Rustls v0.22 support (#3275)

2025-06-26 15:07:42 +02:00 · 2024-02-03 23:55:01 +00:00
parent b1eb57ac4f
commit 2125aca2c5
24 changed files with 719 additions and 196 deletions
--- a/actix-http/tests/test_rustls.rs
+++ b/actix-http/tests/test_rustls.rs
@ -1,6 +1,6 @@
-#![cfg(feature = "rustls-0_21")]
+#![cfg(feature = "rustls-0_22")]

-extern crate tls_rustls_021 as rustls;
+extern crate tls_rustls_022 as rustls;

 use std::{
    convert::Infallible,
@ -20,13 +20,13 @@ use actix_http::{
 use actix_http_test::test_server;
 use actix_rt::pin;
 use actix_service::{fn_factory_with_config, fn_service};
-use actix_tls::connect::rustls_0_21::webpki_roots_cert_store;
+use actix_tls::connect::rustls_0_22::webpki_roots_cert_store;
 use actix_utils::future::{err, ok, poll_fn};
 use bytes::{Bytes, BytesMut};
 use derive_more::{Display, Error};
 use futures_core::{ready, Stream};
 use futures_util::stream::once;
-use rustls::{Certificate, PrivateKey, ServerConfig as RustlsServerConfig, ServerName};
+use rustls::{pki_types::ServerName, ServerConfig as RustlsServerConfig};
 use rustls_pemfile::{certs, pkcs8_private_keys};

 async fn load_body<S>(stream: S) -> Result<BytesMut, PayloadError>
@ -59,17 +59,17 @@ fn tls_config() -> RustlsServerConfig {
    let cert_file = &mut BufReader::new(cert_file.as_bytes());
    let key_file = &mut BufReader::new(key_file.as_bytes());

-    let cert_chain = certs(cert_file)
-        .unwrap()
-        .into_iter()
-        .map(Certificate)
-        .collect();
-    let mut keys = pkcs8_private_keys(key_file).unwrap();
+    let cert_chain = certs(cert_file).collect::<Result<Vec<_>, _>>().unwrap();
+    let mut keys = pkcs8_private_keys(key_file)
+        .collect::<Result<Vec<_>, _>>()
+        .unwrap();

    let mut config = RustlsServerConfig::builder()
-        .with_safe_defaults()
        .with_no_client_auth()
-        .with_single_cert(cert_chain, PrivateKey(keys.remove(0)))
+        .with_single_cert(
+            cert_chain,
+            rustls::pki_types::PrivateKeyDer::Pkcs8(keys.remove(0)),
+        )
        .unwrap();

    config.alpn_protocols.push(HTTP1_1_ALPN_PROTOCOL.to_vec());
@ -83,7 +83,6 @@ pub fn get_negotiated_alpn_protocol(
    client_alpn_protocol: &[u8],
 ) -> Option<Vec<u8>> {
    let mut config = rustls::ClientConfig::builder()
-        .with_safe_defaults()
        .with_root_certificates(webpki_roots_cert_store())
        .with_no_client_auth();

@ -109,7 +108,7 @@ async fn h1() -> io::Result<()> {
    let srv = test_server(move || {
        HttpService::build()
            .h1(|_| ok::<_, Error>(Response::ok()))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -123,7 +122,7 @@ async fn h2() -> io::Result<()> {
    let srv = test_server(move || {
        HttpService::build()
            .h2(|_| ok::<_, Error>(Response::ok()))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -141,7 +140,7 @@ async fn h1_1() -> io::Result<()> {
                assert_eq!(req.version(), Version::HTTP_11);
                ok::<_, Error>(Response::ok())
            })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -159,7 +158,7 @@ async fn h2_1() -> io::Result<()> {
                assert_eq!(req.version(), Version::HTTP_2);
                ok::<_, Error>(Response::ok())
            })
-            .rustls_021_with_config(
+            .rustls_0_22_with_config(
                tls_config(),
                TlsAcceptorConfig::default().handshake_timeout(Duration::from_secs(5)),
            )
@ -180,7 +179,7 @@ async fn h2_body1() -> io::Result<()> {
                let body = load_body(req.take_payload()).await?;
                Ok::<_, Error>(Response::ok().set_body(body))
            })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -206,7 +205,7 @@ async fn h2_content_length() {
                ];
                ok::<_, Infallible>(Response::new(statuses[indx]))
            })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -278,7 +277,7 @@ async fn h2_headers() {
                }
                ok::<_, Infallible>(config.body(data.clone()))
            })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -317,7 +316,7 @@ async fn h2_body2() {
    let mut srv = test_server(move || {
        HttpService::build()
            .h2(|_| ok::<_, Infallible>(Response::ok().set_body(STR)))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -334,7 +333,7 @@ async fn h2_head_empty() {
    let mut srv = test_server(move || {
        HttpService::build()
            .finish(|_| ok::<_, Infallible>(Response::ok().set_body(STR)))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -360,7 +359,7 @@ async fn h2_head_binary() {
    let mut srv = test_server(move || {
        HttpService::build()
            .h2(|_| ok::<_, Infallible>(Response::ok().set_body(STR)))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -385,7 +384,7 @@ async fn h2_head_binary2() {
    let srv = test_server(move || {
        HttpService::build()
            .h2(|_| ok::<_, Infallible>(Response::ok().set_body(STR)))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -411,7 +410,7 @@ async fn h2_body_length() {
                    Response::ok().set_body(SizedStream::new(STR.len() as u64, body)),
                )
            })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -435,7 +434,7 @@ async fn h2_body_chunked_explicit() {
                        .body(BodyStream::new(body)),
                )
            })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -464,7 +463,7 @@ async fn h2_response_http_error_handling() {
                    )
                }))
            }))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -494,7 +493,7 @@ async fn h2_service_error() {
    let mut srv = test_server(move || {
        HttpService::build()
            .h2(|_| err::<Response<BoxBody>, _>(BadRequest))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -511,7 +510,7 @@ async fn h1_service_error() {
    let mut srv = test_server(move || {
        HttpService::build()
            .h1(|_| err::<Response<BoxBody>, _>(BadRequest))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -534,7 +533,7 @@ async fn alpn_h1() -> io::Result<()> {
        config.alpn_protocols.push(CUSTOM_ALPN_PROTOCOL.to_vec());
        HttpService::build()
            .h1(|_| ok::<_, Error>(Response::ok()))
-            .rustls_021(config)
+            .rustls_0_22(config)
    })
    .await;

@ -556,7 +555,7 @@ async fn alpn_h2() -> io::Result<()> {
        config.alpn_protocols.push(CUSTOM_ALPN_PROTOCOL.to_vec());
        HttpService::build()
            .h2(|_| ok::<_, Error>(Response::ok()))
-            .rustls_021(config)
+            .rustls_0_22(config)
    })
    .await;

@ -582,7 +581,7 @@ async fn alpn_h2_1() -> io::Result<()> {
        config.alpn_protocols.push(CUSTOM_ALPN_PROTOCOL.to_vec());
        HttpService::build()
            .finish(|_| ok::<_, Error>(Response::ok()))
-            .rustls_021(config)
+            .rustls_0_22(config)
    })
    .await;