actix-web: Add rustls 0.23 (#3363)

* Fix type confusion in some scenarios When the feature for rustls 0.22 is enabled, and rustls 0.23 is also present in a project, there suddently exist multiple paths for errors when building middleware chains due to the use of two consecutive `?` operators without specifying the intermediate error type. This commit addresses the issue by removing the first `?`, so that the first error type will always be known, and the second `?` always has a well defined implementation. * Add CHANGES entry about type confusion * actix-http: add rustls 0.23 support * actix-http: update ws example, tests for rustls 0.23 * actix-http: add rustls 0.23 to changelog * Update comments to mention 0.23 instead of 0.22 * awc: add rustls 0.23 support This also fixes certificate lookup when native-roots is enabled for rustls 0.22. * awc: update changelog for rustls 0.23 * awc: Add base rustls-0_23 feature without roots to better enable custom config * actix-test: add rustls-0.23 * actix-test: add rustls 0.23 to changelog * awc: update changelog with rustls 0.23 tweaks * actix-web: add rustls 0.23 * Add rustls-0_23 to CI * Update tls_rustls.rs * review nits * review nits part 2 * fix doc test --------- Co-authored-by: Rob Ede <robjtede@icloud.com>
2025-06-26 15:07:42 +02:00 · 2024-05-18 14:05:58 -05:00
parent 48d7adb7bf
commit 2e63ff5928
14 changed files with 292 additions and 24 deletions
--- a/awc/tests/test_rustls_client.rs
+++ b/awc/tests/test_rustls_client.rs
@ -1,6 +1,6 @@
-#![cfg(feature = "rustls-0_22-webpki-roots")]
+#![cfg(feature = "rustls-0_23-webpki-roots")]

-extern crate tls_rustls_0_22 as rustls;
+extern crate tls_rustls_0_23 as rustls;

 use std::{
    io::BufReader,
@ -13,7 +13,7 @@ use std::{
 use actix_http::HttpService;
 use actix_http_test::test_server;
 use actix_service::{fn_service, map_config, ServiceFactoryExt};
-use actix_tls::connect::rustls_0_22::webpki_roots_cert_store;
+use actix_tls::connect::rustls_0_23::webpki_roots_cert_store;
 use actix_utils::future::ok;
 use actix_web::{dev::AppConfig, http::Version, web, App, HttpResponse};
 use rustls::{
@ -83,7 +83,7 @@ mod danger {
        }

        fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
-            rustls::crypto::ring::default_provider()
+            rustls::crypto::aws_lc_rs::default_provider()
                .signature_verification_algorithms
                .supported_schemes()
        }
@ -107,7 +107,7 @@ async fn test_connection_reuse_h2() {
                    App::new().service(web::resource("/").route(web::to(HttpResponse::Ok))),
                    |_| AppConfig::default(),
                ))
-                .rustls_0_22(tls_config())
+                .rustls_0_23(tls_config())
                .map_err(|_| ()),
        )
    })
@ -126,7 +126,7 @@ async fn test_connection_reuse_h2() {
        .set_certificate_verifier(Arc::new(danger::NoCertificateVerification));

    let client = awc::Client::builder()
-        .connector(awc::Connector::new().rustls_0_22(Arc::new(config)))
+        .connector(awc::Connector::new().rustls_0_23(Arc::new(config)))
        .finish();

    // req 1