check ulimit

Co-authored-by: Rob Ede <robjtede@icloud.com>

.github/workflows/ci.yml

@@ -7,6 +7,18 @@ on:
     branches: [master]
 
 jobs:
+  check_ulimit:
+    name: check ulimit (temp)
+    runs-on: ubuntu-latest
+    steps:
+      - name: check ulimit
+        run: |
+          which sudo || true
+          ulimit -a || true
+          sudo ulimit -a || true
+          ulimit -l 512 || true
+          sudo ulimit -l 512 || true
+
   build_and_test:
     strategy:
       fail-fast: false

actix-server/Cargo.toml

@@ -32,7 +32,7 @@ num_cpus = "1.13"
 tokio = { version = "1.5.1", features = ["sync"] }
 
 [dev-dependencies]
-actix-codec = "0.4.0-beta.1"
+actix-codec = "0.4.0"
 actix-rt = "2.0.0"
 
 bytes = "1"

actix-tls/CHANGES.md

@@ -1,17 +1,24 @@
 # Changes
 
 ## Unreleased - 2021-xx-xx
+
+
+## 3.0.0-beta.6 - 2021-10-19
+* Update `tokio-rustls` to `0.23` which uses `rustls` `0.20`. [#396]
+* Removed a re-export of `Session` from `rustls` as it no longer exist. [#396]
 * Minimum supported Rust version (MSRV) is now 1.52.
 
+[#396]: https://github.com/actix/actix-net/pull/396
+
 
 ## 3.0.0-beta.5 - 2021-03-29
-* Changed `connect::ssl::rustls::RustlsConnectorService` to return error when `DNSNameRef` 
+* Changed `connect::ssl::rustls::RustlsConnectorService` to return error when `DNSNameRef`
   generation failed instead of panic. [#296]
 * Remove `connect::ssl::openssl::OpensslConnectServiceFactory`. [#297]
 * Remove `connect::ssl::openssl::OpensslConnectService`. [#297]
 * Add `connect::ssl::native_tls` module for native tls support. [#295]
 * Rename `accept::{nativetls => native_tls}`. [#295]
-* Remove `connect::TcpConnectService` type. service caller expect a `TcpStream` should use 
+* Remove `connect::TcpConnectService` type. service caller expect a `TcpStream` should use
   `connect::ConnectService` instead and call `Connection<T, TcpStream>::into_parts`. [#299]
 
 [#295]: https://github.com/actix/actix-net/pull/295

actix-tls/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "actix-tls"
-version = "3.0.0-beta.5"
+version = "3.0.0-beta.6"
 authors = ["Nikolay Kim <fafhrd91@gmail.com>"]
 description = "TLS acceptor and connector services for Actix ecosystem"
 keywords = ["network", "tls", "ssl", "async", "transport"]
@@ -38,7 +38,7 @@ native-tls = ["tokio-native-tls"]
 uri = ["http"]
 
 [dependencies]
-actix-codec = "0.4.0-beta.1"
+actix-codec = "0.4.0"
 actix-rt = { version = "2.2.0", default-features = false }
 actix-service = "2.0.0"
 actix-utils = "3.0.0"
@@ -54,8 +54,8 @@ tls-openssl = { package = "openssl", version = "0.10.9", optional = true }
 tokio-openssl = { version = "0.6", optional = true }
 
 # rustls
-tokio-rustls = { version = "0.22", optional = true }
-webpki-roots = { version = "0.21", optional = true }
+tokio-rustls = { version = "0.23", optional = true }
+webpki-roots = { version = "0.22", optional = true }
 
 # native-tls
 tokio-native-tls = { version = "0.3", optional = true }
@@ -67,6 +67,7 @@ bytes = "1"
 env_logger = "0.8"
 futures-util = { version = "0.3.7", default-features = false, features = ["sink"] }
 log = "0.4"
+rustls-pemfile = "0.2.1"
 trust-dns-resolver = "0.20.0"
 
 [[example]]

actix-tls/examples/tcp-rustls.rs

@@ -35,25 +35,29 @@ use actix_service::ServiceFactoryExt as _;
 use actix_tls::accept::rustls::{Acceptor as RustlsAcceptor, TlsStream};
 use futures_util::future::ok;
 use log::info;
-use rustls::{
-    internal::pemfile::certs, internal::pemfile::rsa_private_keys, NoClientAuth, ServerConfig,
-};
+use rustls::{server::ServerConfig, Certificate, PrivateKey};
+use rustls_pemfile::{certs, rsa_private_keys};
 
 #[actix_rt::main]
 async fn main() -> io::Result<()> {
     env::set_var("RUST_LOG", "info");
     env_logger::init();
 
-    let mut tls_config = ServerConfig::new(NoClientAuth::new());
-
     // Load TLS key and cert files
     let cert_file = &mut BufReader::new(File::open("./examples/cert.pem").unwrap());
     let key_file = &mut BufReader::new(File::open("./examples/key.pem").unwrap());
 
-    let cert_chain = certs(cert_file).unwrap();
+    let cert_chain = certs(cert_file)
+        .unwrap()
+        .into_iter()
+        .map(Certificate)
+        .collect();
     let mut keys = rsa_private_keys(key_file).unwrap();
-    tls_config
-        .set_single_cert(cert_chain, keys.remove(0))
+
+    let tls_config = ServerConfig::builder()
+        .with_safe_defaults()
+        .with_no_client_auth()
+        .with_single_cert(cert_chain, PrivateKey(keys.remove(0)))
         .unwrap();
 
     let tls_acceptor = RustlsAcceptor::new(tls_config);

actix-tls/src/accept/rustls.rs

@@ -14,7 +14,7 @@ use actix_utils::counter::{Counter, CounterGuard};
 use futures_core::future::LocalBoxFuture;
 use tokio_rustls::{Accept, TlsAcceptor};
 
-pub use tokio_rustls::rustls::{ServerConfig, Session};
+pub use tokio_rustls::rustls::ServerConfig;
 
 use super::MAX_CONN_COUNTER;
 

actix-tls/src/connect/mod.rs

@@ -22,6 +22,8 @@ mod error;
 mod resolve;
 mod service;
 pub mod ssl;
+#[doc(inline)]
+pub use ssl as tls;
 #[cfg(feature = "uri")]
 mod uri;
 

actix-tls/src/connect/ssl/rustls.rs

@@ -1,4 +1,5 @@
 use std::{
+    convert::TryFrom,
     future::Future,
     io,
     pin::Pin,
@@ -6,7 +7,6 @@ use std::{
     task::{Context, Poll},
 };
 
-pub use tokio_rustls::rustls::Session;
 pub use tokio_rustls::{client::TlsStream, rustls::ClientConfig};
 pub use webpki_roots::TLS_SERVER_ROOTS;
 
@@ -14,7 +14,7 @@ use actix_rt::net::ActixStream;
 use actix_service::{Service, ServiceFactory};
 use futures_core::{future::LocalBoxFuture, ready};
 use log::trace;
-use tokio_rustls::webpki::DNSNameRef;
+use tokio_rustls::rustls::client::ServerName;
 use tokio_rustls::{Connect, TlsConnector};
 
 use crate::connect::{Address, Connection};
@@ -89,7 +89,7 @@ where
         trace!("SSL Handshake start for: {:?}", connection.host());
         let (stream, connection) = connection.replace_io(());
 
-        match DNSNameRef::try_from_ascii_str(connection.host()) {
+        match ServerName::try_from(connection.host()) {
             Ok(host) => RustlsConnectorServiceFuture::Future {
                 connect: TlsConnector::from(self.connector.clone()).connect(host, stream),
                 connection: Some(connection),