1
0
mirror of https://github.com/fafhrd91/actix-net synced 2024-11-27 20:12:58 +01:00
actix-net/actix-tls/tests/accept-rustls.rs
SleeplessOne1917 db7988609e
feat(actix-tls): support for rustls 0.23 (#554)
* Add feature for using rustls 0.23

* Fix mistake

* Fix use of wrong tokio rustls package

* Fix accept openssl test

* Use rustls 0.23 for the example

* Install nasm in CI step for windows

* Change outdated step name

* Fix CI mistake

* test: install default crypto provider in tests

* docs: update changelog

---------

Co-authored-by: Rob Ede <robjtede@icloud.com>
2024-05-12 18:47:49 +00:00

112 lines
3.1 KiB
Rust

//! Use OpenSSL connector to test Rustls acceptor.
#![cfg(all(
feature = "accept",
feature = "connect",
feature = "rustls-0_23",
feature = "openssl"
))]
extern crate tls_openssl as openssl;
use std::io::{BufReader, Write};
use actix_rt::net::TcpStream;
use actix_server::TestServer;
use actix_service::ServiceFactoryExt as _;
use actix_tls::{
accept::rustls_0_23::{reexports::ServerConfig, Acceptor, TlsStream},
connect::openssl::reexports::SslConnector,
};
use actix_utils::future::ok;
use rustls_pemfile::{certs, pkcs8_private_keys};
use rustls_pki_types_1::PrivateKeyDer;
use tls_openssl::ssl::SslVerifyMode;
fn new_cert_and_key() -> (String, String) {
let cert =
rcgen::generate_simple_self_signed(vec!["127.0.0.1".to_owned(), "localhost".to_owned()])
.unwrap();
let key = cert.serialize_private_key_pem();
let cert = cert.serialize_pem().unwrap();
(cert, key)
}
fn rustls_server_config(cert: String, key: String) -> ServerConfig {
// Load TLS key and cert files
let cert = &mut BufReader::new(cert.as_bytes());
let key = &mut BufReader::new(key.as_bytes());
let cert_chain = certs(cert).collect::<Result<Vec<_>, _>>().unwrap();
let mut keys = pkcs8_private_keys(key)
.collect::<Result<Vec<_>, _>>()
.unwrap();
let mut config = ServerConfig::builder()
.with_no_client_auth()
.with_single_cert(cert_chain, PrivateKeyDer::Pkcs8(keys.remove(0)))
.unwrap();
config.alpn_protocols = vec![b"http/1.1".to_vec()];
config
}
fn openssl_connector(cert: String, key: String) -> SslConnector {
use actix_tls::connect::openssl::reexports::SslMethod;
use openssl::{pkey::PKey, x509::X509};
let cert = X509::from_pem(cert.as_bytes()).unwrap();
let key = PKey::private_key_from_pem(key.as_bytes()).unwrap();
let mut ssl = SslConnector::builder(SslMethod::tls()).unwrap();
ssl.set_verify(SslVerifyMode::NONE);
ssl.set_certificate(&cert).unwrap();
ssl.set_private_key(&key).unwrap();
ssl.set_alpn_protos(b"\x08http/1.1").unwrap();
ssl.build()
}
#[actix_rt::test]
async fn accepts_connections() {
tokio_rustls_026::rustls::crypto::aws_lc_rs::default_provider()
.install_default()
.unwrap();
let (cert, key) = new_cert_and_key();
let srv = TestServer::start({
let cert = cert.clone();
let key = key.clone();
move || {
let tls_acceptor = Acceptor::new(rustls_server_config(cert.clone(), key.clone()));
tls_acceptor
.map_err(|err| println!("Rustls error: {:?}", err))
.and_then(move |_stream: TlsStream<TcpStream>| ok(()))
}
});
let sock = srv
.connect()
.expect("cannot connect to test server")
.into_std()
.unwrap();
sock.set_nonblocking(false).unwrap();
let connector = openssl_connector(cert, key);
let mut stream = connector
.connect("localhost", sock)
.expect("TLS handshake failed");
stream.do_handshake().expect("TLS handshake failed");
stream.flush().expect("TLS handshake failed");
}