diff --git a/actix-tls/CHANGES.md b/actix-tls/CHANGES.md index 51a82e82..d3d1f761 100644 --- a/actix-tls/CHANGES.md +++ b/actix-tls/CHANGES.md @@ -3,6 +3,13 @@ ## Unreleased - 2021-xx-xx +## 3.0.0-beta.7 - 2021-10-20 +* Add `webpki_roots_cert_store()` to get rustls compatible webpki roots cert store. [#401] +* Alias `connect::ssl` to `connect::tls`. [#401] + +[#401]: https://github.com/actix/actix-net/pull/401 + + ## 3.0.0-beta.6 - 2021-10-19 * Update `tokio-rustls` to `0.23` which uses `rustls` `0.20`. [#396] * Removed a re-export of `Session` from `rustls` as it no longer exist. [#396] diff --git a/actix-tls/Cargo.toml b/actix-tls/Cargo.toml index 6bf8ec62..cb3842e1 100755 --- a/actix-tls/Cargo.toml +++ b/actix-tls/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "actix-tls" -version = "3.0.0-beta.6" +version = "3.0.0-beta.7" authors = ["Nikolay Kim "] description = "TLS acceptor and connector services for Actix ecosystem" keywords = ["network", "tls", "ssl", "async", "transport"] @@ -55,7 +55,7 @@ tokio-openssl = { version = "0.6", optional = true } # rustls tokio-rustls = { version = "0.23", optional = true } -webpki-roots = { version = "0.21", optional = true } +webpki-roots = { version = "0.22", optional = true } # native-tls tokio-native-tls = { version = "0.3", optional = true } @@ -64,7 +64,7 @@ tokio-native-tls = { version = "0.3", optional = true } actix-rt = "2.2.0" actix-server = "2.0.0-beta.6" bytes = "1" -env_logger = "0.8" +env_logger = "0.9" futures-util = { version = "0.3.7", default-features = false, features = ["sink"] } log = "0.4" rustls-pemfile = "0.2.1" diff --git a/actix-tls/src/connect/mod.rs b/actix-tls/src/connect/mod.rs index ad4f40a3..60bb3344 100644 --- a/actix-tls/src/connect/mod.rs +++ b/actix-tls/src/connect/mod.rs @@ -21,7 +21,9 @@ mod connector; mod error; mod resolve; mod service; -pub mod ssl; +pub mod tls; +#[doc(hidden)] +pub use tls as ssl; #[cfg(feature = "uri")] mod uri; diff --git a/actix-tls/src/connect/ssl/mod.rs b/actix-tls/src/connect/tls/mod.rs similarity index 89% rename from actix-tls/src/connect/ssl/mod.rs rename to actix-tls/src/connect/tls/mod.rs index 6e0e8aac..7f48d06c 100644 --- a/actix-tls/src/connect/ssl/mod.rs +++ b/actix-tls/src/connect/tls/mod.rs @@ -1,4 +1,4 @@ -//! SSL Services +//! TLS Services #[cfg(feature = "openssl")] pub mod openssl; diff --git a/actix-tls/src/connect/ssl/native_tls.rs b/actix-tls/src/connect/tls/native_tls.rs similarity index 100% rename from actix-tls/src/connect/ssl/native_tls.rs rename to actix-tls/src/connect/tls/native_tls.rs diff --git a/actix-tls/src/connect/ssl/openssl.rs b/actix-tls/src/connect/tls/openssl.rs similarity index 100% rename from actix-tls/src/connect/ssl/openssl.rs rename to actix-tls/src/connect/tls/openssl.rs diff --git a/actix-tls/src/connect/ssl/rustls.rs b/actix-tls/src/connect/tls/rustls.rs similarity index 85% rename from actix-tls/src/connect/ssl/rustls.rs rename to actix-tls/src/connect/tls/rustls.rs index d66ceaa5..5abc7673 100755 --- a/actix-tls/src/connect/ssl/rustls.rs +++ b/actix-tls/src/connect/tls/rustls.rs @@ -14,11 +14,26 @@ use actix_rt::net::ActixStream; use actix_service::{Service, ServiceFactory}; use futures_core::{future::LocalBoxFuture, ready}; use log::trace; -use tokio_rustls::rustls::client::ServerName; +use tokio_rustls::rustls::{client::ServerName, OwnedTrustAnchor, RootCertStore}; use tokio_rustls::{Connect, TlsConnector}; use crate::connect::{Address, Connection}; +/// Returns standard root certificates from `webpki-roots` crate as a rustls certificate store. +pub fn webpki_roots_cert_store() -> RootCertStore { + let mut root_certs = RootCertStore::empty(); + for cert in TLS_SERVER_ROOTS.0 { + let cert = OwnedTrustAnchor::from_subject_spki_name_constraints( + cert.subject, + cert.spki, + cert.name_constraints, + ); + let certs = vec![cert].into_iter(); + root_certs.add_server_trust_anchors(certs); + } + root_certs +} + /// Rustls connector factory pub struct RustlsConnector { connector: Arc,