Strict SSL verification (#9)

Fixes #8
2025-09-08 21:18:31 -04:00 · 2021-07-31 11:12:45 -04:00 · 2021-07-31 11:12:45 -04:00 · 3002b4de53
commit 3002b4de53
parent f22867d2d2
11 changed files with 171 additions and 75 deletions
--- a/rupsc/README.md
+++ b/rupsc/README.md
@ -38,11 +38,11 @@ This is a clone of [`upsc`](https://networkupstools.org/docs/man/upsc.html), so
 # Show usage
 rupsc -h

-# List variables on UPS device "nutdev1" (assumes upsd running on 127.0.0.1:3493)
+# List variables on UPS device "nutdev1" (assumes upsd running on localhost:3493)
 rupsc nutdev1

-# List variables on UPS device "nutdev1" (remove upsd)
-rupsc nutdev1@192.168.1.2:3493
+# List variables on UPS device "nutdev1" (remote upsd)
+rupsc nutdev1@upsd.remote:3493

 # List available UPS devices
 rupsc -l
@ -54,14 +54,17 @@ rupsc -L
 rupsc -c nutdev1
 ```

-However, there are also some additions:
+However, there are also some additions to the original tool:

 ```bash
-# Enable network debugging (global flag).
+# Enable network debugging
 rupsc -D

-# Enable SSL
+# Enable SSL (strict verification)
 rupsc -S
+
+# Enable SSL (no verification)
+rupsc --insecure-ssl
 ```

 ## Pronunciation
--- a/rupsc/src/main.rs
+++ b/rupsc/src/main.rs
@ -41,15 +41,23 @@ fn main() -> anyhow::Result<()> {
        .arg(
            Arg::with_name("debug")
                .short("D")
+                .long("debug")
                .takes_value(false)
                .help("Enables debug mode (logs network commands to stderr)."),
        )
        .arg(
            Arg::with_name("ssl")
                .short("S")
+                .long("ssl")
                .takes_value(false)
                .help("Enables SSL on the connection with upsd."),
        )
+        .arg(
+            Arg::with_name("insecure-ssl")
+                .long("insecure-ssl")
+                .takes_value(false)
+                .help("Disables SSL verification on the connection with upsd."),
+        )
        .arg(
            Arg::with_name("upsd-server")
                .required(false)
@ -70,13 +78,15 @@ fn main() -> anyhow::Result<()> {
    )?;

    let debug = args.is_present("debug");
-    let ssl = args.is_present("ssl");
+    let insecure_ssl = args.is_present("insecure-ssl");
+    let ssl = insecure_ssl || args.is_present("ssl");

    let host = server.try_into()?;
    let config = nut_client::ConfigBuilder::new()
        .with_host(host)
        .with_debug(debug)
        .with_ssl(ssl)
+        .with_insecure_ssl(insecure_ssl)
        .build();

    if args.is_present("list") {
--- a/rupsc/src/parser.rs
+++ b/rupsc/src/parser.rs
@ -1,9 +1,8 @@
 use anyhow::Context;
 use std::convert::{TryFrom, TryInto};
 use std::fmt;
-use std::net::ToSocketAddrs;

-pub const DEFAULT_HOSTNAME: &str = "127.0.0.1";
+pub const DEFAULT_HOSTNAME: &str = "localhost";
 pub const DEFAULT_PORT: u16 = 3493;

 /// Connection information for a upsd server.
@ -69,12 +68,9 @@ impl<'a> TryInto<nut_client::Host> for UpsdName<'a> {
    type Error = anyhow::Error;

    fn try_into(self) -> anyhow::Result<nut_client::Host> {
-        Ok((String::from(self.hostname), self.port)
-            .to_socket_addrs()
-            .with_context(|| "Failed to convert to SocketAddr")?
-            .next()
-            .with_context(|| "Failed to convert to SocketAddr")?
-            .into())
+        (self.hostname.to_owned(), self.port)
+            .try_into()
+            .with_context(|| "Invalid hostname/port")
    }
 }

@ -131,7 +127,7 @@ mod tests {
                port: DEFAULT_PORT
            }
        );
-        assert_eq!(format!("{}", name), "ups0@127.0.0.1:3493");
+        assert_eq!(format!("{}", name), "ups0@localhost:3493");
    }

    #[test]