Rustls v0.22 support (#3275)

2025-06-26 06:57:43 +02:00 · 2024-02-03 23:55:01 +00:00
parent b1eb57ac4f
commit 2125aca2c5
24 changed files with 719 additions and 196 deletions
--- a/actix-http/examples/tls_rustls.rs
+++ b/actix-http/examples/tls_rustls.rs
@ -12,7 +12,7 @@
 //! Protocol: HTTP/1.1
 //! ```

-extern crate tls_rustls_021 as rustls;
+extern crate tls_rustls_022 as rustls;

 use std::io;

@ -36,7 +36,7 @@ async fn main() -> io::Result<()> {
                    );
                    ok::<_, Error>(Response::ok().set_body(body))
                })
-                .rustls_021(rustls_config())
+                .rustls_0_22(rustls_config())
        })?
        .run()
        .await
@ -51,16 +51,18 @@ fn rustls_config() -> rustls::ServerConfig {
    let key_file = &mut io::BufReader::new(key_file.as_bytes());

    let cert_chain = rustls_pemfile::certs(cert_file)
-        .unwrap()
-        .into_iter()
-        .map(rustls::Certificate)
-        .collect();
-    let mut keys = rustls_pemfile::pkcs8_private_keys(key_file).unwrap();
+        .collect::<Result<Vec<_>, _>>()
+        .unwrap();
+    let mut keys = rustls_pemfile::pkcs8_private_keys(key_file)
+        .collect::<Result<Vec<_>, _>>()
+        .unwrap();

    let mut config = rustls::ServerConfig::builder()
-        .with_safe_defaults()
        .with_no_client_auth()
-        .with_single_cert(cert_chain, rustls::PrivateKey(keys.remove(0)))
+        .with_single_cert(
+            cert_chain,
+            rustls::pki_types::PrivateKeyDer::Pkcs8(keys.remove(0)),
+        )
        .unwrap();

    const H1_ALPN: &[u8] = b"http/1.1";
--- a/actix-http/examples/ws.rs
+++ b/actix-http/examples/ws.rs
@ -1,7 +1,7 @@
 //! Sets up a WebSocket server over TCP and TLS.
 //! Sends a heartbeat message every 4 seconds but does not respond to any incoming frames.

-extern crate tls_rustls_021 as rustls;
+extern crate tls_rustls_022 as rustls;

 use std::{
    io,
@ -30,7 +30,7 @@ async fn main() -> io::Result<()> {
        .bind("tls", ("127.0.0.1", 8443), || {
            HttpService::build()
                .finish(handler)
-                .rustls_021(tls_config())
+                .rustls_0_22(tls_config())
        })?
        .run()
        .await
@ -85,7 +85,6 @@ impl Stream for Heartbeat {
 fn tls_config() -> rustls::ServerConfig {
    use std::io::BufReader;

-    use rustls::{Certificate, PrivateKey};
    use rustls_pemfile::{certs, pkcs8_private_keys};

    let cert = rcgen::generate_simple_self_signed(vec!["localhost".to_owned()]).unwrap();
@ -95,17 +94,17 @@ fn tls_config() -> rustls::ServerConfig {
    let cert_file = &mut BufReader::new(cert_file.as_bytes());
    let key_file = &mut BufReader::new(key_file.as_bytes());

-    let cert_chain = certs(cert_file)
-        .unwrap()
-        .into_iter()
-        .map(Certificate)
-        .collect();
-    let mut keys = pkcs8_private_keys(key_file).unwrap();
+    let cert_chain = certs(cert_file).collect::<Result<Vec<_>, _>>().unwrap();
+    let mut keys = pkcs8_private_keys(key_file)
+        .collect::<Result<Vec<_>, _>>()
+        .unwrap();

    let mut config = rustls::ServerConfig::builder()
-        .with_safe_defaults()
        .with_no_client_auth()
-        .with_single_cert(cert_chain, PrivateKey(keys.remove(0)))
+        .with_single_cert(
+            cert_chain,
+            rustls::pki_types::PrivateKeyDer::Pkcs8(keys.remove(0)),
+        )
        .unwrap();

    config.alpn_protocols.push(b"http/1.1".to_vec());