test(tls): fix accept-openssl test

2025-06-26 22:07:42 +02:00 · 2024-02-03 17:01:47 +00:00
parent e427911cdb
commit 9a3f3eef6a
5 changed files with 30 additions and 31 deletions
--- a/actix-tls/tests/accept-openssl.rs
+++ b/actix-tls/tests/accept-openssl.rs
@ -12,11 +12,13 @@ use std::{io::Write as _, sync::Arc};
 use actix_rt::net::TcpStream;
 use actix_server::TestServer;
 use actix_service::ServiceFactoryExt as _;
-use actix_tls::accept::openssl::{Acceptor, TlsStream};
+use actix_tls::{
+    accept::openssl::{Acceptor, TlsStream},
+    connect::rustls_0_22::reexports::ClientConfig,
+};
 use actix_utils::future::ok;
 use rustls_pki_types_1::ServerName;
-use tokio_rustls::rustls::{ClientConfig, RootCertStore};
-use tokio_rustls_025 as tokio_rustls;
+use tokio_rustls_025::rustls::RootCertStore;

 fn new_cert_and_key() -> (String, String) {
    let cert =
@ -47,39 +49,40 @@ fn openssl_acceptor(cert: String, key: String) -> tls_openssl::ssl::SslAcceptor
    builder.build()
 }

-#[allow(dead_code)]
 mod danger {
+    use rustls_pki_types_1::{CertificateDer, ServerName, UnixTime};
    use tokio_rustls_025::rustls;

+    /// Disables certificate verification to allow self-signed certs from rcgen.
    #[derive(Debug)]
    pub struct NoCertificateVerification;

    impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
        fn verify_server_cert(
            &self,
-            end_entity: &rustls_pki_types_1::CertificateDer::CertificateDer<'_>,
-            intermediates: &[rustls_pki_types_1::CertificateDer::CertificateDer<'_>],
-            server_name: &rustls_pki_types_1::CertificateDer::ServerName<'_>,
-            ocsp_response: &[u8],
-            now: rustls_pki_types_1::CertificateDer::UnixTime,
+            _end_entity: &CertificateDer<'_>,
+            _intermediates: &[CertificateDer<'_>],
+            _server_name: &ServerName<'_>,
+            _ocsp_response: &[u8],
+            _now: UnixTime,
        ) -> Result<rustls::client::danger::ServerCertVerified, rustls::Error> {
            Ok(rustls::client::danger::ServerCertVerified::assertion())
        }

        fn verify_tls12_signature(
            &self,
-            message: &[u8],
-            cert: &rustls_pki_types_1::CertificateDer<'_>,
-            dss: &rustls::DigitallySignedStruct,
+            _message: &[u8],
+            _cert: &rustls_pki_types_1::CertificateDer<'_>,
+            _dss: &rustls::DigitallySignedStruct,
        ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
            Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
        }

        fn verify_tls13_signature(
            &self,
-            message: &[u8],
-            cert: &rustls_pki_types_1::CertificateDer<'_>,
-            dss: &rustls::DigitallySignedStruct,
+            _message: &[u8],
+            _cert: &rustls_pki_types_1::CertificateDer<'_>,
+            _dss: &rustls::DigitallySignedStruct,
        ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
            Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
        }
@ -134,13 +137,13 @@ async fn accepts_connections() {
    let config = rustls_connector(cert, key);
    let config = Arc::new(config);

-    let mut conn = tokio_rustls::rustls::ClientConnection::new(
+    let mut conn = tokio_rustls_025::rustls::ClientConnection::new(
        config,
        ServerName::try_from("localhost").unwrap(),
    )
    .unwrap();

-    let mut stream = tokio_rustls::rustls::Stream::new(&mut conn, &mut sock);
+    let mut stream = tokio_rustls_025::rustls::Stream::new(&mut conn, &mut sock);

    stream.flush().expect("TLS handshake failed");
 }