>..\..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
|
||||
</PropertyGroup>
|
||||
</PropertyGroup>
|
||||
<Import Project="..\..\..\..\stylecop.props" />
|
||||
</Project>
|
||||
|
|
|
@ -323,7 +323,7 @@ namespace Microsoft.Azure.Devices.Edge.Hub.Core.Config
|
|||
{
|
||||
Metrics.ReportTwinSignatureResult(false);
|
||||
Events.ExtractHubTwinAndVerifyFailed(ex);
|
||||
throw ex;
|
||||
throw;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<Import Project="..\..\..\..\netstandardVersion.props" />
|
||||
<Import Project="..\..\..\..\netcoreappVersion.props" />
|
||||
|
||||
<PropertyGroup>
|
||||
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
|
||||
|
@ -36,6 +36,6 @@
|
|||
</ItemGroup>
|
||||
<PropertyGroup>
|
||||
<CodeAnalysisRuleSet>..\..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
|
||||
</PropertyGroup>
|
||||
</PropertyGroup>
|
||||
<Import Project="..\..\..\..\stylecop.props" />
|
||||
</Project>
|
||||
|
|
|
@ -27,7 +27,7 @@ namespace Microsoft.Azure.Devices.Edge.Hub.Service
|
|||
public class Program
|
||||
{
|
||||
const int DefaultShutdownWaitPeriod = 60;
|
||||
const SslProtocols DefaultSslProtocols = SslProtocols.Tls12;
|
||||
const SslProtocols DefaultSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;
|
||||
|
||||
public static int Main()
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<Import Project="..\..\..\..\netstandardVersion.props" />
|
||||
<Import Project="..\..\..\..\netcoreappVersion.props" />
|
||||
|
||||
<PropertyGroup>
|
||||
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
|
||||
|
@ -10,7 +10,7 @@
|
|||
</PropertyGroup>
|
||||
|
||||
<PropertyGroup>
|
||||
<!-- on windows, if you've done an flat download(xcopy install) of openjdk without really installing it or adding it to your path add a props file
|
||||
<!-- on windows, if you've done an flat download(xcopy install) of openjdk without really installing it or adding it to your path add a props file
|
||||
to %localappdata%\Microsoft\MSBuild\(toolversion)\Imports\Microsoft.Common.props\ImportBefore\OpenJDK.props> that defines
|
||||
the JDK paths with trailing slashes. otherwise everything works the way it always has
|
||||
-->
|
||||
|
@ -108,6 +108,6 @@
|
|||
</ItemGroup>
|
||||
<PropertyGroup>
|
||||
<CodeAnalysisRuleSet>..\..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
|
||||
</PropertyGroup>
|
||||
</PropertyGroup>
|
||||
<Import Project="..\..\..\..\stylecop.props" />
|
||||
</Project>
|
||||
|
|
|
@ -30,7 +30,7 @@ namespace Microsoft.Azure.Devices.Edge.Hub.Amqp.Test
|
|||
{
|
||||
const bool clientCertsAllowed = true;
|
||||
X509Certificate2 tlsCertificate = CertificateHelper.GenerateSelfSignedCert("TestCert");
|
||||
var transportSettings = new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, clientCertsAllowed, Mock.Of<IAuthenticator>(), Mock.Of<IClientCredentialsFactory>(), SslProtocols.Tls12);
|
||||
var transportSettings = new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, clientCertsAllowed, Mock.Of<IAuthenticator>(), Mock.Of<IClientCredentialsFactory>(), SslProtocols.Tls12 | SslProtocols.Tls13);
|
||||
AmqpSettings amqpSettings = AmqpSettingsProvider.GetDefaultAmqpSettings(IotHubHostName, Mock.Of<IAuthenticator>(), Mock.Of<IClientCredentialsFactory>(), Mock.Of<ILinkHandlerProvider>(), Mock.Of<IConnectionProvider>(), new NullCredentialsCache());
|
||||
var transportListenerProvider = new Mock<ITransportListenerProvider>();
|
||||
var webSockerListenerRegistry = new Mock<IWebSocketListenerRegistry>();
|
||||
|
|
|
@ -25,20 +25,20 @@ namespace Microsoft.Azure.Devices.Edge.Hub.Amqp.Test
|
|||
var credentialsProvider = Mock.Of<IClientCredentialsFactory>();
|
||||
var autheticator = Mock.Of<IAuthenticator>();
|
||||
|
||||
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(null, HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
|
||||
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(string.Empty, HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
|
||||
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(" ", HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
|
||||
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(Scheme, null, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
|
||||
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(Scheme, string.Empty, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
|
||||
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(Scheme, " ", Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
|
||||
Assert.Throws<ArgumentOutOfRangeException>(() => new DefaultTransportSettings(Scheme, HostName, -1, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
|
||||
Assert.Throws<ArgumentOutOfRangeException>(() => new DefaultTransportSettings(Scheme, HostName, 70000, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
|
||||
Assert.Throws<ArgumentNullException>(() => new DefaultTransportSettings(Scheme, HostName, Port, null, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
|
||||
Assert.Throws<ArgumentNullException>(() => new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, clientCertsAllowed, null, credentialsProvider, SslProtocols.Tls12));
|
||||
Assert.Throws<ArgumentNullException>(() => new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, null, SslProtocols.Tls12));
|
||||
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(null, HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
|
||||
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(string.Empty, HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
|
||||
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(" ", HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
|
||||
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(Scheme, null, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
|
||||
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(Scheme, string.Empty, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
|
||||
Assert.Throws<ArgumentException>(() => new DefaultTransportSettings(Scheme, " ", Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
|
||||
Assert.Throws<ArgumentOutOfRangeException>(() => new DefaultTransportSettings(Scheme, HostName, -1, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
|
||||
Assert.Throws<ArgumentOutOfRangeException>(() => new DefaultTransportSettings(Scheme, HostName, 70000, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
|
||||
Assert.Throws<ArgumentNullException>(() => new DefaultTransportSettings(Scheme, HostName, Port, null, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
|
||||
Assert.Throws<ArgumentNullException>(() => new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, clientCertsAllowed, null, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
|
||||
Assert.Throws<ArgumentNullException>(() => new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, null, SslProtocols.Tls12 | SslProtocols.Tls13));
|
||||
|
||||
Assert.NotNull(new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
|
||||
Assert.NotNull(new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, !clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12));
|
||||
Assert.NotNull(new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
|
||||
Assert.NotNull(new DefaultTransportSettings(Scheme, HostName, Port, tlsCertificate, !clientCertsAllowed, autheticator, credentialsProvider, SslProtocols.Tls12 | SslProtocols.Tls13));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -23,7 +23,7 @@ namespace Microsoft.Azure.Devices.Edge.Hub.E2E.Test
|
|||
|
||||
public class ProtocolHeadFixture : IDisposable
|
||||
{
|
||||
const SslProtocols DefaultSslProtocols = SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12;
|
||||
const SslProtocols DefaultSslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;
|
||||
|
||||
readonly SslProtocols sslProtocols;
|
||||
IProtocolHead protocolHead;
|
||||
|
|
|
@ -18,7 +18,7 @@ namespace Microsoft.Azure.Devices.Edge.Hub.E2E.Test
|
|||
|
||||
public SslProtocolsTest()
|
||||
{
|
||||
this.protocolHead = EdgeHubFixtureCollection.GetFixture(SslProtocols.Tls12);
|
||||
this.protocolHead = EdgeHubFixtureCollection.GetFixture(SslProtocols.Tls13);
|
||||
}
|
||||
|
||||
public async void Dispose() => await (this.protocolHead?.CloseAsync() ?? Task.CompletedTask);
|
||||
|
@ -29,22 +29,17 @@ namespace Microsoft.Azure.Devices.Edge.Hub.E2E.Test
|
|||
int httpsPort = 443;
|
||||
int amqpsPort = 5671;
|
||||
int mqttPort = 8883;
|
||||
SslProtocols validProtocol = SslProtocols.Tls12;
|
||||
SslProtocols invalidProtocol1 = SslProtocols.Tls;
|
||||
SslProtocols invalidProtocol2 = SslProtocols.Tls11;
|
||||
SslProtocols validProtocol = SslProtocols.Tls13;
|
||||
SslProtocols invalidProtocol = SslProtocols.Tls12;
|
||||
Option<Type> expectedException = Option.Some(typeof(AuthenticationException));
|
||||
|
||||
TestConnection(httpsPort, validProtocol, Option.None<Type>());
|
||||
TestConnection(amqpsPort, validProtocol, Option.None<Type>());
|
||||
TestConnection(mqttPort, validProtocol, Option.None<Type>());
|
||||
|
||||
TestConnection(httpsPort, invalidProtocol1, expectedException);
|
||||
TestConnection(amqpsPort, invalidProtocol1, expectedException);
|
||||
TestConnection(mqttPort, invalidProtocol1, expectedException);
|
||||
|
||||
TestConnection(httpsPort, invalidProtocol2, expectedException);
|
||||
TestConnection(amqpsPort, invalidProtocol2, expectedException);
|
||||
TestConnection(mqttPort, invalidProtocol2, expectedException);
|
||||
TestConnection(httpsPort, invalidProtocol, expectedException);
|
||||
TestConnection(amqpsPort, invalidProtocol, expectedException);
|
||||
TestConnection(mqttPort, invalidProtocol, expectedException);
|
||||
}
|
||||
|
||||
static void TestConnection(int port, SslProtocols protocol, Option<Type> expectedException)
|
||||
|
|
|
@ -4,9 +4,9 @@
|
|||
</PropertyGroup>
|
||||
|
||||
<PropertyGroup>
|
||||
<TargetFramework>netstandard2.0</TargetFramework>
|
||||
<TargetFramework>net6.0</TargetFramework>
|
||||
</PropertyGroup>
|
||||
|
||||
|
||||
<PropertyGroup>
|
||||
<AssemblyName>Microsoft.Azure.WebJobs.Extensions.EdgeHub</AssemblyName>
|
||||
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
|
||||
|
@ -50,6 +50,6 @@
|
|||
</ItemGroup>
|
||||
<PropertyGroup>
|
||||
<CodeAnalysisRuleSet>..\..\..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
|
||||
</PropertyGroup>
|
||||
</PropertyGroup>
|
||||
<Import Project="..\..\..\..\..\stylecop.props" />
|
||||
</Project>
|
||||
|
|
|
@ -68,7 +68,7 @@ namespace Microsoft.Azure.Devices.Edge.Azure.Monitor.FixedSetTableUpload
|
|||
using (var handler = new HttpClientHandler())
|
||||
{
|
||||
handler.ClientCertificates.Add(cert);
|
||||
handler.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
|
||||
handler.SslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls13;
|
||||
handler.PreAuthenticate = true;
|
||||
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<!--EXTERNAL_PROPERTIES: RocksDbAsPackage-->
|
||||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<Import Project="..\..\..\netstandardVersion.props" />
|
||||
<Import Project="..\..\..\netcoreappVersion.props" />
|
||||
|
||||
<PropertyGroup>
|
||||
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
|
||||
|
@ -35,6 +35,6 @@
|
|||
</ItemGroup>
|
||||
<PropertyGroup>
|
||||
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
|
||||
</PropertyGroup>
|
||||
</PropertyGroup>
|
||||
<Import Project="..\..\..\stylecop.props" />
|
||||
</Project>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<Import Project="..\..\..\netstandardVersion.props" />
|
||||
<Import Project="..\..\..\netcoreappVersion.props" />
|
||||
|
||||
<PropertyGroup>
|
||||
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
|
||||
|
@ -21,6 +21,6 @@
|
|||
</ItemGroup>
|
||||
<PropertyGroup>
|
||||
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
|
||||
</PropertyGroup>
|
||||
</PropertyGroup>
|
||||
<Import Project="..\..\..\stylecop.props" />
|
||||
</Project>
|
||||
|
|
|
@ -22,7 +22,7 @@ namespace Microsoft.Azure.Devices.Edge.Util
|
|||
public static string GetSha256Thumbprint(X509Certificate2 cert)
|
||||
{
|
||||
Preconditions.CheckNotNull(cert);
|
||||
using (var sha256 = new SHA256Managed())
|
||||
using (var sha256 = SHA256.Create())
|
||||
{
|
||||
byte[] hash = sha256.ComputeHash(cert.RawData);
|
||||
return ToHexString(hash);
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<Import Project="..\..\..\netstandardVersion.props" />
|
||||
<Import Project="..\..\..\netcoreappVersion.props" />
|
||||
|
||||
<PropertyGroup>
|
||||
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
|
||||
|
@ -38,6 +38,6 @@
|
|||
|
||||
<PropertyGroup>
|
||||
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
|
||||
</PropertyGroup>
|
||||
</PropertyGroup>
|
||||
<Import Project="..\..\..\stylecop.props" />
|
||||
</Project>
|
||||
|
|
|
@ -10,29 +10,22 @@ namespace Microsoft.Azure.Devices.Edge.Util
|
|||
{
|
||||
public static bool VerifySignature(string payload, string header, byte[] signatureBytes, X509Certificate2 signerCert, string algorithmScheme, HashAlgorithmName hashAlgorithm)
|
||||
{
|
||||
try
|
||||
{
|
||||
byte[] canonicalizedFinalData = GetCanonicalizedInputBytes(payload, header);
|
||||
byte[] canonicalizedFinalData = GetCanonicalizedInputBytes(payload, header);
|
||||
|
||||
if (algorithmScheme == "ES")
|
||||
{
|
||||
ECDsa eCDsa = signerCert.GetECDsaPublicKey();
|
||||
return eCDsa.VerifyData(canonicalizedFinalData, signatureBytes, hashAlgorithm);
|
||||
}
|
||||
else if (algorithmScheme == "RS")
|
||||
{
|
||||
RSA rsa = signerCert.GetRSAPublicKey();
|
||||
RSASignaturePadding rsaSignaturePadding = RSASignaturePadding.Pkcs1;
|
||||
return rsa.VerifyData(canonicalizedFinalData, signatureBytes, hashAlgorithm, rsaSignaturePadding);
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new TwinSignatureAlgorithmException("DSA Algorithm Type not supported");
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
if (algorithmScheme == "ES")
|
||||
{
|
||||
throw ex;
|
||||
ECDsa eCDsa = signerCert.GetECDsaPublicKey();
|
||||
return eCDsa.VerifyData(canonicalizedFinalData, signatureBytes, hashAlgorithm);
|
||||
}
|
||||
else if (algorithmScheme == "RS")
|
||||
{
|
||||
RSA rsa = signerCert.GetRSAPublicKey();
|
||||
RSASignaturePadding rsaSignaturePadding = RSASignaturePadding.Pkcs1;
|
||||
return rsa.VerifyData(canonicalizedFinalData, signatureBytes, hashAlgorithm, rsaSignaturePadding);
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new TwinSignatureAlgorithmException("DSA Algorithm Type not supported");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -13,8 +13,8 @@ namespace Microsoft.Azure.Devices.Edge.Util
|
|||
// Examples:
|
||||
// Tls1.2
|
||||
// Tls12
|
||||
// Tls11, Tls12
|
||||
// Tls1.1, Tls1.2
|
||||
// Tls12, Tls13
|
||||
// Tls1.2, Tls1.3
|
||||
public static SslProtocols Parse(string protocols, SslProtocols defaultSslProtocols, ILogger logger)
|
||||
{
|
||||
if (string.IsNullOrEmpty(protocols))
|
||||
|
@ -48,21 +48,16 @@ namespace Microsoft.Azure.Devices.Edge.Util
|
|||
{
|
||||
var sslProtocolsList = new List<string>();
|
||||
|
||||
if ((sslProtocols & SslProtocols.Tls) > 0)
|
||||
{
|
||||
sslProtocolsList.Add($"{SslProtocols.Tls}");
|
||||
}
|
||||
|
||||
if ((sslProtocols & SslProtocols.Tls11) > 0)
|
||||
{
|
||||
sslProtocolsList.Add($"{SslProtocols.Tls11}");
|
||||
}
|
||||
|
||||
if ((sslProtocols & SslProtocols.Tls12) > 0)
|
||||
{
|
||||
sslProtocolsList.Add($"{SslProtocols.Tls12}");
|
||||
}
|
||||
|
||||
if ((sslProtocols & SslProtocols.Tls13) > 0)
|
||||
{
|
||||
sslProtocolsList.Add($"{SslProtocols.Tls13}");
|
||||
}
|
||||
|
||||
return sslProtocolsList.Count > 0 ? string.Join(", ", sslProtocolsList) : $"{SslProtocols.None}";
|
||||
}
|
||||
|
||||
|
@ -71,26 +66,18 @@ namespace Microsoft.Azure.Devices.Edge.Util
|
|||
{
|
||||
switch (protocol.ToLowerInvariant())
|
||||
{
|
||||
case "tls":
|
||||
case "tls1":
|
||||
case "tls10":
|
||||
case "tls1.0":
|
||||
case "tls1_0":
|
||||
case "tlsv10":
|
||||
sslProtocol = SslProtocols.Tls;
|
||||
return true;
|
||||
case "tls11":
|
||||
case "tls1.1":
|
||||
case "tls1_1":
|
||||
case "tlsv11":
|
||||
sslProtocol = SslProtocols.Tls11;
|
||||
return true;
|
||||
case "tls12":
|
||||
case "tls1.2":
|
||||
case "tls1_2":
|
||||
case "tlsv12":
|
||||
sslProtocol = SslProtocols.Tls12;
|
||||
return true;
|
||||
case "tls13":
|
||||
case "tls1.3":
|
||||
case "tls1_3":
|
||||
case "tlsv13":
|
||||
sslProtocol = SslProtocols.Tls13;
|
||||
return true;
|
||||
}
|
||||
|
||||
sslProtocol = default(SslProtocols);
|
||||
|
|
|
@ -30,7 +30,7 @@ namespace Microsoft.Azure.Devices.Edge.Util.Uds
|
|||
// request-line = method SP request-target SP HTTP-version CRLF
|
||||
builder.Append(request.Method);
|
||||
builder.Append(SP);
|
||||
builder.Append(request.RequestUri.IsAbsoluteUri ? request.RequestUri.PathAndQuery : Uri.EscapeUriString(request.RequestUri.ToString()));
|
||||
builder.Append(request.RequestUri.IsAbsoluteUri ? request.RequestUri.PathAndQuery : Uri.EscapeDataString(request.RequestUri.ToString()));
|
||||
builder.Append(SP);
|
||||
builder.Append($"{Protocol}{ProtocolVersionSeparator}");
|
||||
builder.Append(new Version(1, 1).ToString(2));
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<Import Project="..\..\..\netstandardVersion.props" />
|
||||
|
||||
<Import Project="..\..\..\netcoreappVersion.props" />
|
||||
|
||||
</Project>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<Import Project="..\..\..\netstandardVersion.props" />
|
||||
<Import Project="..\..\..\netcoreappVersion.props" />
|
||||
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\es6numberserializer\es6numberserializer.csproj" />
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<Import Project="..\..\..\netstandardVersion.props" />
|
||||
<Import Project="..\..\..\netcoreappVersion.props" />
|
||||
|
||||
<PropertyGroup>
|
||||
<TreatWarningsAsErrors>True</TreatWarningsAsErrors>
|
||||
|
@ -50,6 +50,6 @@
|
|||
</ItemGroup>
|
||||
<PropertyGroup>
|
||||
<CodeAnalysisRuleSet>..\..\..\stylecop.ruleset</CodeAnalysisRuleSet>
|
||||
</PropertyGroup>
|
||||
</PropertyGroup>
|
||||
<Import Project="..\..\..\stylecop.props" />
|
||||
</Project>
|
||||
|
|
|
@ -17,15 +17,14 @@ namespace Microsoft.Azure.Devices.Edge.Util.Test
|
|||
[InlineData("Tls1.2", SslProtocols.None, SslProtocols.Tls12)]
|
||||
[InlineData("Tls12", SslProtocols.None, SslProtocols.Tls12)]
|
||||
[InlineData("Tls12, Tls1.2", SslProtocols.None, SslProtocols.Tls12)]
|
||||
[InlineData("Tls11, Tls12", SslProtocols.None, SslProtocols.Tls11 | SslProtocols.Tls12)]
|
||||
[InlineData("Tls1.1, Tls1.2, foo, Tls", SslProtocols.Tls12, SslProtocols.Tls12 | SslProtocols.Tls11 | SslProtocols.Tls)]
|
||||
[InlineData("Tls, Tls1.1, Tls1.2", SslProtocols.None, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12)]
|
||||
[InlineData("tls, tls11, tls12", SslProtocols.None, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12)]
|
||||
[InlineData("Tls, Tls11, Tls12", SslProtocols.None, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12)]
|
||||
[InlineData("tls1_0, tls1_1, tls1_2", SslProtocols.None, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12)]
|
||||
[InlineData("Tls1_0, Tls1_1, Tls1_2", SslProtocols.None, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12)]
|
||||
[InlineData("tlsv10, tlsv11, tlsv12", SslProtocols.None, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12)]
|
||||
[InlineData("Tlsv10, Tlsv11, Tlsv12", SslProtocols.None, SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12)]
|
||||
[InlineData("Tls12, Tls13", SslProtocols.None, SslProtocols.Tls12 | SslProtocols.Tls13)]
|
||||
[InlineData("Tls1.2, foo, Tls1.3", SslProtocols.Tls12, SslProtocols.Tls12 | SslProtocols.Tls13)]
|
||||
[InlineData("Tls1.2, Tls1.3", SslProtocols.None, SslProtocols.Tls12 | SslProtocols.Tls13)]
|
||||
[InlineData("tls12, tls13", SslProtocols.None, SslProtocols.Tls12 | SslProtocols.Tls13)]
|
||||
[InlineData("tls1_2, tls1_3", SslProtocols.None, SslProtocols.Tls12 | SslProtocols.Tls13)]
|
||||
[InlineData("Tls1_2, Tls1_3", SslProtocols.None, SslProtocols.Tls12 | SslProtocols.Tls13)]
|
||||
[InlineData("tlsv12, tlsv13", SslProtocols.None, SslProtocols.Tls12 | SslProtocols.Tls13)]
|
||||
[InlineData("Tlsv12, Tlsv13", SslProtocols.None, SslProtocols.Tls12 | SslProtocols.Tls13)]
|
||||
[InlineData("TLS12", SslProtocols.None, SslProtocols.Tls12)]
|
||||
public void ParseTest(string input, SslProtocols defaultSslProtocols, SslProtocols expectedSslProtocols)
|
||||
{
|
||||
|
@ -34,10 +33,9 @@ namespace Microsoft.Azure.Devices.Edge.Util.Test
|
|||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(SslProtocols.Tls, "Tls")]
|
||||
[InlineData(SslProtocols.Tls11, "Tls11")]
|
||||
[InlineData(SslProtocols.Tls12, "Tls12")]
|
||||
[InlineData(SslProtocols.Tls | SslProtocols.Tls11 | SslProtocols.Tls12, "Tls, Tls11, Tls12")]
|
||||
[InlineData(SslProtocols.Tls13, "Tls13")]
|
||||
[InlineData(SslProtocols.Tls12 | SslProtocols.Tls13, "Tls12, Tls13")]
|
||||
public void PrintTest(SslProtocols sslProtocols, string expectedString)
|
||||
{
|
||||
Assert.Equal(expectedString, sslProtocols.Print());
|
||||
|
|
|
@ -153,7 +153,7 @@ In order to locally run aziot-edged, there is a dependency on running Azure IoT
|
|||
3. Make directories and chown them to your user
|
||||
```sh
|
||||
mkdir -p /run/aziot /var/lib/aziot/{keyd,certd,identityd,edged} /var/lib/iotedge /etc/aziot/{keyd,certd,identityd,tpmd,edged}/config.d
|
||||
|
||||
|
||||
chown -hR $USER /run/aziot /var/lib/aziot/ /var/lib/iotedge /etc/aziot/
|
||||
```
|
||||
4. Copy Provisioning File and Fill out the provisioning parameters. Example : For Provisioning via Symmetric Keys Use [these instructions](https://docs.microsoft.com/en-us/azure/iot-edge/how-to-provision-single-device-linux-symmetric?view=iotedge-2020-11&tabs=azure-portal%2Cubuntu)
|
||||
|
@ -172,7 +172,6 @@ In order to locally run aziot-edged, there is a dependency on running Azure IoT
|
|||
[listen]
|
||||
workload_uri = "unix:///var/run/iotedge/workload.sock"
|
||||
management_uri = "unix:///var/run/iotedge/management.sock"
|
||||
min_tls_version = "tls1.0"
|
||||
```
|
||||
This is because when running locally or without systemd, LISTEN_FDNAMES environment variable is not passed to aziot-edged and hence we explicitly need to specify the listen sockets.
|
||||
|
||||
|
@ -210,11 +209,11 @@ cargo test --all
|
|||
|
||||
### Run Code Coverage Checks
|
||||
|
||||
In order to run Code Coverage Checks locally do the following
|
||||
In order to run Code Coverage Checks locally do the following
|
||||
```sh
|
||||
|
||||
#Run From the Edgelet Directory
|
||||
cd edgelet
|
||||
cd edgelet
|
||||
|
||||
#One Time Setup Only.
|
||||
cargo install cargo-tarpaulin
|
||||
|
@ -234,7 +233,7 @@ You should see an output like this
|
|||
|| support-bundle/src/runtime_util.rs: 0/18
|
||||
|| support-bundle/src/shell_util.rs: 0/117
|
||||
|| support-bundle/src/support_bundle.rs: 0/50
|
||||
||
|
||||
||
|
||||
46.28% coverage, 2993/6467 lines covered
|
||||
```
|
||||
|
||||
|
|
|
@ -36,8 +36,6 @@ impl Default for Connect {
|
|||
pub struct Listen {
|
||||
pub workload_uri: url::Url,
|
||||
pub management_uri: url::Url,
|
||||
#[serde(default)]
|
||||
pub min_tls_version: MinTlsVersion,
|
||||
}
|
||||
|
||||
impl Listen {
|
||||
|
@ -64,10 +62,6 @@ impl Listen {
|
|||
pub fn management_uri(&self) -> &url::Url {
|
||||
&self.management_uri
|
||||
}
|
||||
|
||||
pub fn min_tls_version(&self) -> MinTlsVersion {
|
||||
self.min_tls_version
|
||||
}
|
||||
}
|
||||
|
||||
impl Default for Listen {
|
||||
|
@ -82,119 +76,6 @@ impl Default for Listen {
|
|||
management_uri: management_uri
|
||||
.parse()
|
||||
.expect("failed to parse management uri"),
|
||||
min_tls_version: MinTlsVersion::default(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Clone, Copy, Debug, Default, Eq, PartialEq)]
|
||||
pub enum MinTlsVersion {
|
||||
#[default]
|
||||
Tls10,
|
||||
Tls11,
|
||||
Tls12,
|
||||
}
|
||||
|
||||
impl std::fmt::Display for MinTlsVersion {
|
||||
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
||||
match self {
|
||||
MinTlsVersion::Tls10 => write!(f, "TLS 1.0"),
|
||||
MinTlsVersion::Tls11 => write!(f, "TLS 1.1"),
|
||||
MinTlsVersion::Tls12 => write!(f, "TLS 1.2"),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl std::str::FromStr for MinTlsVersion {
|
||||
type Err = String;
|
||||
|
||||
fn from_str(s: &str) -> Result<Self, Self::Err> {
|
||||
match s.to_lowercase().as_ref() {
|
||||
"tls" | "tls1" | "tls10" | "tls1.0" | "tls1_0" | "tlsv10" => Ok(MinTlsVersion::Tls10),
|
||||
"tls11" | "tls1.1" | "tls1_1" | "tlsv11" => Ok(MinTlsVersion::Tls11),
|
||||
"tls12" | "tls1.2" | "tls1_2" | "tlsv12" => Ok(MinTlsVersion::Tls12),
|
||||
_ => Err(format!("Unsupported TLS protocol version: {s}")),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl<'de> serde::Deserialize<'de> for MinTlsVersion {
|
||||
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
|
||||
where
|
||||
D: serde::de::Deserializer<'de>,
|
||||
{
|
||||
struct Visitor;
|
||||
|
||||
impl<'de> serde::de::Visitor<'de> for Visitor {
|
||||
type Value = MinTlsVersion;
|
||||
|
||||
fn expecting(&self, formatter: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
||||
write!(formatter, r#"one of "tls1.0", "tls1.1", "tls1.2""#)
|
||||
}
|
||||
|
||||
fn visit_str<E>(self, v: &str) -> Result<Self::Value, E>
|
||||
where
|
||||
E: serde::de::Error,
|
||||
{
|
||||
v.parse().map_err(|_err| {
|
||||
serde::de::Error::invalid_value(serde::de::Unexpected::Str(v), &self)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
deserializer.deserialize_str(Visitor)
|
||||
}
|
||||
}
|
||||
|
||||
impl serde::ser::Serialize for MinTlsVersion {
|
||||
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
|
||||
where
|
||||
S: serde::ser::Serializer,
|
||||
{
|
||||
serializer.serialize_str(match self {
|
||||
MinTlsVersion::Tls10 => "tls1.0",
|
||||
MinTlsVersion::Tls11 => "tls1.1",
|
||||
MinTlsVersion::Tls12 => "tls1.2",
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::MinTlsVersion;
|
||||
use std::str::FromStr;
|
||||
use test_case::test_case;
|
||||
|
||||
#[test_case("tls", MinTlsVersion::Tls10; "when tls provided")]
|
||||
#[test_case("tls1", MinTlsVersion::Tls10; "when tls1 with dot provided")]
|
||||
#[test_case("tls10", MinTlsVersion::Tls10; "when tls10 provided")]
|
||||
#[test_case("tls1.0", MinTlsVersion::Tls10; "when tls10 with dot provided")]
|
||||
#[test_case("tls1_0", MinTlsVersion::Tls10; "when tls10 with underscore provided")]
|
||||
#[test_case("Tlsv10" , MinTlsVersion::Tls10; "when Tlsv10 provided")]
|
||||
#[test_case("TLS10", MinTlsVersion::Tls10; "when uppercase TLS10 Provided")]
|
||||
#[test_case("tls11", MinTlsVersion::Tls11; "when tls11 provided")]
|
||||
#[test_case("tls1.1", MinTlsVersion::Tls11; "when tls11 with dot provided")]
|
||||
#[test_case("tls1_1", MinTlsVersion::Tls11; "when tls11 with underscore provided")]
|
||||
#[test_case("Tlsv11" , MinTlsVersion::Tls11; "when Tlsv11 provided")]
|
||||
#[test_case("TLS11", MinTlsVersion::Tls11; "when uppercase TLS11 Provided")]
|
||||
#[test_case("tls12", MinTlsVersion::Tls12; "when tls12 provided")]
|
||||
#[test_case("tls1.2", MinTlsVersion::Tls12; "when tls12 with dot provided")]
|
||||
#[test_case("tls1_2", MinTlsVersion::Tls12; "when tls12 with underscore provided")]
|
||||
#[test_case("Tlsv12" , MinTlsVersion::Tls12; "when Tlsv12 provided")]
|
||||
#[test_case("TLS12", MinTlsVersion::Tls12; "when uppercase TLS12 Provided")]
|
||||
fn parse_min_tls_version(value: &str, expected: MinTlsVersion) {
|
||||
let actual = MinTlsVersion::from_str(value);
|
||||
assert_eq!(actual, Ok(expected));
|
||||
}
|
||||
|
||||
#[test_case(""; "when empty string provided")]
|
||||
#[test_case("Sslv3"; "when unsupported version provided")]
|
||||
#[test_case("TLS2"; "when non-existing version provided")]
|
||||
fn parse_min_tls_version_err(value: &str) {
|
||||
let actual = MinTlsVersion::from_str(value);
|
||||
assert_eq!(
|
||||
actual,
|
||||
Err(format!("Unsupported TLS protocol version: {value}"))
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -206,20 +206,6 @@ mod tests {
|
|||
assert_eq!(watchdog_settings.max_retries(), 3);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn min_tls_version_default() {
|
||||
let _env_lock = ENV_LOCK.lock().expect("env lock poisoned");
|
||||
|
||||
std::env::set_var("AZIOT_EDGED_CONFIG", GOOD_SETTINGS);
|
||||
std::env::set_var("AZIOT_EDGED_CONFIG_DIR", CONFIG_DIR);
|
||||
|
||||
let settings = Settings::new().unwrap();
|
||||
assert_eq!(
|
||||
settings.listen().min_tls_version(),
|
||||
crate::uri::MinTlsVersion::Tls10
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn network_settings() {
|
||||
let _env_lock = ENV_LOCK.lock().expect("env lock poisoned");
|
||||
|
|
|
@ -483,7 +483,6 @@ fn execute_inner(
|
|||
let old_config::Listen {
|
||||
management_uri,
|
||||
workload_uri,
|
||||
min_tls_version,
|
||||
} = listen;
|
||||
|
||||
let management_uri = map_listen_uri(management_uri).map_err(|management_uri| {
|
||||
|
@ -494,13 +493,8 @@ fn execute_inner(
|
|||
})?;
|
||||
|
||||
edgelet_settings::uri::Listen {
|
||||
management_uri,
|
||||
workload_uri,
|
||||
min_tls_version: match min_tls_version {
|
||||
old_config::Protocol::Tls10 => edgelet_settings::uri::MinTlsVersion::Tls10,
|
||||
old_config::Protocol::Tls11 => edgelet_settings::uri::MinTlsVersion::Tls11,
|
||||
old_config::Protocol::Tls12 => edgelet_settings::uri::MinTlsVersion::Tls12,
|
||||
},
|
||||
management_uri,
|
||||
}
|
||||
},
|
||||
|
||||
|
|
|
@ -46,52 +46,6 @@ pub(crate) struct Connect {
|
|||
pub(crate) struct Listen {
|
||||
pub(crate) management_uri: Url,
|
||||
pub(crate) workload_uri: Url,
|
||||
#[serde(default = "Protocol::default")]
|
||||
pub(crate) min_tls_version: Protocol,
|
||||
}
|
||||
|
||||
#[derive(Clone, Copy, Debug, Default)]
|
||||
pub(crate) enum Protocol {
|
||||
#[default]
|
||||
Tls10,
|
||||
Tls11,
|
||||
Tls12,
|
||||
}
|
||||
|
||||
impl<'de> serde::Deserialize<'de> for Protocol {
|
||||
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
|
||||
where
|
||||
D: serde::Deserializer<'de>,
|
||||
{
|
||||
struct Visitor;
|
||||
|
||||
impl<'de> serde::de::Visitor<'de> for Visitor {
|
||||
type Value = Protocol;
|
||||
|
||||
fn expecting(&self, formatter: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
||||
write!(formatter, r#"one of "tls1.0", "tls1.1", "tls1.2""#)
|
||||
}
|
||||
|
||||
fn visit_str<E>(self, v: &str) -> Result<Self::Value, E>
|
||||
where
|
||||
E: serde::de::Error,
|
||||
{
|
||||
match &*v.to_lowercase() {
|
||||
"tls" | "tls1" | "tls10" | "tls1.0" | "tls1_0" | "tlsv10" => {
|
||||
Ok(Protocol::Tls10)
|
||||
}
|
||||
"tls11" | "tls1.1" | "tls1_1" | "tlsv11" => Ok(Protocol::Tls11),
|
||||
"tls12" | "tls1.2" | "tls1_2" | "tlsv12" => Ok(Protocol::Tls12),
|
||||
_ => Err(serde::de::Error::invalid_value(
|
||||
serde::de::Unexpected::Str(v),
|
||||
&self,
|
||||
)),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
deserializer.deserialize_str(Visitor)
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, serde::Deserialize)]
|
||||
|
|
|
@ -28,7 +28,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -44,7 +44,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -37,7 +37,6 @@ retry = "10%"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -48,7 +48,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -28,7 +28,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -45,7 +45,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -28,7 +28,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -44,7 +44,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -44,7 +44,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -42,7 +42,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -53,7 +53,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -45,7 +45,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -45,7 +45,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -45,7 +45,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -42,7 +42,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -43,7 +43,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -45,7 +45,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -44,7 +44,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -43,7 +43,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -44,7 +44,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -43,7 +43,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -28,7 +28,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -45,7 +45,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -28,7 +28,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -45,7 +45,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -37,7 +37,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -55,7 +55,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "fd://aziot-edged.workload.socket"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -33,7 +33,6 @@ management_uri = "unix:///my/own/iotedge.mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "unix:///my/own/iotedge.workload.sock"
|
||||
management_uri = "unix:///my/own/iotedge.mgmt.sock"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -44,7 +44,6 @@ management_uri = "unix:///my/own/iotedge.mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "unix:///my/own/iotedge.workload.sock"
|
||||
management_uri = "unix:///my/own/iotedge.mgmt.sock"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -33,7 +33,6 @@ management_uri = "unix:///var/lib/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "unix:///var/lib/iotedge/workload.sock"
|
||||
management_uri = "unix:///var/lib/iotedge/mgmt.sock"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -44,7 +44,6 @@ management_uri = "unix:///var/lib/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "unix:///var/lib/iotedge/workload.sock"
|
||||
management_uri = "unix:///var/lib/iotedge/mgmt.sock"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "unix:///var/run/iotedge/workload.sock"
|
||||
management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -44,7 +44,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "unix:///var/run/iotedge/workload.sock"
|
||||
management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -33,7 +33,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "unix:///my/own/iotedge.workload.sock"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -44,7 +44,6 @@ management_uri = "unix:///var/run/iotedge/mgmt.sock"
|
|||
[listen]
|
||||
workload_uri = "unix:///my/own/iotedge.workload.sock"
|
||||
management_uri = "fd://aziot-edged.mgmt.socket"
|
||||
min_tls_version = "tls1.0"
|
||||
|
||||
[watchdog]
|
||||
max_retries = "infinite"
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
<Project>
|
||||
<PropertyGroup>
|
||||
<TargetFramework>netstandard2.1</TargetFramework>
|
||||
</PropertyGroup>
|
||||
</Project>
|
|
@ -24,19 +24,11 @@ namespace Microsoft.Azure.Devices.Client.Samples
|
|||
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
|
||||
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
|
||||
|
||||
#if NETSTANDARD2_0
|
||||
if (!chain.Build(new X509Certificate2(certificate)))
|
||||
{
|
||||
Console.WriteLine("Unable to build the chain using the expected root certificate.");
|
||||
return false;
|
||||
}
|
||||
#else
|
||||
if (!chain.Build(new X509Certificate2(certificate.Export(X509ContentType.Cert))))
|
||||
{
|
||||
Console.WriteLine("Unable to build the chain using the expected root certificate.");
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
// Pin the trusted root of the chain to the expected root certificate
|
||||
X509Certificate2 actualRoot = chain.ChainElements[chain.ChainElements.Count - 1].Certificate;
|
||||
|
|
|
@ -46,7 +46,7 @@ print_help_and_exit()
|
|||
process_args()
|
||||
{
|
||||
local save_next_arg=0
|
||||
for arg in "$@";
|
||||
for arg in "$@";
|
||||
do
|
||||
if [ $save_next_arg -eq 1 ]; then
|
||||
CONFIGURATION="$arg"
|
||||
|
@ -164,7 +164,7 @@ publish_app()
|
|||
publish_lib()
|
||||
{
|
||||
local name="$1"
|
||||
publish_project library "$name" netstandard2.0 $CONFIGURATION "$PUBLISH_FOLDER/$name"
|
||||
publish_project library "$name" net6.0 $CONFIGURATION "$PUBLISH_FOLDER/$name"
|
||||
}
|
||||
|
||||
publish_quickstart()
|
||||
|
@ -211,14 +211,14 @@ build_solution()
|
|||
{
|
||||
echo "Building IoT Edge solution"
|
||||
dotnet --version
|
||||
|
||||
|
||||
build_command="$DOTNET_ROOT_PATH/dotnet build -c $CONFIGURATION -o \"$BUILD_BINARIESDIRECTORY\""
|
||||
|
||||
|
||||
if [ -n "$DOTNET_RUNTIME" ]; then
|
||||
build_command="$build_command -p:DotNet_Runtime=$DOTNET_RUNTIME"
|
||||
fi
|
||||
build_command="$build_command $ROOT_FOLDER/Microsoft.Azure.Devices.Edge.sln"
|
||||
|
||||
|
||||
eval ${build_command}
|
||||
if [ $? -gt 0 ]; then
|
||||
RES=1
|
||||
|
|
|
@ -136,19 +136,11 @@ namespace LeafDeviceTest
|
|||
Console.WriteLine($" IssuerName = {certificate.Issuer}");
|
||||
Console.WriteLine($" SubjectName = {certificate.Subject}");
|
||||
|
||||
#if NETSTANDARD2_0
|
||||
if (!chain.Build(new X509Certificate2(certificate)))
|
||||
{
|
||||
Console.WriteLine("Unable to build the chain using the expected root certificate.");
|
||||
return false;
|
||||
}
|
||||
#else
|
||||
if (!chain.Build(new X509Certificate2(certificate.Export(X509ContentType.Cert))))
|
||||
{
|
||||
Console.WriteLine("Unable to build the chain using the expected root certificate.");
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
// Pin the trusted root of the chain to the expected root certificate
|
||||
X509Certificate2 actualRoot = chain.ChainElements[chain.ChainElements.Count - 1].Certificate;
|
||||
|
|
|
@ -43,7 +43,7 @@ namespace Microsoft.Azure.Devices.Edge.Test.Common
|
|||
CancellationToken token,
|
||||
bool nestedEdge)
|
||||
{
|
||||
(string, string)[] hubEnvVar = new (string, string)[] { ("RuntimeLogLevel", "debug"), ("SslProtocols", "tls1.2") };
|
||||
(string, string)[] hubEnvVar = new (string, string)[] { ("RuntimeLogLevel", "debug"), ("SslProtocols", "tls1.2,tls1.3") };
|
||||
|
||||
if (nestedEdge == true)
|
||||
{
|
||||
|
|
|
@ -41,11 +41,7 @@ namespace Microsoft.Azure.Devices.Edge.Test.Common
|
|||
uint hash1;
|
||||
uint hash2;
|
||||
|
||||
#if NETSTANDARD1_3
|
||||
string upper = data.ToUpper();
|
||||
#else
|
||||
string upper = data.ToUpper(CultureInfo.InvariantCulture);
|
||||
#endif
|
||||
PerfectHash.ComputeHash(ASCIIEncoding.ASCII.GetBytes(upper), seed1: 0, seed2: 0, hash1: out hash1, hash2: out hash2);
|
||||
long hashedValue = ((long)hash1 << 32) | (long)hash2;
|
||||
|
||||
|
@ -57,11 +53,7 @@ namespace Microsoft.Azure.Devices.Edge.Test.Common
|
|||
uint hash1;
|
||||
uint hash2;
|
||||
|
||||
#if NETSTANDARD1_3
|
||||
string upper = data.ToUpper();
|
||||
#else
|
||||
string upper = data.ToUpper(CultureInfo.InvariantCulture);
|
||||
#endif
|
||||
PerfectHash.ComputeHash(ASCIIEncoding.ASCII.GetBytes(upper), seed1: 0, seed2: 0, hash1: out hash1, hash2: out hash2);
|
||||
long hashedValue = hash1 ^ hash2;
|
||||
|
||||
|
|
|
@ -73,11 +73,8 @@ namespace Microsoft.Azure.Devices.Edge.Test.Common.Certs
|
|||
// environment because we don't need revocation.
|
||||
chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
|
||||
chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
|
||||
#if NETSTANDARD2_0
|
||||
X509Certificate input = certificate;
|
||||
#else
|
||||
byte[] input = certificate.Export(X509ContentType.Cert);
|
||||
#endif
|
||||
|
||||
if (!chain.Build(new X509Certificate2(input)))
|
||||
{
|
||||
Log.Verbose("Unable to build the chain using the expected root certificate.");
|
||||
|
|
Загрузка…
Ссылка в новой задаче