use rcgen for tls key generation (#1989)

2025-06-25 06:39:22 +02:00 · 2021-02-13 17:16:36 +00:00
parent 3279070f9f
commit 7fa6333a0c
15 changed files with 226 additions and 185 deletions
--- a/awc/tests/test_connector.rs
+++ b/awc/tests/test_connector.rs
@ -7,17 +7,23 @@ use actix_http_test::test_server;
 use actix_service::{map_config, ServiceFactoryExt};
 use actix_web::http::Version;
 use actix_web::{dev::AppConfig, web, App, HttpResponse};
-use openssl::ssl::{SslAcceptor, SslConnector, SslFiletype, SslMethod, SslVerifyMode};
+use openssl::{
+    pkey::PKey,
+    ssl::{SslAcceptor, SslConnector, SslMethod, SslVerifyMode},
+    x509::X509,
+};
+
+fn tls_config() -> SslAcceptor {
+    let cert = rcgen::generate_simple_self_signed(vec!["localhost".to_owned()]).unwrap();
+    let cert_file = cert.serialize_pem().unwrap();
+    let key_file = cert.serialize_private_key_pem();
+    let cert = X509::from_pem(cert_file.as_bytes()).unwrap();
+    let key = PKey::private_key_from_pem(key_file.as_bytes()).unwrap();

-fn ssl_acceptor() -> SslAcceptor {
-    // load ssl keys
    let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
-    builder
-        .set_private_key_file("../tests/key.pem", SslFiletype::PEM)
-        .unwrap();
-    builder
-        .set_certificate_chain_file("../tests/cert.pem")
-        .unwrap();
+    builder.set_certificate(&cert).unwrap();
+    builder.set_private_key(&key).unwrap();
+
    builder.set_alpn_select_callback(|_, protos| {
        const H2: &[u8] = b"\x02h2";
        if protos.windows(3).any(|window| window == H2) {
@ -27,6 +33,7 @@ fn ssl_acceptor() -> SslAcceptor {
        }
    });
    builder.set_alpn_protos(b"\x02h2").unwrap();
+
    builder.build()
 }

@ -38,7 +45,7 @@ async fn test_connection_window_size() {
                App::new().service(web::resource("/").route(web::to(HttpResponse::Ok))),
                |_| AppConfig::default(),
            ))
-            .openssl(ssl_acceptor())
+            .openssl(tls_config())
            .map_err(|_| ())
    })
    .await;
--- a/awc/tests/test_ssl_client.rs
+++ b/awc/tests/test_ssl_client.rs
@ -11,17 +11,23 @@ use actix_service::{map_config, pipeline_factory, ServiceFactoryExt};
 use actix_web::http::Version;
 use actix_web::{dev::AppConfig, web, App, HttpResponse};
 use futures_util::future::ok;
-use openssl::ssl::{SslAcceptor, SslConnector, SslFiletype, SslMethod, SslVerifyMode};
+use openssl::{
+    pkey::PKey,
+    ssl::{SslAcceptor, SslConnector, SslMethod, SslVerifyMode},
+    x509::X509,
+};
+
+fn tls_config() -> SslAcceptor {
+    let cert = rcgen::generate_simple_self_signed(vec!["localhost".to_owned()]).unwrap();
+    let cert_file = cert.serialize_pem().unwrap();
+    let key_file = cert.serialize_private_key_pem();
+    let cert = X509::from_pem(cert_file.as_bytes()).unwrap();
+    let key = PKey::private_key_from_pem(key_file.as_bytes()).unwrap();

-fn ssl_acceptor() -> SslAcceptor {
-    // load ssl keys
    let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
-    builder
-        .set_private_key_file("../tests/key.pem", SslFiletype::PEM)
-        .unwrap();
-    builder
-        .set_certificate_chain_file("../tests/cert.pem")
-        .unwrap();
+    builder.set_certificate(&cert).unwrap();
+    builder.set_private_key(&key).unwrap();
+
    builder.set_alpn_select_callback(|_, protos| {
        const H2: &[u8] = b"\x02h2";
        if protos.windows(3).any(|window| window == H2) {
@ -31,6 +37,7 @@ fn ssl_acceptor() -> SslAcceptor {
        }
    });
    builder.set_alpn_protos(b"\x02h2").unwrap();
+
    builder.build()
 }

@ -51,7 +58,7 @@ async fn test_connection_reuse_h2() {
                    App::new().service(web::resource("/").route(web::to(HttpResponse::Ok))),
                    |_| AppConfig::default(),
                ))
-                .openssl(ssl_acceptor())
+                .openssl(tls_config())
                .map_err(|_| ()),
        )
    })