actix/actix-web
1
0
Fork 0
mirror of https://github.com/fafhrd91/actix-web synced 2025-08-31 00:50:20 +02:00
Code Issues Releases Wiki Activity

Actix Web Rustls v0.21 support (#3116)

Browse Source
This commit is contained in:
Rob Ede
2023-08-29 01:11:11 +01:00
committed by GitHub
parent cbf5e948db
commit 905c30af86
23 changed files with 382 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

167
awc/src/client/connector.rs
View File

@@ -43,20 +43,22 @@ enum OurTlsConnector {
#[allow(dead_code)] // false positive; used in build_ssl
OpensslBuilder(actix_tls::connect::openssl::reexports::SslConnectorBuilder),
#[cfg(feature = "rustls")]
Rustls(std::sync::Arc<actix_tls::connect::rustls::reexports::ClientConfig>),
#[cfg(feature = "rustls-0_20")]
Rustls020(std::sync::Arc<actix_tls::connect::rustls_0_20::reexports::ClientConfig>),
#[cfg(feature = "rustls-0_21")]
Rustls021(std::sync::Arc<actix_tls::connect::rustls_0_21::reexports::ClientConfig>),
}
/// Manages HTTP client network connectivity.
///
/// The `Connector` type uses a builder-like combinator pattern for service
/// construction that finishes by calling the `.finish()` method.
/// The `Connector` type uses a builder-like combinator pattern for service construction that
/// finishes by calling the `.finish()` method.
///
/// ```ignore
/// ```no_run
/// use std::time::Duration;
/// use actix_http::client::Connector;
///
/// let connector = Connector::new()
/// let connector = awc::Connector::new()
/// .timeout(Duration::from_secs(5))
/// .finish();
/// ```
@@ -80,22 +82,22 @@ impl Connector<()> {
Connector {
connector: TcpConnector::new(resolver::resolver()).service(),
config: ConnectorConfig::default(),
tls: Self::build_ssl(vec![b"h2".to_vec(), b"http/1.1".to_vec()]),
tls: Self::build_tls(vec![b"h2".to_vec(), b"http/1.1".to_vec()]),
}
}
/// Provides an empty TLS connector when no TLS feature is enabled.
#[cfg(not(any(feature = "openssl", feature = "rustls")))]
fn build_ssl(_: Vec<Vec<u8>>) -> OurTlsConnector {
#[cfg(not(any(feature = "openssl", feature = "rustls-0_20", feature = "rustls-0_21")))]
fn build_tls(_: Vec<Vec<u8>>) -> OurTlsConnector {
OurTlsConnector::None
}
/// Build TLS connector with rustls, based on supplied ALPN protocols
/// Build TLS connector with Rustls v0.21, based on supplied ALPN protocols
///
/// Note that if both `openssl` and `rustls` features are enabled, rustls will be used.
#[cfg(feature = "rustls")]
fn build_ssl(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
use actix_tls::connect::rustls::{reexports::ClientConfig, webpki_roots_cert_store};
/// Note that if other TLS crate features are enabled, Rustls v0.21 will be used.
#[cfg(feature = "rustls-0_21")]
fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
use actix_tls::connect::rustls_0_21::{reexports::ClientConfig, webpki_roots_cert_store};
let mut config = ClientConfig::builder()
.with_safe_defaults()
@@ -104,12 +106,55 @@ impl Connector<()> {
config.alpn_protocols = protocols;
OurTlsConnector::Rustls(std::sync::Arc::new(config))
OurTlsConnector::Rustls021(std::sync::Arc::new(config))
}
/// Build TLS connector with openssl, based on supplied ALPN protocols
#[cfg(all(feature = "openssl", not(feature = "rustls")))]
fn build_ssl(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
/// Build TLS connector with Rustls v0.21, based on supplied ALPN protocols
///
/// Note that if other TLS crate features are enabled, Rustls v0.21 will be used.
#[cfg(all(
all(feature = "rustls-0_20", feature = "openssl"),
not(feature = "rustls-0_21"),
))]
fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
use actix_tls::connect::rustls_0_20::{reexports::ClientConfig, webpki_roots_cert_store};
let mut config = ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(webpki_roots_cert_store())
.with_no_client_auth();
config.alpn_protocols = protocols;
OurTlsConnector::Rustls020(std::sync::Arc::new(config))
}
/// Build TLS connector with Rustls v0.20, based on supplied ALPN protocols
///
/// Note that if other TLS crate features are enabled, Rustls v0.21 will be used.
#[cfg(all(
feature = "rustls-0_20",
not(any(feature = "rustls-0_21", feature = "openssl")),
))]
fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
use actix_tls::connect::rustls_0_20::{reexports::ClientConfig, webpki_roots_cert_store};
let mut config = ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(webpki_roots_cert_store())
.with_no_client_auth();
config.alpn_protocols = protocols;
OurTlsConnector::Rustls020(std::sync::Arc::new(config))
}
/// Build TLS connector with OpenSSL, based on supplied ALPN protocols
#[cfg(all(
feature = "openssl",
not(any(feature = "rustls-0_20", feature = "rustls-0_21")),
))]
fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
use actix_tls::connect::openssl::reexports::{SslConnector, SslMethod};
use bytes::{BufMut, BytesMut};
@@ -129,7 +174,7 @@ impl Connector<()> {
}
impl<S> Connector<S> {
/// Use custom connector.
/// Sets custom connector.
pub fn connector<S1, Io1>(self, connector: S1) -> Connector<S1>
where
Io1: ActixStream + fmt::Debug + 'static,
@@ -158,21 +203,28 @@ where
+ Clone
+ 'static,
{
/// Tcp connection timeout, i.e. max time to connect to remote host including dns name
/// resolution. Set to 5 second by default.
/// Sets TCP connection timeout.
///
/// This is the max time allowed to connect to remote host, including DNS name resolution.
///
/// By default, the timeout is 5 seconds.
pub fn timeout(mut self, timeout: Duration) -> Self {
self.config.timeout = timeout;
self
}
/// Tls handshake timeout, i.e. max time to do tls handshake with remote host after tcp
/// connection established. Set to 5 second by default.
/// Sets TLS handshake timeout.
///
/// This is the max time allowed to perform the TLS handshake with remote host after TCP
/// connection is established.
///
/// By default, the timeout is 5 seconds.
pub fn handshake_timeout(mut self, timeout: Duration) -> Self {
self.config.handshake_timeout = timeout;
self
}
/// Use custom OpenSSL `SslConnector` instance.
/// Sets custom OpenSSL `SslConnector` instance.
#[cfg(feature = "openssl")]
pub fn openssl(
mut self,
@@ -191,13 +243,23 @@ where
self
}
/// Use custom Rustls `ClientConfig` instance.
#[cfg(feature = "rustls")]
/// Sets custom Rustls v0.20 `ClientConfig` instance.
#[cfg(feature = "rustls-0_20")]
pub fn rustls(
mut self,
connector: std::sync::Arc<actix_tls::connect::rustls::reexports::ClientConfig>,
connector: std::sync::Arc<actix_tls::connect::rustls_0_20::reexports::ClientConfig>,
) -> Self {
self.tls = OurTlsConnector::Rustls(connector);
self.tls = OurTlsConnector::Rustls020(connector);
self
}
/// Sets custom Rustls v0.21 `ClientConfig` instance.
#[cfg(feature = "rustls-0_21")]
pub fn rustls_021(
mut self,
connector: std::sync::Arc<actix_tls::connect::rustls_0_21::reexports::ClientConfig>,
) -> Self {
self.tls = OurTlsConnector::Rustls021(connector);
self
}
@@ -212,12 +274,12 @@ where
unimplemented!("actix-http client only supports versions http/1.1 & http/2")
}
};
self.tls = Connector::build_ssl(versions);
self.tls = Connector::build_tls(versions);
self
}
/// Sets the initial window size (in octets) for HTTP/2 stream-level flow control for
/// received data.
/// Sets the initial window size (in bytes) for HTTP/2 stream-level flow control for received
/// data.
///
/// The default value is 65,535 and is good for APIs, but not for big objects.
pub fn initial_window_size(mut self, size: u32) -> Self {
@@ -225,7 +287,7 @@ where
self
}
/// Sets the initial window size (in octets) for HTTP/2 connection-level flow control for
/// Sets the initial window size (in bytes) for HTTP/2 connection-level flow control for
/// received data.
///
/// The default value is 65,535 and is good for APIs, but not for big objects.
@@ -405,11 +467,44 @@ where
unreachable!("OpenSSL builder is built before this match.");
}
#[cfg(feature = "rustls")]
OurTlsConnector::Rustls(tls) => {
#[cfg(feature = "rustls-0_20")]
OurTlsConnector::Rustls020(tls) => {
const H2: &[u8] = b"h2";
use actix_tls::connect::rustls::{reexports::AsyncTlsStream, TlsConnector};
use actix_tls::connect::rustls_0_20::{reexports::AsyncTlsStream, TlsConnector};
impl<Io: ConnectionIo> IntoConnectionIo for TcpConnection<Uri, AsyncTlsStream<Io>> {
fn into_connection_io(self) -> (Box<dyn ConnectionIo>, Protocol) {
let sock = self.into_parts().0;
let h2 = sock
.get_ref()
.1
.alpn_protocol()
.map_or(false, |protos| protos.windows(2).any(|w| w == H2));
if h2 {
(Box::new(sock), Protocol::Http2)
} else {
(Box::new(sock), Protocol::Http1)
}
}
}
let handshake_timeout = self.config.handshake_timeout;
let tls_service = TlsConnectorService {
tcp_service: tcp_service_inner,
tls_service: TlsConnector::service(tls),
timeout: handshake_timeout,
};
Some(actix_service::boxed::rc_service(tls_service))
}
#[cfg(feature = "rustls-0_21")]
OurTlsConnector::Rustls021(tls) => {
const H2: &[u8] = b"h2";
use actix_tls::connect::rustls_0_21::{reexports::AsyncTlsStream, TlsConnector};
impl<Io: ConnectionIo> IntoConnectionIo for TcpConnection<Uri, AsyncTlsStream<Io>> {
fn into_connection_io(self) -> (Box<dyn ConnectionIo>, Protocol) {