feature(settings): add TLS (#380)

* Complete the missing TLS feature.

* Make the `cfg` attributes more clear.

* Format the project issued by command `cargo +nightly fmt`.

* Small changes on cargo file.

* Update CHANGES.md.

* Add documentation for `Tls::get_ssl_acceptor_builder()` and remove unused imports.

* Add the `cfg` macro with required feature on `TLS` tests.

* Update actix-settings/src/settings/tls.rs

Co-authored-by: Rob Ede <robjtede@icloud.com>

* Copy the workflow steps related to OpenSSL for windows from [actix-web workflow](a7375b6876/.github/workflows/ci.yml (L38-L45)).

* ci: install openssl 1.1.1

* Replaced `apply_settings` with `try_apply_settings` for a better error handling.

* Updated the example.

* Add `OpenSSL` error.

* Restrict `OpenSSL` error only for `tls` feature.

* Rename feature `tls` to `openssl`.

* Add doc feature `broken_intra_doc_links` to `get_ssl_acceptor_builder` function.

---------

Co-authored-by: Rob Ede <robjtede@icloud.com>

actix-settings/src/settings/mod.rs

@@ -8,12 +8,15 @@ mod max_connections;
 mod mode;
 mod num_workers;
 mod timeout;
+#[cfg(feature = "openssl")]
 mod tls;
 
+#[cfg(feature = "openssl")]
+pub use self::tls::Tls;
 pub use self::{
     address::Address, backlog::Backlog, keep_alive::KeepAlive,
     max_connection_rate::MaxConnectionRate, max_connections::MaxConnections, mode::Mode,
-    num_workers::NumWorkers, timeout::Timeout, tls::Tls,
+    num_workers::NumWorkers, timeout::Timeout,
 };
 
 /// Settings types for Actix Web.
@@ -57,5 +60,6 @@ pub struct ActixSettings {
     pub shutdown_timeout: Timeout,
 
     /// TLS (HTTPS) configuration.
+    #[cfg(feature = "openssl")]
     pub tls: Tls,
 }

actix-settings/src/settings/tls.rs

@@ -1,13 +1,16 @@
 use std::path::PathBuf;
 
+use openssl::ssl::{SslAcceptor, SslAcceptorBuilder, SslFiletype, SslMethod};
 use serde::Deserialize;
 
+use crate::AsResult;
+
 /// TLS (HTTPS) configuration.
 #[derive(Debug, Clone, PartialEq, Eq, Hash, Deserialize)]
 #[serde(rename_all = "kebab-case")]
 #[doc(alias = "ssl", alias = "https")]
 pub struct Tls {
-    /// Tru if accepting TLS connections should be enabled.
+    /// True if accepting TLS connections should be enabled.
     pub enabled: bool,
 
     /// Path to certificate `.pem` file.
@@ -16,3 +19,43 @@ pub struct Tls {
     /// Path to private key `.pem` file.
     pub private_key: PathBuf,
 }
+
+impl Tls {
+    /// Generates an [`SslAcceptorBuilder`] with its settings. It is often used for the following method
+    /// [`actix_web::server::HttpServer::bind_openssl`].
+    ///
+    /// # Example
+    /// ```no_run
+    /// use actix_settings::{ApplySettings, Settings};
+    /// use actix_web::{get, App, HttpServer, Responder};
+    ///
+    /// #[get("/")]
+    /// async fn index() -> impl Responder {
+    ///     "Hello."
+    /// }
+    ///
+    /// #[actix_web::main]
+    /// async fn main() -> std::io::Result<()> {
+    ///     let settings = Settings::from_default_template();
+    ///
+    ///     HttpServer::new(|| {
+    ///         App::new()
+    ///             .service(index)
+    ///     })
+    ///     .try_apply_settings(&settings)?
+    ///     .bind(("127.0.0.1", 8080))?
+    ///     .bind_openssl(("127.0.0.1", 8081), settings.actix.tls.get_ssl_acceptor_builder()?)?
+    ///     .run()
+    ///     .await
+    /// }
+    /// ```
+    #[allow(rustdoc::broken_intra_doc_links)]
+    pub fn get_ssl_acceptor_builder(&self) -> AsResult<SslAcceptorBuilder> {
+        let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls())?;
+        builder.set_certificate_chain_file(&self.certificate)?;
+        builder.set_private_key_file(&self.private_key, SslFiletype::PEM)?;
+        builder.check_private_key()?;
+
+        Ok(builder)
+    }
+}