2021-11-16 08:22:24 +08:00
|
|
|
//! Use OpenSSL connector to test Rustls acceptor.
|
|
|
|
|
|
|
|
#![cfg(all(
|
|
|
|
feature = "accept",
|
|
|
|
feature = "connect",
|
2024-05-12 14:47:49 -04:00
|
|
|
feature = "rustls-0_23",
|
2021-11-16 08:22:24 +08:00
|
|
|
feature = "openssl"
|
|
|
|
))]
|
|
|
|
|
2021-11-29 23:53:06 +00:00
|
|
|
extern crate tls_openssl as openssl;
|
|
|
|
|
2021-11-16 08:22:24 +08:00
|
|
|
use std::io::{BufReader, Write};
|
|
|
|
|
|
|
|
use actix_rt::net::TcpStream;
|
|
|
|
use actix_server::TestServer;
|
|
|
|
use actix_service::ServiceFactoryExt as _;
|
2023-07-17 03:05:39 +01:00
|
|
|
use actix_tls::{
|
2024-05-12 14:47:49 -04:00
|
|
|
accept::rustls_0_23::{reexports::ServerConfig, Acceptor, TlsStream},
|
2023-07-17 03:05:39 +01:00
|
|
|
connect::openssl::reexports::SslConnector,
|
|
|
|
};
|
2021-11-16 08:22:24 +08:00
|
|
|
use actix_utils::future::ok;
|
|
|
|
use rustls_pemfile::{certs, pkcs8_private_keys};
|
2024-02-03 17:01:47 +00:00
|
|
|
use rustls_pki_types_1::PrivateKeyDer;
|
2021-11-16 08:22:24 +08:00
|
|
|
use tls_openssl::ssl::SslVerifyMode;
|
|
|
|
|
|
|
|
fn new_cert_and_key() -> (String, String) {
|
2023-07-17 03:05:39 +01:00
|
|
|
let cert =
|
|
|
|
rcgen::generate_simple_self_signed(vec!["127.0.0.1".to_owned(), "localhost".to_owned()])
|
|
|
|
.unwrap();
|
2021-11-16 08:22:24 +08:00
|
|
|
|
|
|
|
let key = cert.serialize_private_key_pem();
|
|
|
|
let cert = cert.serialize_pem().unwrap();
|
|
|
|
|
|
|
|
(cert, key)
|
|
|
|
}
|
|
|
|
|
2024-02-03 17:01:47 +00:00
|
|
|
fn rustls_server_config(cert: String, key: String) -> ServerConfig {
|
2021-11-16 08:22:24 +08:00
|
|
|
// Load TLS key and cert files
|
|
|
|
|
|
|
|
let cert = &mut BufReader::new(cert.as_bytes());
|
|
|
|
let key = &mut BufReader::new(key.as_bytes());
|
|
|
|
|
2023-12-06 04:04:39 +00:00
|
|
|
let cert_chain = certs(cert).collect::<Result<Vec<_>, _>>().unwrap();
|
|
|
|
let mut keys = pkcs8_private_keys(key)
|
|
|
|
.collect::<Result<Vec<_>, _>>()
|
|
|
|
.unwrap();
|
2021-11-16 08:22:24 +08:00
|
|
|
|
|
|
|
let mut config = ServerConfig::builder()
|
|
|
|
.with_no_client_auth()
|
2024-02-03 17:01:47 +00:00
|
|
|
.with_single_cert(cert_chain, PrivateKeyDer::Pkcs8(keys.remove(0)))
|
2021-11-16 08:22:24 +08:00
|
|
|
.unwrap();
|
|
|
|
|
|
|
|
config.alpn_protocols = vec![b"http/1.1".to_vec()];
|
|
|
|
|
|
|
|
config
|
|
|
|
}
|
|
|
|
|
|
|
|
fn openssl_connector(cert: String, key: String) -> SslConnector {
|
2021-11-29 23:53:06 +00:00
|
|
|
use actix_tls::connect::openssl::reexports::SslMethod;
|
|
|
|
use openssl::{pkey::PKey, x509::X509};
|
2021-11-16 08:22:24 +08:00
|
|
|
|
|
|
|
let cert = X509::from_pem(cert.as_bytes()).unwrap();
|
|
|
|
let key = PKey::private_key_from_pem(key.as_bytes()).unwrap();
|
|
|
|
|
2021-11-29 23:53:06 +00:00
|
|
|
let mut ssl = SslConnector::builder(SslMethod::tls()).unwrap();
|
2021-11-16 08:22:24 +08:00
|
|
|
ssl.set_verify(SslVerifyMode::NONE);
|
|
|
|
ssl.set_certificate(&cert).unwrap();
|
|
|
|
ssl.set_private_key(&key).unwrap();
|
|
|
|
ssl.set_alpn_protos(b"\x08http/1.1").unwrap();
|
|
|
|
|
|
|
|
ssl.build()
|
|
|
|
}
|
|
|
|
|
|
|
|
#[actix_rt::test]
|
|
|
|
async fn accepts_connections() {
|
2024-05-12 14:47:49 -04:00
|
|
|
tokio_rustls_026::rustls::crypto::aws_lc_rs::default_provider()
|
|
|
|
.install_default()
|
|
|
|
.unwrap();
|
|
|
|
|
2021-11-16 08:22:24 +08:00
|
|
|
let (cert, key) = new_cert_and_key();
|
|
|
|
|
2021-12-27 18:27:54 +00:00
|
|
|
let srv = TestServer::start({
|
2021-11-16 08:22:24 +08:00
|
|
|
let cert = cert.clone();
|
|
|
|
let key = key.clone();
|
|
|
|
|
|
|
|
move || {
|
|
|
|
let tls_acceptor = Acceptor::new(rustls_server_config(cert.clone(), key.clone()));
|
|
|
|
|
|
|
|
tls_acceptor
|
|
|
|
.map_err(|err| println!("Rustls error: {:?}", err))
|
|
|
|
.and_then(move |_stream: TlsStream<TcpStream>| ok(()))
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
let sock = srv
|
|
|
|
.connect()
|
|
|
|
.expect("cannot connect to test server")
|
|
|
|
.into_std()
|
|
|
|
.unwrap();
|
|
|
|
sock.set_nonblocking(false).unwrap();
|
|
|
|
|
|
|
|
let connector = openssl_connector(cert, key);
|
|
|
|
|
|
|
|
let mut stream = connector
|
|
|
|
.connect("localhost", sock)
|
|
|
|
.expect("TLS handshake failed");
|
|
|
|
|
|
|
|
stream.do_handshake().expect("TLS handshake failed");
|
|
|
|
|
|
|
|
stream.flush().expect("TLS handshake failed");
|
|
|
|
}
|