feat(actix-tls): support for rustls 0.23 (#554)

* Add feature for using rustls 0.23 * Fix mistake * Fix use of wrong tokio rustls package * Fix accept openssl test * Use rustls 0.23 for the example * Install nasm in CI step for windows * Change outdated step name * Fix CI mistake * test: install default crypto provider in tests * docs: update changelog --------- Co-authored-by: Rob Ede <robjtede@icloud.com>
2025-06-26 19:47:43 +02:00 · 2024-05-12 14:47:49 -04:00
parent 1db640f62e
commit db7988609e
11 changed files with 408 additions and 19 deletions
--- a/actix-tls/tests/accept-openssl.rs
+++ b/actix-tls/tests/accept-openssl.rs
@ -3,7 +3,7 @@
 #![cfg(all(
    feature = "accept",
    feature = "connect",
-    feature = "rustls-0_22",
+    feature = "rustls-0_23",
    feature = "openssl"
 ))]

@ -14,11 +14,11 @@ use actix_server::TestServer;
 use actix_service::ServiceFactoryExt as _;
 use actix_tls::{
    accept::openssl::{Acceptor, TlsStream},
-    connect::rustls_0_22::reexports::ClientConfig,
+    connect::rustls_0_23::reexports::ClientConfig,
 };
 use actix_utils::future::ok;
 use rustls_pki_types_1::ServerName;
-use tokio_rustls_025::rustls::RootCertStore;
+use tokio_rustls_026::rustls::RootCertStore;

 fn new_cert_and_key() -> (String, String) {
    let cert =
@ -51,7 +51,7 @@ fn openssl_acceptor(cert: String, key: String) -> tls_openssl::ssl::SslAcceptor

 mod danger {
    use rustls_pki_types_1::{CertificateDer, ServerName, UnixTime};
-    use tokio_rustls_025::rustls;
+    use tokio_rustls_026::rustls;

    /// Disables certificate verification to allow self-signed certs from rcgen.
    #[derive(Debug)]
@ -63,7 +63,7 @@ mod danger {
            _end_entity: &CertificateDer<'_>,
            _intermediates: &[CertificateDer<'_>],
            _server_name: &ServerName<'_>,
-            _ocsp_response: &[u8],
+            _ocsp: &[u8],
            _now: UnixTime,
        ) -> Result<rustls::client::danger::ServerCertVerified, rustls::Error> {
            Ok(rustls::client::danger::ServerCertVerified::assertion())
@ -111,6 +111,10 @@ fn rustls_connector(_cert: String, _key: String) -> ClientConfig {

 #[actix_rt::test]
 async fn accepts_connections() {
+    tokio_rustls_026::rustls::crypto::aws_lc_rs::default_provider()
+        .install_default()
+        .unwrap();
+
    let (cert, key) = new_cert_and_key();

    let srv = TestServer::start({
@ -137,13 +141,13 @@ async fn accepts_connections() {
    let config = rustls_connector(cert, key);
    let config = Arc::new(config);

-    let mut conn = tokio_rustls_025::rustls::ClientConnection::new(
+    let mut conn = tokio_rustls_026::rustls::ClientConnection::new(
        config,
        ServerName::try_from("localhost").unwrap(),
    )
    .unwrap();

-    let mut stream = tokio_rustls_025::rustls::Stream::new(&mut conn, &mut sock);
+    let mut stream = tokio_rustls_026::rustls::Stream::new(&mut conn, &mut sock);

    stream.flush().expect("TLS handshake failed");
 }
--- a/actix-tls/tests/accept-rustls.rs
+++ b/actix-tls/tests/accept-rustls.rs
@ -3,7 +3,7 @@
 #![cfg(all(
    feature = "accept",
    feature = "connect",
-    feature = "rustls-0_22",
+    feature = "rustls-0_23",
    feature = "openssl"
 ))]

@ -15,7 +15,7 @@ use actix_rt::net::TcpStream;
 use actix_server::TestServer;
 use actix_service::ServiceFactoryExt as _;
 use actix_tls::{
-    accept::rustls_0_22::{reexports::ServerConfig, Acceptor, TlsStream},
+    accept::rustls_0_23::{reexports::ServerConfig, Acceptor, TlsStream},
    connect::openssl::reexports::SslConnector,
 };
 use actix_utils::future::ok;
@ -73,6 +73,10 @@ fn openssl_connector(cert: String, key: String) -> SslConnector {

 #[actix_rt::test]
 async fn accepts_connections() {
+    tokio_rustls_026::rustls::crypto::aws_lc_rs::default_provider()
+        .install_default()
+        .unwrap();
+
    let (cert, key) = new_cert_and_key();

    let srv = TestServer::start({
--- a/actix-tls/tests/test_connect.rs
+++ b/actix-tls/tests/test_connect.rs
@ -30,7 +30,7 @@ async fn test_string() {
    assert_eq!(con.peer_addr().unwrap(), srv.addr());
 }

-#[cfg(feature = "rustls-0_22")]
+#[cfg(feature = "rustls-0_23")]
 #[actix_rt::test]
 async fn test_rustls_string() {
    let srv = TestServer::start(|| {
@ -112,7 +112,7 @@ async fn test_openssl_uri() {
    assert_eq!(con.peer_addr().unwrap(), srv.addr());
 }

-#[cfg(all(feature = "rustls-0_22", feature = "uri"))]
+#[cfg(all(feature = "rustls-0_23", feature = "uri"))]
 #[actix_rt::test]
 async fn test_rustls_uri_http1() {
    let srv = TestServer::start(|| {
@ -129,7 +129,7 @@ async fn test_rustls_uri_http1() {
    assert_eq!(con.peer_addr().unwrap(), srv.addr());
 }

-#[cfg(all(feature = "rustls-0_22", feature = "uri"))]
+#[cfg(all(feature = "rustls-0_23", feature = "uri"))]
 #[actix_rt::test]
 async fn test_rustls_uri() {
    let srv = TestServer::start(|| {