add rustls support for actix-http and awc (#998)

* add rustls support for actix-http and awc

* fix features conflict

* remove unnecessary duplication

* test server with rust-tls

* fix

* test rustls

* awc rustls test

* format

* tests

* fix dependencies

* fixes and add changes

* remove test-server and Cargo.toml dev-dependencies changes

* cargo fmt

awc/CHANGES.md

@@ -1,5 +1,9 @@
 # Changes
 
+## [0.2.3] - 2019-07-xx
+
+* Add `rustls` support
+
 ## [0.2.2] - 2019-07-01
 
 ### Changed

awc/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "awc"
-version = "0.2.2"
+version = "0.2.3"
 authors = ["Nikolay Kim <fafhrd91@gmail.com>"]
 description = "Actix http client."
 readme = "README.md"
@@ -29,6 +29,9 @@ default = ["brotli", "flate2-zlib"]
 # openssl
 ssl = ["openssl", "actix-http/ssl"]
 
+# rustls
+rust-tls = ["rustls", "actix-http/rust-tls"]
+
 # brotli encoding, requires c compiler
 brotli = ["actix-http/brotli"]
 
@@ -41,7 +44,7 @@ flate2-rust = ["actix-http/flate2-rust"]
 [dependencies]
 actix-codec = "0.1.2"
 actix-service = "0.4.1"
-actix-http = "0.2.4"
+actix-http = "0.2.8"
 base64 = "0.10.1"
 bytes = "0.4"
 derive_more = "0.15.0"
@@ -55,6 +58,7 @@ serde_json = "1.0"
 serde_urlencoded = "0.5.3"
 tokio-timer = "0.2.8"
 openssl = { version="0.10", optional = true }
+rustls = { version = "0.15.2", optional = true }
 
 [dev-dependencies]
 actix-rt = "0.2.2"
@@ -62,9 +66,11 @@ actix-web = { version = "1.0.0", features=["ssl"] }
 actix-http = { version = "0.2.4", features=["ssl"] }
 actix-http-test = { version = "0.2.0", features=["ssl"] }
 actix-utils = "0.4.1"
-actix-server = { version = "0.5.1", features=["ssl"] }
+actix-server = { version = "0.6.0", features=["ssl", "rust-tls"] }
 brotli2 = { version="0.3.2" }
 flate2 = { version="1.0.2" }
 env_logger = "0.6"
 rand = "0.7"
 tokio-tcp = "0.1"
+webpki = "0.19"
+rustls = { version = "0.15.2", features = ["dangerous_configuration"] }

awc/tests/test_client.rs

@@ -12,11 +12,10 @@ use flate2::Compression;
 use futures::Future;
 use rand::Rng;
 
-use actix_codec::{AsyncRead, AsyncWrite};
 use actix_http::HttpService;
 use actix_http_test::TestServer;
 use actix_service::{service_fn, NewService};
-use actix_web::http::{Cookie, Version};
+use actix_web::http::Cookie;
 use actix_web::middleware::{BodyEncoding, Compress};
 use actix_web::{http::header, web, App, Error, HttpMessage, HttpRequest, HttpResponse};
 use awc::error::SendRequestError;
@@ -43,30 +42,6 @@ const STR: &str = "Hello World Hello World Hello World Hello World Hello World \
                    Hello World Hello World Hello World Hello World Hello World \
                    Hello World Hello World Hello World Hello World Hello World";
 
-#[cfg(feature = "ssl")]
-fn ssl_acceptor<T: AsyncRead + AsyncWrite>(
-) -> std::io::Result<actix_server::ssl::OpensslAcceptor<T, ()>> {
-    use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod};
-    // load ssl keys
-    let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
-    builder
-        .set_private_key_file("../tests/key.pem", SslFiletype::PEM)
-        .unwrap();
-    builder
-        .set_certificate_chain_file("../tests/cert.pem")
-        .unwrap();
-    builder.set_alpn_select_callback(|_, protos| {
-        const H2: &[u8] = b"\x02h2";
-        if protos.windows(3).any(|window| window == H2) {
-            Ok(b"h2")
-        } else {
-            Err(openssl::ssl::AlpnError::NOACK)
-        }
-    });
-    builder.set_alpn_protos(b"\x02h2")?;
-    Ok(actix_server::ssl::OpensslAcceptor::new(builder.build()))
-}
-
 #[test]
 fn test_simple() {
     let mut srv =
@@ -207,60 +182,6 @@ fn test_connection_reuse() {
     assert_eq!(num.load(Ordering::Relaxed), 1);
 }
 
-#[cfg(feature = "ssl")]
-#[test]
-fn test_connection_reuse_h2() {
-    let openssl = ssl_acceptor().unwrap();
-    let num = Arc::new(AtomicUsize::new(0));
-    let num2 = num.clone();
-
-    let mut srv = TestServer::new(move || {
-        let num2 = num2.clone();
-        service_fn(move |io| {
-            num2.fetch_add(1, Ordering::Relaxed);
-            Ok(io)
-        })
-        .and_then(
-            openssl
-                .clone()
-                .map_err(|e| println!("Openssl error: {}", e)),
-        )
-        .and_then(
-            HttpService::build()
-                .h2(App::new()
-                    .service(web::resource("/").route(web::to(|| HttpResponse::Ok()))))
-                .map_err(|_| ()),
-        )
-    });
-
-    // disable ssl verification
-    use openssl::ssl::{SslConnector, SslMethod, SslVerifyMode};
-
-    let mut builder = SslConnector::builder(SslMethod::tls()).unwrap();
-    builder.set_verify(SslVerifyMode::NONE);
-    let _ = builder
-        .set_alpn_protos(b"\x02h2\x08http/1.1")
-        .map_err(|e| log::error!("Can not set alpn protocol: {:?}", e));
-
-    let client = awc::Client::build()
-        .connector(awc::Connector::new().ssl(builder.build()).finish())
-        .finish();
-
-    // req 1
-    let request = client.get(srv.surl("/")).send();
-    let response = srv.block_on(request).unwrap();
-    assert!(response.status().is_success());
-
-    // req 2
-    let req = client.post(srv.surl("/"));
-    let response = srv.block_on_fn(move || req.send()).unwrap();
-    assert!(response.status().is_success());
-    assert_eq!(response.version(), Version::HTTP_2);
-
-    // one connection
-    assert_eq!(num.load(Ordering::Relaxed), 1);
-}
-
 #[test]
 fn test_connection_force_close() {
     let num = Arc::new(AtomicUsize::new(0));

awc/tests/test_rustls_client.rs

@@ -0,0 +1,96 @@
+#![cfg(feature = "rust-tls")]
+use rustls::{
+    internal::pemfile::{certs, pkcs8_private_keys},
+    ClientConfig, NoClientAuth,
+};
+
+use std::fs::File;
+use std::io::{BufReader, Result};
+use std::sync::atomic::{AtomicUsize, Ordering};
+use std::sync::Arc;
+
+use actix_codec::{AsyncRead, AsyncWrite};
+use actix_http::HttpService;
+use actix_http_test::TestServer;
+use actix_server::ssl::RustlsAcceptor;
+use actix_service::{service_fn, NewService};
+use actix_web::http::Version;
+use actix_web::{web, App, HttpResponse};
+
+fn ssl_acceptor<T: AsyncRead + AsyncWrite>() -> Result<RustlsAcceptor<T, ()>> {
+    use rustls::ServerConfig;
+    // load ssl keys
+    let mut config = ServerConfig::new(NoClientAuth::new());
+    let cert_file = &mut BufReader::new(File::open("../tests/cert.pem").unwrap());
+    let key_file = &mut BufReader::new(File::open("../tests/key.pem").unwrap());
+    let cert_chain = certs(cert_file).unwrap();
+    let mut keys = pkcs8_private_keys(key_file).unwrap();
+    config.set_single_cert(cert_chain, keys.remove(0)).unwrap();
+    let protos = vec![b"h2".to_vec()];
+    config.set_protocols(&protos);
+    Ok(RustlsAcceptor::new(config))
+}
+
+mod danger {
+    pub struct NoCertificateVerification {}
+
+    impl rustls::ServerCertVerifier for NoCertificateVerification {
+        fn verify_server_cert(
+            &self,
+            _roots: &rustls::RootCertStore,
+            _presented_certs: &[rustls::Certificate],
+            _dns_name: webpki::DNSNameRef<'_>,
+            _ocsp: &[u8],
+        ) -> Result<rustls::ServerCertVerified, rustls::TLSError> {
+            Ok(rustls::ServerCertVerified::assertion())
+        }
+    }
+}
+
+#[test]
+fn test_connection_reuse_h2() {
+    let rustls = ssl_acceptor().unwrap();
+    let num = Arc::new(AtomicUsize::new(0));
+    let num2 = num.clone();
+
+    let mut srv = TestServer::new(move || {
+        let num2 = num2.clone();
+        service_fn(move |io| {
+            num2.fetch_add(1, Ordering::Relaxed);
+            Ok(io)
+        })
+        .and_then(rustls.clone().map_err(|e| println!("Rustls error: {}", e)))
+        .and_then(
+            HttpService::build()
+                .h2(App::new()
+                    .service(web::resource("/").route(web::to(|| HttpResponse::Ok()))))
+                .map_err(|_| ()),
+        )
+    });
+
+    // disable ssl verification
+    let mut config = ClientConfig::new();
+    let protos = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
+    config.set_protocols(&protos);
+    config
+        .dangerous()
+        .set_certificate_verifier(Arc::new(danger::NoCertificateVerification {}));
+
+    let client = awc::Client::build()
+        .connector(awc::Connector::new().rustls(Arc::new(config)).finish())
+        .finish();
+
+    // req 1
+    let request = client.get(srv.surl("/")).send();
+    let response = srv.block_on(request).unwrap();
+    assert!(response.status().is_success());
+
+    // req 2
+    let req = client.post(srv.surl("/"));
+    let response = srv.block_on_fn(move || req.send()).unwrap();
+    assert!(response.status().is_success());
+    assert_eq!(response.version(), Version::HTTP_2);
+
+    // one connection
+    assert_eq!(num.load(Ordering::Relaxed), 1);
+}

awc/tests/test_ssl_client.rs

@@ -0,0 +1,86 @@
+#![cfg(feature = "ssl")]
+use openssl::ssl::{SslAcceptor, SslConnector, SslFiletype, SslMethod, SslVerifyMode};
+
+use std::io::Result;
+use std::sync::atomic::{AtomicUsize, Ordering};
+use std::sync::Arc;
+
+use actix_codec::{AsyncRead, AsyncWrite};
+use actix_http::HttpService;
+use actix_http_test::TestServer;
+use actix_server::ssl::OpensslAcceptor;
+use actix_service::{service_fn, NewService};
+use actix_web::http::Version;
+use actix_web::{web, App, HttpResponse};
+
+fn ssl_acceptor<T: AsyncRead + AsyncWrite>() -> Result<OpensslAcceptor<T, ()>> {
+    // load ssl keys
+    let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
+    builder
+        .set_private_key_file("../tests/key.pem", SslFiletype::PEM)
+        .unwrap();
+    builder
+        .set_certificate_chain_file("../tests/cert.pem")
+        .unwrap();
+    builder.set_alpn_select_callback(|_, protos| {
+        const H2: &[u8] = b"\x02h2";
+        if protos.windows(3).any(|window| window == H2) {
+            Ok(b"h2")
+        } else {
+            Err(openssl::ssl::AlpnError::NOACK)
+        }
+    });
+    builder.set_alpn_protos(b"\x02h2")?;
+    Ok(actix_server::ssl::OpensslAcceptor::new(builder.build()))
+}
+
+#[test]
+fn test_connection_reuse_h2() {
+    let openssl = ssl_acceptor().unwrap();
+    let num = Arc::new(AtomicUsize::new(0));
+    let num2 = num.clone();
+
+    let mut srv = TestServer::new(move || {
+        let num2 = num2.clone();
+        service_fn(move |io| {
+            num2.fetch_add(1, Ordering::Relaxed);
+            Ok(io)
+        })
+        .and_then(
+            openssl
+                .clone()
+                .map_err(|e| println!("Openssl error: {}", e)),
+        )
+        .and_then(
+            HttpService::build()
+                .h2(App::new()
+                    .service(web::resource("/").route(web::to(|| HttpResponse::Ok()))))
+                .map_err(|_| ()),
+        )
+    });
+
+    // disable ssl verification
+    let mut builder = SslConnector::builder(SslMethod::tls()).unwrap();
+    builder.set_verify(SslVerifyMode::NONE);
+    let _ = builder
+        .set_alpn_protos(b"\x02h2\x08http/1.1")
+        .map_err(|e| log::error!("Can not set alpn protocol: {:?}", e));
+
+    let client = awc::Client::build()
+        .connector(awc::Connector::new().ssl(builder.build()).finish())
+        .finish();
+
+    // req 1
+    let request = client.get(srv.surl("/")).send();
+    let response = srv.block_on(request).unwrap();
+    assert!(response.status().is_success());
+
+    // req 2
+    let req = client.post(srv.surl("/"));
+    let response = srv.block_on_fn(move || req.send()).unwrap();
+    assert!(response.status().is_success());
+    assert_eq!(response.version(), Version::HTTP_2);
+
+    // one connection
+    assert_eq!(num.load(Ordering::Relaxed), 1);
+}