actix/actix-net
1
0
Fork 0
mirror of https://github.com/fafhrd91/actix-net synced 2025-06-28 14:30:36 +02:00
Code Issues Releases Wiki Activity

prepare tls v2 release (#186)

Browse Source
This commit is contained in:
Rob Ede
2020-09-08 18:00:07 +01:00
committed by GitHub
parent b7a9cb7bb4
commit 77b7826658
8 changed files with 73 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
actix-tls/src/lib.rs
View File

@ -1,6 +1,11 @@
//! SSL Services
#![deny(rust_2018_idioms, warnings)]
#![allow(clippy::type_complexity)]
//! TLS acceptor services for Actix ecosystem.
//!
//! ## Crate Features
//! * `openssl` - TLS acceptor using the `openssl` crate.
//! * `rustls` - TLS acceptor using the `rustls` crate.
//! * `nativetls` - TLS acceptor using the `native-tls` crate.
#![deny(rust_2018_idioms)]
use std::sync::atomic::{AtomicUsize, Ordering};
@ -15,25 +20,25 @@ pub mod rustls;
#[cfg(feature = "nativetls")]
pub mod nativetls;
/// Sets the maximum per-worker concurrent ssl connection establish process.
///
/// All listeners will stop accepting connections when this limit is
/// reached. It can be used to limit the global SSL CPU usage.
///
/// By default max connections is set to a 256.
pub fn max_concurrent_ssl_connect(num: usize) {
MAX_CONN.store(num, Ordering::Relaxed);
}
pub(crate) static MAX_CONN: AtomicUsize = AtomicUsize::new(256);
thread_local! {
static MAX_CONN_COUNTER: Counter = Counter::new(MAX_CONN.load(Ordering::Relaxed));
}
/// Ssl error combinded with service error.
/// Sets the maximum per-worker concurrent TLS connection limit.
///
/// All listeners will stop accepting connections when this limit is reached.
/// It can be used to regulate the global TLS CPU usage.
///
/// By default, the connection limit is 256.
pub fn max_concurrent_tls_connect(num: usize) {
MAX_CONN.store(num, Ordering::Relaxed);
}
/// TLS error combined with service error.
#[derive(Debug)]
pub enum SslError<E1, E2> {
Ssl(E1),
pub enum TlsError<E1, E2> {
Tls(E1),
Service(E2),
}

20
actix-tls/src/nativetls.rs
View File

@ -5,34 +5,35 @@ use actix_codec::{AsyncRead, AsyncWrite};
use actix_service::{Service, ServiceFactory};
use actix_utils::counter::Counter;
use futures_util::future::{self, FutureExt, LocalBoxFuture, TryFutureExt};
pub use native_tls::Error;
pub use tokio_tls::{TlsAcceptor, TlsStream};
use crate::MAX_CONN_COUNTER;
/// Support `SSL` connections via native-tls package
/// Accept TLS connections via `native-tls` package.
///
/// `tls` feature enables `NativeTlsAcceptor` type
pub struct NativeTlsAcceptor<T> {
/// `nativetls` feature enables this `Acceptor` type.
pub struct Acceptor<T> {
acceptor: TlsAcceptor,
io: PhantomData<T>,
}
impl<T> NativeTlsAcceptor<T>
impl<T> Acceptor<T>
where
T: AsyncRead + AsyncWrite + Unpin,
{
/// Create `NativeTlsAcceptor` instance
/// Create `native-tls` based `Acceptor` service factory.
#[inline]
pub fn new(acceptor: TlsAcceptor) -> Self {
NativeTlsAcceptor {
Acceptor {
acceptor,
io: PhantomData,
}
}
}
impl<T> Clone for NativeTlsAcceptor<T> {
impl<T> Clone for Acceptor<T> {
#[inline]
fn clone(&self) -> Self {
Self {
@ -42,7 +43,7 @@ impl<T> Clone for NativeTlsAcceptor<T> {
}
}
impl<T> ServiceFactory for NativeTlsAcceptor<T>
impl<T> ServiceFactory for Acceptor<T>
where
T: AsyncRead + AsyncWrite + Unpin + 'static,
{
@ -104,8 +105,7 @@ where
let this = self.clone();
async move { this.acceptor.accept(req).await }
.map_ok(move |io| {
// Required to preserve `CounterGuard` until `Self::Future`
// is completely resolved.
// Required to preserve `CounterGuard` until `Self::Future` is completely resolved.
let _ = guard;
io
})

14
actix-tls/src/openssl.rs
View File

@ -3,26 +3,27 @@ use std::marker::PhantomData;
use std::pin::Pin;
use std::task::{Context, Poll};
pub use open_ssl::ssl::{AlpnError, SslAcceptor, SslAcceptorBuilder};
pub use tokio_openssl::{HandshakeError, SslStream};
use actix_codec::{AsyncRead, AsyncWrite};
use actix_service::{Service, ServiceFactory};
use actix_utils::counter::{Counter, CounterGuard};
use futures_util::future::{ok, FutureExt, LocalBoxFuture, Ready};
pub use open_ssl::ssl::{AlpnError, SslAcceptor, SslAcceptorBuilder};
pub use tokio_openssl::{HandshakeError, SslStream};
use crate::MAX_CONN_COUNTER;
/// Support `TLS` server connections via openssl package
/// Accept TLS connections via `openssl` package.
///
/// `openssl` feature enables `Acceptor` type
/// `openssl` feature enables this `Acceptor` type.
pub struct Acceptor<T: AsyncRead + AsyncWrite> {
acceptor: SslAcceptor,
io: PhantomData<T>,
}
impl<T: AsyncRead + AsyncWrite> Acceptor<T> {
/// Create default `OpensslAcceptor`
/// Create OpenSSL based `Acceptor` service factory.
#[inline]
pub fn new(acceptor: SslAcceptor) -> Self {
Acceptor {
acceptor,
@ -32,6 +33,7 @@ impl<T: AsyncRead + AsyncWrite> Acceptor<T> {
}
impl<T: AsyncRead + AsyncWrite> Clone for Acceptor<T> {
#[inline]
fn clone(&self) -> Self {
Self {
acceptor: self.acceptor.clone(),

10
actix-tls/src/rustls.rs
View File

@ -17,16 +17,17 @@ pub use webpki_roots::TLS_SERVER_ROOTS;
use crate::MAX_CONN_COUNTER;
/// Support `SSL` connections via rustls package
/// Accept TLS connections via `rustls` package.
///
/// `rust-tls` feature enables `RustlsAcceptor` type
/// `rustls` feature enables this `Acceptor` type.
pub struct Acceptor<T> {
config: Arc<ServerConfig>,
io: PhantomData<T>,
}
impl<T: AsyncRead + AsyncWrite> Acceptor<T> {
/// Create rustls based `Acceptor` service factory
/// Create Rustls based `Acceptor` service factory.
#[inline]
pub fn new(config: ServerConfig) -> Self {
Acceptor {
config: Arc::new(config),
@ -36,6 +37,7 @@ impl<T: AsyncRead + AsyncWrite> Acceptor<T> {
}
impl<T> Clone for Acceptor<T> {
#[inline]
fn clone(&self) -> Self {
Self {
config: self.config.clone(),
@ -65,7 +67,7 @@ impl<T: AsyncRead + AsyncWrite + Unpin> ServiceFactory for Acceptor<T> {
}
}
/// RusTLS based `Acceptor` service
/// Rustls based `Acceptor` service
pub struct AcceptorService<T> {
acceptor: TlsAcceptor,
io: PhantomData<T>,