From 669e8683709e667095e01aca6b5863b9cd12813b Mon Sep 17 00:00:00 2001 From: Edward Shen Date: Tue, 19 Oct 2021 08:48:23 -0700 Subject: [PATCH] Use tokio-rustls 0.23 (#396) Co-authored-by: Rob Ede --- actix-tls/CHANGES.md | 8 ++++++-- actix-tls/Cargo.toml | 3 ++- actix-tls/examples/tcp-rustls.rs | 20 ++++++++++++-------- actix-tls/src/accept/rustls.rs | 2 +- actix-tls/src/connect/ssl/rustls.rs | 6 +++--- 5 files changed, 24 insertions(+), 15 deletions(-) diff --git a/actix-tls/CHANGES.md b/actix-tls/CHANGES.md index 84d632f3..0500e798 100644 --- a/actix-tls/CHANGES.md +++ b/actix-tls/CHANGES.md @@ -1,17 +1,21 @@ # Changes ## Unreleased - 2021-xx-xx +* Update `tokio-rustls` to `0.23` which uses `rustls` `0.20`. [#396] +* Removed a re-export of `Session` from `rustls` as it no longer exist. [#396] * Minimum supported Rust version (MSRV) is now 1.52. +[#396]: https://github.com/actix/actix-net/pull/396 + ## 3.0.0-beta.5 - 2021-03-29 -* Changed `connect::ssl::rustls::RustlsConnectorService` to return error when `DNSNameRef` +* Changed `connect::ssl::rustls::RustlsConnectorService` to return error when `DNSNameRef` generation failed instead of panic. [#296] * Remove `connect::ssl::openssl::OpensslConnectServiceFactory`. [#297] * Remove `connect::ssl::openssl::OpensslConnectService`. [#297] * Add `connect::ssl::native_tls` module for native tls support. [#295] * Rename `accept::{nativetls => native_tls}`. [#295] -* Remove `connect::TcpConnectService` type. service caller expect a `TcpStream` should use +* Remove `connect::TcpConnectService` type. service caller expect a `TcpStream` should use `connect::ConnectService` instead and call `Connection::into_parts`. [#299] [#295]: https://github.com/actix/actix-net/pull/295 diff --git a/actix-tls/Cargo.toml b/actix-tls/Cargo.toml index 3ac1f296..7d45189a 100755 --- a/actix-tls/Cargo.toml +++ b/actix-tls/Cargo.toml @@ -54,7 +54,7 @@ tls-openssl = { package = "openssl", version = "0.10.9", optional = true } tokio-openssl = { version = "0.6", optional = true } # rustls -tokio-rustls = { version = "0.22", optional = true } +tokio-rustls = { version = "0.23", optional = true } webpki-roots = { version = "0.21", optional = true } # native-tls @@ -67,6 +67,7 @@ bytes = "1" env_logger = "0.8" futures-util = { version = "0.3.7", default-features = false, features = ["sink"] } log = "0.4" +rustls-pemfile = "0.2.1" trust-dns-resolver = "0.20.0" [[example]] diff --git a/actix-tls/examples/tcp-rustls.rs b/actix-tls/examples/tcp-rustls.rs index 687c1f86..f347e164 100644 --- a/actix-tls/examples/tcp-rustls.rs +++ b/actix-tls/examples/tcp-rustls.rs @@ -35,25 +35,29 @@ use actix_service::ServiceFactoryExt as _; use actix_tls::accept::rustls::{Acceptor as RustlsAcceptor, TlsStream}; use futures_util::future::ok; use log::info; -use rustls::{ - internal::pemfile::certs, internal::pemfile::rsa_private_keys, NoClientAuth, ServerConfig, -}; +use rustls::{server::ServerConfig, Certificate, PrivateKey}; +use rustls_pemfile::{certs, rsa_private_keys}; #[actix_rt::main] async fn main() -> io::Result<()> { env::set_var("RUST_LOG", "info"); env_logger::init(); - let mut tls_config = ServerConfig::new(NoClientAuth::new()); - // Load TLS key and cert files let cert_file = &mut BufReader::new(File::open("./examples/cert.pem").unwrap()); let key_file = &mut BufReader::new(File::open("./examples/key.pem").unwrap()); - let cert_chain = certs(cert_file).unwrap(); + let cert_chain = certs(cert_file) + .unwrap() + .into_iter() + .map(Certificate) + .collect(); let mut keys = rsa_private_keys(key_file).unwrap(); - tls_config - .set_single_cert(cert_chain, keys.remove(0)) + + let tls_config = ServerConfig::builder() + .with_safe_defaults() + .with_no_client_auth() + .with_single_cert(cert_chain, PrivateKey(keys.remove(0))) .unwrap(); let tls_acceptor = RustlsAcceptor::new(tls_config); diff --git a/actix-tls/src/accept/rustls.rs b/actix-tls/src/accept/rustls.rs index ffac687a..50c4b3ab 100644 --- a/actix-tls/src/accept/rustls.rs +++ b/actix-tls/src/accept/rustls.rs @@ -14,7 +14,7 @@ use actix_utils::counter::{Counter, CounterGuard}; use futures_core::future::LocalBoxFuture; use tokio_rustls::{Accept, TlsAcceptor}; -pub use tokio_rustls::rustls::{ServerConfig, Session}; +pub use tokio_rustls::rustls::ServerConfig; use super::MAX_CONN_COUNTER; diff --git a/actix-tls/src/connect/ssl/rustls.rs b/actix-tls/src/connect/ssl/rustls.rs index ee8ad02d..d66ceaa5 100755 --- a/actix-tls/src/connect/ssl/rustls.rs +++ b/actix-tls/src/connect/ssl/rustls.rs @@ -1,4 +1,5 @@ use std::{ + convert::TryFrom, future::Future, io, pin::Pin, @@ -6,7 +7,6 @@ use std::{ task::{Context, Poll}, }; -pub use tokio_rustls::rustls::Session; pub use tokio_rustls::{client::TlsStream, rustls::ClientConfig}; pub use webpki_roots::TLS_SERVER_ROOTS; @@ -14,7 +14,7 @@ use actix_rt::net::ActixStream; use actix_service::{Service, ServiceFactory}; use futures_core::{future::LocalBoxFuture, ready}; use log::trace; -use tokio_rustls::webpki::DNSNameRef; +use tokio_rustls::rustls::client::ServerName; use tokio_rustls::{Connect, TlsConnector}; use crate::connect::{Address, Connection}; @@ -89,7 +89,7 @@ where trace!("SSL Handshake start for: {:?}", connection.host()); let (stream, connection) = connection.replace_io(()); - match DNSNameRef::try_from_ascii_str(connection.host()) { + match ServerName::try_from(connection.host()) { Ok(host) => RustlsConnectorServiceFuture::Future { connect: TlsConnector::from(self.connector.clone()).connect(host, stream), connection: Some(connection),