actix/actix-net
1
0
Fork 0
mirror of https://github.com/fafhrd91/actix-net synced 2025-02-17 14:43:31 +01:00
Code Issues Releases Wiki Activity

Use tokio-rustls 0.23 (#396)

Browse Source 
Co-authored-by: Rob Ede <robjtede@icloud.com>
This commit is contained in:
Edward Shen 2021-10-19 08:48:23 -07:00 committed by GitHub
parent 47f278b17a
commit 669e868370
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 24 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
actix-tls/CHANGES.md
View File

@ -1,17 +1,21 @@
# Changes # Changes
## Unreleased - 2021-xx-xx ## Unreleased - 2021-xx-xx
* Update `tokio-rustls` to `0.23` which uses `rustls` `0.20`. [#396]
* Removed a re-export of `Session` from `rustls` as it no longer exist. [#396]
* Minimum supported Rust version (MSRV) is now 1.52. * Minimum supported Rust version (MSRV) is now 1.52.
[#396]: https://github.com/actix/actix-net/pull/396
## 3.0.0-beta.5 - 2021-03-29 ## 3.0.0-beta.5 - 2021-03-29
* Changed `connect::ssl::rustls::RustlsConnectorService` to return error when `DNSNameRef` * Changed `connect::ssl::rustls::RustlsConnectorService` to return error when `DNSNameRef`
generation failed instead of panic. [#296] generation failed instead of panic. [#296]
* Remove `connect::ssl::openssl::OpensslConnectServiceFactory`. [#297] * Remove `connect::ssl::openssl::OpensslConnectServiceFactory`. [#297]
* Remove `connect::ssl::openssl::OpensslConnectService`. [#297] * Remove `connect::ssl::openssl::OpensslConnectService`. [#297]
* Add `connect::ssl::native_tls` module for native tls support. [#295] * Add `connect::ssl::native_tls` module for native tls support. [#295]
* Rename `accept::{nativetls => native_tls}`. [#295] * Rename `accept::{nativetls => native_tls}`. [#295]
* Remove `connect::TcpConnectService` type. service caller expect a `TcpStream` should use * Remove `connect::TcpConnectService` type. service caller expect a `TcpStream` should use
`connect::ConnectService` instead and call `Connection<T, TcpStream>::into_parts`. [#299] `connect::ConnectService` instead and call `Connection<T, TcpStream>::into_parts`. [#299]
[#295]: https://github.com/actix/actix-net/pull/295 [#295]: https://github.com/actix/actix-net/pull/295

3
actix-tls/Cargo.toml
View File

@ -54,7 +54,7 @@ tls-openssl = { package = "openssl", version = "0.10.9", optional = true }
tokio-openssl = { version = "0.6", optional = true } tokio-openssl = { version = "0.6", optional = true }
# rustls # rustls
tokio-rustls = { version = "0.22", optional = true } tokio-rustls = { version = "0.23", optional = true }
webpki-roots = { version = "0.21", optional = true } webpki-roots = { version = "0.21", optional = true }
# native-tls # native-tls
@ -67,6 +67,7 @@ bytes = "1"
env_logger = "0.8" env_logger = "0.8"
futures-util = { version = "0.3.7", default-features = false, features = ["sink"] } futures-util = { version = "0.3.7", default-features = false, features = ["sink"] }
log = "0.4" log = "0.4"
rustls-pemfile = "0.2.1"
trust-dns-resolver = "0.20.0" trust-dns-resolver = "0.20.0"
[[example]] [[example]]

20
actix-tls/examples/tcp-rustls.rs
View File

@ -35,25 +35,29 @@ use actix_service::ServiceFactoryExt as _;
use actix_tls::accept::rustls::{Acceptor as RustlsAcceptor, TlsStream}; use actix_tls::accept::rustls::{Acceptor as RustlsAcceptor, TlsStream};
use futures_util::future::ok; use futures_util::future::ok;
use log::info; use log::info;
use rustls::{ use rustls::{server::ServerConfig, Certificate, PrivateKey};
internal::pemfile::certs, internal::pemfile::rsa_private_keys, NoClientAuth, ServerConfig, use rustls_pemfile::{certs, rsa_private_keys};
};
#[actix_rt::main] #[actix_rt::main]
async fn main() -> io::Result<()> { async fn main() -> io::Result<()> {
env::set_var("RUST_LOG", "info"); env::set_var("RUST_LOG", "info");
env_logger::init(); env_logger::init();
let mut tls_config = ServerConfig::new(NoClientAuth::new());
// Load TLS key and cert files // Load TLS key and cert files
let cert_file = &mut BufReader::new(File::open("./examples/cert.pem").unwrap()); let cert_file = &mut BufReader::new(File::open("./examples/cert.pem").unwrap());
let key_file = &mut BufReader::new(File::open("./examples/key.pem").unwrap()); let key_file = &mut BufReader::new(File::open("./examples/key.pem").unwrap());
let cert_chain = certs(cert_file).unwrap(); let cert_chain = certs(cert_file)
.unwrap()
.into_iter()
.map(Certificate)
.collect();
let mut keys = rsa_private_keys(key_file).unwrap(); let mut keys = rsa_private_keys(key_file).unwrap();
tls_config
.set_single_cert(cert_chain, keys.remove(0)) let tls_config = ServerConfig::builder()
.with_safe_defaults()
.with_no_client_auth()
.with_single_cert(cert_chain, PrivateKey(keys.remove(0)))
.unwrap(); .unwrap();
let tls_acceptor = RustlsAcceptor::new(tls_config); let tls_acceptor = RustlsAcceptor::new(tls_config);

2
actix-tls/src/accept/rustls.rs
View File

@ -14,7 +14,7 @@ use actix_utils::counter::{Counter, CounterGuard};
use futures_core::future::LocalBoxFuture; use futures_core::future::LocalBoxFuture;
use tokio_rustls::{Accept, TlsAcceptor}; use tokio_rustls::{Accept, TlsAcceptor};
pub use tokio_rustls::rustls::{ServerConfig, Session}; pub use tokio_rustls::rustls::ServerConfig;
use super::MAX_CONN_COUNTER; use super::MAX_CONN_COUNTER;

6
actix-tls/src/connect/ssl/rustls.rs
View File

@ -1,4 +1,5 @@
use std::{ use std::{
convert::TryFrom,
future::Future, future::Future,
io, io,
pin::Pin, pin::Pin,
@ -6,7 +7,6 @@ use std::{
task::{Context, Poll}, task::{Context, Poll},
}; };
pub use tokio_rustls::rustls::Session;
pub use tokio_rustls::{client::TlsStream, rustls::ClientConfig}; pub use tokio_rustls::{client::TlsStream, rustls::ClientConfig};
pub use webpki_roots::TLS_SERVER_ROOTS; pub use webpki_roots::TLS_SERVER_ROOTS;
@ -14,7 +14,7 @@ use actix_rt::net::ActixStream;
use actix_service::{Service, ServiceFactory}; use actix_service::{Service, ServiceFactory};
use futures_core::{future::LocalBoxFuture, ready}; use futures_core::{future::LocalBoxFuture, ready};
use log::trace; use log::trace;
use tokio_rustls::webpki::DNSNameRef; use tokio_rustls::rustls::client::ServerName;
use tokio_rustls::{Connect, TlsConnector}; use tokio_rustls::{Connect, TlsConnector};
use crate::connect::{Address, Connection}; use crate::connect::{Address, Connection};
@ -89,7 +89,7 @@ where
trace!("SSL Handshake start for: {:?}", connection.host()); trace!("SSL Handshake start for: {:?}", connection.host());
let (stream, connection) = connection.replace_io(()); let (stream, connection) = connection.replace_io(());
match DNSNameRef::try_from_ascii_str(connection.host()) { match ServerName::try_from(connection.host()) {
Ok(host) => RustlsConnectorServiceFuture::Future { Ok(host) => RustlsConnectorServiceFuture::Future {
connect: TlsConnector::from(self.connector.clone()).connect(host, stream), connect: TlsConnector::from(self.connector.clone()).connect(host, stream),
connection: Some(connection), connection: Some(connection),