1
0
mirror of https://github.com/fafhrd91/actix-net synced 2024-11-30 17:44:34 +01:00
actix-net/actix-tls/tests/accept-rustls.rs
dependabot[bot] 77588aba81
build(deps): update rcgen requirement from 0.12 to 0.13 (#590)
* build(deps): update rcgen requirement from 0.12 to 0.13

Updates the requirements on [rcgen](https://github.com/rustls/rcgen) to permit the latest version.
- [Commits](https://github.com/rustls/rcgen/compare/v0.12.0...v0.13.1)

---
updated-dependencies:
- dependency-name: rcgen
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: fix rcgen tests

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Rob Ede <robjtede@icloud.com>
2024-08-06 23:54:18 +00:00

112 lines
3.1 KiB
Rust

//! Use OpenSSL connector to test Rustls acceptor.
#![cfg(all(
feature = "accept",
feature = "connect",
feature = "rustls-0_23",
feature = "openssl"
))]
extern crate tls_openssl as openssl;
use std::io::{BufReader, Write};
use actix_rt::net::TcpStream;
use actix_server::TestServer;
use actix_service::ServiceFactoryExt as _;
use actix_tls::{
accept::rustls_0_23::{reexports::ServerConfig, Acceptor, TlsStream},
connect::openssl::reexports::SslConnector,
};
use actix_utils::future::ok;
use rustls_pemfile::{certs, pkcs8_private_keys};
use rustls_pki_types_1::PrivateKeyDer;
use tls_openssl::ssl::SslVerifyMode;
fn new_cert_and_key() -> (String, String) {
let rcgen::CertifiedKey { cert, key_pair } =
rcgen::generate_simple_self_signed(vec!["127.0.0.1".to_owned(), "localhost".to_owned()])
.unwrap();
let key = key_pair.serialize_pem();
let cert = cert.pem();
(cert, key)
}
fn rustls_server_config(cert: String, key: String) -> ServerConfig {
// Load TLS key and cert files
let cert = &mut BufReader::new(cert.as_bytes());
let key = &mut BufReader::new(key.as_bytes());
let cert_chain = certs(cert).collect::<Result<Vec<_>, _>>().unwrap();
let mut keys = pkcs8_private_keys(key)
.collect::<Result<Vec<_>, _>>()
.unwrap();
let mut config = ServerConfig::builder()
.with_no_client_auth()
.with_single_cert(cert_chain, PrivateKeyDer::Pkcs8(keys.remove(0)))
.unwrap();
config.alpn_protocols = vec![b"http/1.1".to_vec()];
config
}
fn openssl_connector(cert: String, key: String) -> SslConnector {
use actix_tls::connect::openssl::reexports::SslMethod;
use openssl::{pkey::PKey, x509::X509};
let cert = X509::from_pem(cert.as_bytes()).unwrap();
let key = PKey::private_key_from_pem(key.as_bytes()).unwrap();
let mut ssl = SslConnector::builder(SslMethod::tls()).unwrap();
ssl.set_verify(SslVerifyMode::NONE);
ssl.set_certificate(&cert).unwrap();
ssl.set_private_key(&key).unwrap();
ssl.set_alpn_protos(b"\x08http/1.1").unwrap();
ssl.build()
}
#[actix_rt::test]
async fn accepts_connections() {
tokio_rustls_026::rustls::crypto::aws_lc_rs::default_provider()
.install_default()
.unwrap();
let (cert, key) = new_cert_and_key();
let srv = TestServer::start({
let cert = cert.clone();
let key = key.clone();
move || {
let tls_acceptor = Acceptor::new(rustls_server_config(cert.clone(), key.clone()));
tls_acceptor
.map_err(|err| println!("Rustls error: {:?}", err))
.and_then(move |_stream: TlsStream<TcpStream>| ok(()))
}
});
let sock = srv
.connect()
.expect("cannot connect to test server")
.into_std()
.unwrap();
sock.set_nonblocking(false).unwrap();
let connector = openssl_connector(cert, key);
let mut stream = connector
.connect("localhost", sock)
.expect("TLS handshake failed");
stream.do_handshake().expect("TLS handshake failed");
stream.flush().expect("TLS handshake failed");
}