chore(actix-http-test): prepare release 3.2.0

* Add From impl for header map references

* Add From impl for header map references

* Remove Into<HeaderMap> via http::HeaderMap

* fix changelog

---------

Co-authored-by: SleeplessOne1917 <insomnia-void@protonmail.com>
Co-authored-by: Rob Ede <robjtede@icloud.com>

.cargo/config.toml

@@ -1,6 +1,6 @@
 [alias]
-lint = "clippy --workspace --tests --examples --bins -- -Dclippy::todo"
+lint = "clippy --workspace --all-targets -- -Dclippy::todo"
-lint-all = "clippy --workspace --all-features --tests --examples --bins -- -Dclippy::todo"
+lint-all = "clippy --workspace --all-features --all-targets -- -Dclippy::todo"
 
 # lib checking
 ci-check-min = "hack --workspace check --no-default-features"

.github/workflows/ci-post-merge.yml

@@ -32,22 +32,22 @@ jobs:
 
       - name: Install OpenSSL
         if: matrix.target.os == 'windows-latest'
-        run: choco install openssl -y --forcex64 --no-progress
+        shell: bash
-      - name: Set OpenSSL dir in env
-        if: matrix.target.os == 'windows-latest'
         run: |
-          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL-Win64' | Out-File -FilePath $env:GITHUB_ENV -Append
+          set -e
-          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL' | Out-File -FilePath $env:GITHUB_ENV -Append
+          choco install openssl --version=1.1.1.2100 -y --no-progress
+          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL' >> $GITHUB_ENV
+          echo "RUSTFLAGS=-C target-feature=+crt-static" >> $GITHUB_ENV
 
       - name: Install Rust (${{ matrix.version.name }})
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
         with:
           toolchain: ${{ matrix.version.version }}
 
-      - name: Install cargo-hack
+      - name: Install cargo-hack and cargo-ci-cache-clean
-        uses: taiki-e/install-action@v2.23.7
+        uses: taiki-e/install-action@v2.26.8
         with:
-          tool: cargo-hack
+          tool: cargo-hack,cargo-ci-cache-clean
 
       - name: check minimal
         run: cargo ci-check-min
@@ -57,10 +57,12 @@ jobs:
 
       - name: tests
         timeout-minutes: 60
+        shell: bash
         run: |
+          set -e
           cargo test --lib --tests -p=actix-router --all-features
           cargo test --lib --tests -p=actix-http --all-features
-          cargo test --lib --tests -p=actix-web --features=rustls-0_20,rustls-0_21,openssl -- --skip=test_reading_deflate_encoding_large_random_rustls
+          cargo test --lib --tests -p=actix-web --features=rustls-0_20,rustls-0_21,rustls-0_22,openssl -- --skip=test_reading_deflate_encoding_large_random_rustls
           cargo test --lib --tests -p=actix-web-codegen --all-features
           cargo test --lib --tests -p=awc --all-features
           cargo test --lib --tests -p=actix-http-test --all-features
@@ -69,10 +71,8 @@ jobs:
           cargo test --lib --tests -p=actix-multipart --all-features
           cargo test --lib --tests -p=actix-web-actors --all-features
 
-      - name: Clear the cargo caches
+      - name: CI cache clean
-        run: |
+        run: cargo-ci-cache-clean
-          cargo --locked install cargo-cache --version 0.8.3 --no-default-features --features ci-autoclean
-          cargo-cache
 
   ci_feature_powerset_check:
     name: Verify Feature Combinations
@@ -82,10 +82,10 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
 
       - name: Install cargo-hack
-        uses: taiki-e/install-action@v2.23.7
+        uses: taiki-e/install-action@v2.26.8
         with:
           tool: cargo-hack
 
@@ -103,10 +103,10 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
 
       - name: Install nextest
-        uses: taiki-e/install-action@v2.23.7
+        uses: taiki-e/install-action@v2.26.8
         with:
           tool: nextest
 

.github/workflows/ci.yml

@@ -37,26 +37,28 @@ jobs:
 
       - name: Install OpenSSL
         if: matrix.target.os == 'windows-latest'
-        run: choco install openssl -y --forcex64 --no-progress
+        shell: bash
-      - name: Set OpenSSL dir in env
-        if: matrix.target.os == 'windows-latest'
         run: |
-          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL-Win64' | Out-File -FilePath $env:GITHUB_ENV -Append
+          set -e
-          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL' | Out-File -FilePath $env:GITHUB_ENV -Append
+          choco install openssl --version=1.1.1.2100 -y --no-progress
+          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL' >> $GITHUB_ENV
+          echo "RUSTFLAGS=-C target-feature=+crt-static" >> $GITHUB_ENV
 
       - name: Install Rust (${{ matrix.version.name }})
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
         with:
           toolchain: ${{ matrix.version.version }}
 
-      - name: Install cargo-hack
+      - name: Install cargo-hack and cargo-ci-cache-clean
-        uses: taiki-e/install-action@v2.23.7
+        uses: taiki-e/install-action@v2.26.8
         with:
-          tool: cargo-hack
+          tool: cargo-hack,cargo-ci-cache-clean
 
       - name: workaround MSRV issues
         if: matrix.version.name == 'msrv'
         run: |
+          cargo update -p=ciborium --precise=0.2.1
+          cargo update -p=ciborium-ll --precise=0.2.1
           cargo update -p=clap --precise=4.3.24
           cargo update -p=clap_lex --precise=0.5.0
           cargo update -p=anstyle --precise=1.0.2
@@ -69,10 +71,12 @@ jobs:
 
       - name: tests
         timeout-minutes: 60
+        shell: bash
         run: |
+          set -e
           cargo test --lib --tests -p=actix-router --all-features
           cargo test --lib --tests -p=actix-http --all-features
-          cargo test --lib --tests -p=actix-web --features=rustls-0_20,rustls-0_21,openssl -- --skip=test_reading_deflate_encoding_large_random_rustls
+          cargo test --lib --tests -p=actix-web --features=rustls-0_20,rustls-0_21,rustls-0_22,openssl -- --skip=test_reading_deflate_encoding_large_random_rustls
           cargo test --lib --tests -p=actix-web-codegen --all-features
           cargo test --lib --tests -p=awc --all-features
           cargo test --lib --tests -p=actix-http-test --all-features
@@ -81,10 +85,8 @@ jobs:
           cargo test --lib --tests -p=actix-multipart --all-features
           cargo test --lib --tests -p=actix-web-actors --all-features
 
-      - name: Clear the cargo caches
+      - name: CI cache clean
-        run: |
+        run: cargo-ci-cache-clean
-          cargo --locked install cargo-cache --version 0.8.3 --no-default-features --features ci-autoclean
-          cargo-cache
 
   io-uring:
     name: io-uring tests
@@ -93,7 +95,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
         with:
           toolchain: nightly
 
@@ -109,7 +111,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
         with:
           toolchain: nightly
 

.github/workflows/coverage.yml

@@ -18,12 +18,12 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
         with:
           components: llvm-tools-preview
 
       - name: Install cargo-llvm-cov
-        uses: taiki-e/install-action@v2.23.7
+        uses: taiki-e/install-action@v2.26.8
         with:
           tool: cargo-llvm-cov
 
@@ -31,7 +31,9 @@ jobs:
         run: cargo llvm-cov --workspace --all-features --codecov --output-path codecov.json
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3.1.4
+        uses: codecov/codecov-action@v4.0.0
         with:
           files: codecov.json
           fail_ci_if_error: true
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/lint.yml

@@ -17,12 +17,13 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+      - name: Install Rust (nightly)
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
         with:
           toolchain: nightly
           components: rustfmt
 
-      - name: Check with rustfmt
+      - name: Check with Rustfmt
         run: cargo fmt --all -- --check
 
   clippy:
@@ -35,7 +36,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
         with:
           components: clippy
 
@@ -53,7 +54,8 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+      - name: Install Rust (nightly)
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
         with:
           toolchain: nightly
           components: rust-docs
@@ -66,21 +68,25 @@ jobs:
   public-api-diff:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout main branch
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.base_ref }}
 
-      - uses: actions/checkout@v4
+      - name: Checkout PR branch
+        uses: actions/checkout@v4
 
-      - uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+      - name: Install Rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
         with:
           toolchain: nightly-2023-08-25
 
-      - uses: taiki-e/cache-cargo-install-action@v1.3.0
+      - name: Install cargo-public-api
+        uses: taiki-e/install-action@v2.26.8
         with:
           tool: cargo-public-api
 
-      - name: generate API diff
+      - name: Generate API diff
         run: |
           for f in $(find -mindepth 2 -maxdepth 2 -name Cargo.toml); do
             cargo public-api --manifest-path "$f" diff ${{ github.event.pull_request.base.sha }}..${{ github.sha }}

.github/workflows/upload-doc.yml

@@ -22,7 +22,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
         with:
           toolchain: nightly
 

.prettierrc.yml

@@ -1,5 +1,5 @@
 overrides:
-  - files: '*.md'
+  - files: "*.md"
     options:
       printWidth: 9999
       proseWrap: never

actix-files/CHANGES.md

@@ -2,6 +2,10 @@
 
 ## Unreleased
 
+## 0.6.5
+
+- Fix handling of special characters in filenames.
+
 ## 0.6.4
 
 - Fix handling of newlines in filenames.

actix-files/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "actix-files"
-version = "0.6.4"
+version = "0.6.5"
 authors = [
     "Nikolay Kim <fafhrd91@gmail.com>",
     "Rob Ede <robjtede@icloud.com>",

actix-files/README.md

@@ -1,18 +1,32 @@
-# actix-files
+# `actix-files`
 
-> Static file serving for Actix Web
+<!-- prettier-ignore-start -->
 
 [![crates.io](https://img.shields.io/crates/v/actix-files?label=latest)](https://crates.io/crates/actix-files)
-[![Documentation](https://docs.rs/actix-files/badge.svg?version=0.6.4)](https://docs.rs/actix-files/0.6.4)
+[![Documentation](https://docs.rs/actix-files/badge.svg?version=0.6.5)](https://docs.rs/actix-files/0.6.5)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
 ![License](https://img.shields.io/crates/l/actix-files.svg)
 <br />
-[![dependency status](https://deps.rs/crate/actix-files/0.6.4/status.svg)](https://deps.rs/crate/actix-files/0.6.4)
+[![dependency status](https://deps.rs/crate/actix-files/0.6.5/status.svg)](https://deps.rs/crate/actix-files/0.6.5)
 [![Download](https://img.shields.io/crates/d/actix-files.svg)](https://crates.io/crates/actix-files)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)
 
-## Documentation & Resources
+<!-- prettier-ignore-end -->
 
-- [API Documentation](https://docs.rs/actix-files)
+<!-- cargo-rdme start -->
-- [Example Project](https://github.com/actix/examples/tree/master/basics/static-files)
+
-- Minimum Supported Rust Version (MSRV): 1.68
+Static file serving for Actix Web.
+
+Provides a non-blocking service for serving static files from disk.
+
+## Examples
+
+```rust
+use actix_web::App;
+use actix_files::Files;
+
+let app = App::new()
+    .service(Files::new("/static", ".").prefer_utf8(true));
+```
+
+<!-- cargo-rdme end -->

actix-files/src/lib.rs

@@ -568,19 +568,22 @@ mod tests {
         assert_eq!(bytes, data);
     }
 
+    #[cfg(not(target_os = "windows"))]
     #[actix_rt::test]
-    async fn test_static_files_with_newlines() {
+    async fn test_static_files_with_special_characters() {
         // Create the file we want to test against ad-hoc. We can't check it in as otherwise
         // Windows can't even checkout this repository.
         let temp_dir = tempfile::tempdir().unwrap();
-        let file_with_newlines = temp_dir.path().join("test\nnewline.text");
+        let file_with_newlines = temp_dir.path().join("test\n\x0B\x0C\rnewline.text");
         fs::write(&file_with_newlines, "Look at my newlines").unwrap();
 
         let srv = test::init_service(
             App::new().service(Files::new("/", temp_dir.path()).index_file("Cargo.toml")),
         )
         .await;
-        let request = TestRequest::get().uri("/test%0Anewline.text").to_request();
+        let request = TestRequest::get()
+            .uri("/test%0A%0B%0C%0Dnewline.text")
+            .to_request();
         let response = test::call_service(&srv, request).await;
         assert_eq!(response.status(), StatusCode::OK);
 

actix-files/src/named.rs

@@ -139,8 +139,12 @@ impl NamedFile {
                 _ => DispositionType::Attachment,
             };
 
-            // Replace newlines in filenames which could occur on some filesystems.
+            // replace special characters in filenames which could occur on some filesystems
-            let filename_s = filename.replace('\n', "%0A");
+            let filename_s = filename
+                .replace('\n', "%0A") // \n line break
+                .replace('\x0B', "%0B") // \v vertical tab
+                .replace('\x0C', "%0C") // \f form feed
+                .replace('\r', "%0D"); // \r carriage return
             let mut parameters = vec![DispositionParam::Filename(filename_s)];
 
             if !filename.is_ascii() {

actix-http-test/CHANGES.md

@@ -2,6 +2,8 @@
 
 ## Unreleased
 
+## 3.2.0
+
 - Minimum supported Rust version (MSRV) is now 1.68 due to transitive `time` dependency.
 
 ## 3.1.0

actix-http-test/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "actix-http-test"
-version = "3.1.0"
+version = "3.2.0"
 authors = ["Nikolay Kim <fafhrd91@gmail.com>"]
 description = "Various helpers for Actix applications to use during testing"
 keywords = ["http", "web", "framework", "async", "futures"]

actix-http-test/README.md

@@ -1,16 +1,20 @@
-# actix-http-test
+# `actix-http-test`
 
 > Various helpers for Actix applications to use during testing.
 
+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-http-test?label=latest)](https://crates.io/crates/actix-http-test)
-[![Documentation](https://docs.rs/actix-http-test/badge.svg?version=3.1.0)](https://docs.rs/actix-http-test/3.1.0)
+[![Documentation](https://docs.rs/actix-http-test/badge.svg?version=3.2.0)](https://docs.rs/actix-http-test/3.2.0)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
 ![MIT or Apache 2.0 licensed](https://img.shields.io/crates/l/actix-http-test)
 <br>
-[![Dependency Status](https://deps.rs/crate/actix-http-test/3.1.0/status.svg)](https://deps.rs/crate/actix-http-test/3.1.0)
+[![Dependency Status](https://deps.rs/crate/actix-http-test/3.2.0/status.svg)](https://deps.rs/crate/actix-http-test/3.2.0)
 [![Download](https://img.shields.io/crates/d/actix-http-test.svg)](https://crates.io/crates/actix-http-test)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)
 
+<!-- prettier-ignore-end -->
+
 ## Documentation & Resources
 
 - [API Documentation](https://docs.rs/actix-http-test)

actix-http/CHANGES.md

@@ -2,6 +2,14 @@
 
 ## Unreleased
 
+## 3.6.0
+
+### Added
+
+- Add `rustls-0_22` crate feature.
+- Add `{h1::H1Service, h2::H2Service, HttpService}::rustls_0_22()` and `HttpService::rustls_0_22_with_config()` service constructors.
+- Implement `From<&HeaderMap>` for `http::HeaderMap`.
+
 ## 3.5.1
 
 ### Fixed

actix-http/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "actix-http"
-version = "3.5.1"
+version = "3.6.0"
 authors = [
     "Nikolay Kim <fafhrd91@gmail.com>",
     "Rob Ede <robjtede@icloud.com>",
@@ -20,8 +20,18 @@ edition.workspace = true
 rust-version.workspace = true
 
 [package.metadata.docs.rs]
-# features that docs.rs will build with
+rustdoc-args = ["--cfg", "docsrs"]
-features = ["http2", "ws", "openssl", "rustls-0_20", "rustls-0_21", "compress-brotli", "compress-gzip", "compress-zstd"]
+features = [
+    "http2",
+    "ws",
+    "openssl",
+    "rustls-0_20",
+    "rustls-0_21",
+    "rustls-0_22",
+    "compress-brotli",
+    "compress-gzip",
+    "compress-zstd",
+]
 
 [lib]
 name = "actix_http"
@@ -53,6 +63,9 @@ rustls-0_20 = ["actix-tls/accept", "actix-tls/rustls-0_20"]
 # TLS via Rustls v0.21
 rustls-0_21 = ["actix-tls/accept", "actix-tls/rustls-0_21"]
 
+# TLS via Rustls v0.22
+rustls-0_22 = ["actix-tls/accept", "actix-tls/rustls-0_22"]
+
 # Compression codecs
 compress-brotli = ["__compress", "brotli"]
 compress-gzip   = ["__compress", "flate2"]
@@ -89,7 +102,7 @@ tokio-util = { version = "0.7", features = ["io", "codec"] }
 tracing = { version = "0.1.30", default-features = false, features = ["log"] }
 
 # http2
-h2 = { version = "0.3.17", optional = true }
+h2 = { version = "0.3.24", optional = true }
 
 # websockets
 local-channel = { version = "0.1", optional = true }
@@ -98,7 +111,7 @@ rand = { version = "0.8", optional = true }
 sha1 = { version = "0.10", optional = true }
 
 # openssl/rustls
-actix-tls = { version = "3.1", default-features = false, optional = true }
+actix-tls = { version = "3.3", default-features = false, optional = true }
 
 # compress-*
 brotli = { version = "3.3.3", optional = true }
@@ -108,7 +121,7 @@ zstd = { version = "0.13", optional = true }
 [dev-dependencies]
 actix-http-test = { version = "3", features = ["openssl"] }
 actix-server = "2"
-actix-tls = { version = "3.1", features = ["openssl"] }
+actix-tls = { version = "3.3", features = ["openssl", "rustls-0_22-webpki-roots"] }
 actix-web = "4"
 
 async-stream = "0.3"
@@ -117,24 +130,24 @@ env_logger = "0.10"
 futures-util = { version = "0.3.17", default-features = false, features = ["alloc"] }
 memchr = "2.4"
 once_cell = "1.9"
-rcgen = "0.11"
+rcgen = "0.12"
 regex = "1.3"
 rustversion = "1"
-rustls-pemfile = "1"
+rustls-pemfile = "2"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 static_assertions = "1"
 tls-openssl = { package = "openssl", version = "0.10.55" }
-tls-rustls_021 = { package = "rustls", version = "0.21" }
+tls-rustls_022 = { package = "rustls", version = "0.22" }
 tokio = { version = "1.24.2", features = ["net", "rt", "macros"] }
 
 [[example]]
 name = "ws"
-required-features = ["ws", "rustls-0_21"]
+required-features = ["ws", "rustls-0_22"]
 
 [[example]]
 name = "tls_rustls"
-required-features = ["http2", "rustls-0_21"]
+required-features = ["http2", "rustls-0_22"]
 
 [[bench]]
 name = "response-body-compression"

actix-http/README.md

@@ -5,11 +5,11 @@
 <!-- prettier-ignore-start -->
 
 [![crates.io](https://img.shields.io/crates/v/actix-http?label=latest)](https://crates.io/crates/actix-http)
-[![Documentation](https://docs.rs/actix-http/badge.svg?version=3.5.1)](https://docs.rs/actix-http/3.5.1)
+[![Documentation](https://docs.rs/actix-http/badge.svg?version=3.6.0)](https://docs.rs/actix-http/3.6.0)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
 ![MIT or Apache 2.0 licensed](https://img.shields.io/crates/l/actix-http.svg)
 <br />
-[![dependency status](https://deps.rs/crate/actix-http/3.5.1/status.svg)](https://deps.rs/crate/actix-http/3.5.1)
+[![dependency status](https://deps.rs/crate/actix-http/3.6.0/status.svg)](https://deps.rs/crate/actix-http/3.6.0)
 [![Download](https://img.shields.io/crates/d/actix-http.svg)](https://crates.io/crates/actix-http)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)
 

actix-http/examples/tls_rustls.rs

@@ -12,7 +12,7 @@
 //! Protocol: HTTP/1.1
 //! ```
 
-extern crate tls_rustls_021 as rustls;
+extern crate tls_rustls_022 as rustls;
 
 use std::io;
 
@@ -36,7 +36,7 @@ async fn main() -> io::Result<()> {
                     );
                     ok::<_, Error>(Response::ok().set_body(body))
                 })
-                .rustls_021(rustls_config())
+                .rustls_0_22(rustls_config())
         })?
         .run()
         .await
@@ -51,16 +51,18 @@ fn rustls_config() -> rustls::ServerConfig {
     let key_file = &mut io::BufReader::new(key_file.as_bytes());
 
     let cert_chain = rustls_pemfile::certs(cert_file)
-        .unwrap()
+        .collect::<Result<Vec<_>, _>>()
-        .into_iter()
+        .unwrap();
-        .map(rustls::Certificate)
+    let mut keys = rustls_pemfile::pkcs8_private_keys(key_file)
-        .collect();
+        .collect::<Result<Vec<_>, _>>()
-    let mut keys = rustls_pemfile::pkcs8_private_keys(key_file).unwrap();
+        .unwrap();
 
     let mut config = rustls::ServerConfig::builder()
-        .with_safe_defaults()
         .with_no_client_auth()
-        .with_single_cert(cert_chain, rustls::PrivateKey(keys.remove(0)))
+        .with_single_cert(
+            cert_chain,
+            rustls::pki_types::PrivateKeyDer::Pkcs8(keys.remove(0)),
+        )
         .unwrap();
 
     const H1_ALPN: &[u8] = b"http/1.1";

actix-http/examples/ws.rs

@@ -1,7 +1,7 @@
 //! Sets up a WebSocket server over TCP and TLS.
 //! Sends a heartbeat message every 4 seconds but does not respond to any incoming frames.
 
-extern crate tls_rustls_021 as rustls;
+extern crate tls_rustls_022 as rustls;
 
 use std::{
     io,
@@ -30,7 +30,7 @@ async fn main() -> io::Result<()> {
         .bind("tls", ("127.0.0.1", 8443), || {
             HttpService::build()
                 .finish(handler)
-                .rustls_021(tls_config())
+                .rustls_0_22(tls_config())
         })?
         .run()
         .await
@@ -85,7 +85,6 @@ impl Stream for Heartbeat {
 fn tls_config() -> rustls::ServerConfig {
     use std::io::BufReader;
 
-    use rustls::{Certificate, PrivateKey};
     use rustls_pemfile::{certs, pkcs8_private_keys};
 
     let cert = rcgen::generate_simple_self_signed(vec!["localhost".to_owned()]).unwrap();
@@ -95,17 +94,17 @@ fn tls_config() -> rustls::ServerConfig {
     let cert_file = &mut BufReader::new(cert_file.as_bytes());
     let key_file = &mut BufReader::new(key_file.as_bytes());
 
-    let cert_chain = certs(cert_file)
+    let cert_chain = certs(cert_file).collect::<Result<Vec<_>, _>>().unwrap();
-        .unwrap()
+    let mut keys = pkcs8_private_keys(key_file)
-        .into_iter()
+        .collect::<Result<Vec<_>, _>>()
-        .map(Certificate)
+        .unwrap();
-        .collect();
-    let mut keys = pkcs8_private_keys(key_file).unwrap();
 
     let mut config = rustls::ServerConfig::builder()
-        .with_safe_defaults()
         .with_no_client_auth()
-        .with_single_cert(cert_chain, PrivateKey(keys.remove(0)))
+        .with_single_cert(
+            cert_chain,
+            rustls::pki_types::PrivateKeyDer::Pkcs8(keys.remove(0)),
+        )
         .unwrap();
 
     config.alpn_protocols.push(b"http/1.1".to_vec());

actix-http/src/h1/service.rs

@@ -153,7 +153,7 @@ mod openssl {
 }
 
 #[cfg(feature = "rustls-0_20")]
-mod rustls_020 {
+mod rustls_0_20 {
     use std::io;
 
     use actix_service::ServiceFactoryExt as _;
@@ -214,7 +214,7 @@ mod rustls_020 {
 }
 
 #[cfg(feature = "rustls-0_21")]
-mod rustls_021 {
+mod rustls_0_21 {
     use std::io;
 
     use actix_service::ServiceFactoryExt as _;
@@ -274,6 +274,67 @@ mod rustls_021 {
     }
 }
 
+#[cfg(feature = "rustls-0_22")]
+mod rustls_0_22 {
+    use std::io;
+
+    use actix_service::ServiceFactoryExt as _;
+    use actix_tls::accept::{
+        rustls_0_22::{reexports::ServerConfig, Acceptor, TlsStream},
+        TlsError,
+    };
+
+    use super::*;
+
+    impl<S, B, X, U> H1Service<TlsStream<TcpStream>, S, B, X, U>
+    where
+        S: ServiceFactory<Request, Config = ()>,
+        S::Future: 'static,
+        S::Error: Into<Response<BoxBody>>,
+        S::InitError: fmt::Debug,
+        S::Response: Into<Response<B>>,
+
+        B: MessageBody,
+
+        X: ServiceFactory<Request, Config = (), Response = Request>,
+        X::Future: 'static,
+        X::Error: Into<Response<BoxBody>>,
+        X::InitError: fmt::Debug,
+
+        U: ServiceFactory<
+            (Request, Framed<TlsStream<TcpStream>, Codec>),
+            Config = (),
+            Response = (),
+        >,
+        U::Future: 'static,
+        U::Error: fmt::Display + Into<Response<BoxBody>>,
+        U::InitError: fmt::Debug,
+    {
+        /// Create Rustls v0.22 based service.
+        pub fn rustls_0_22(
+            self,
+            config: ServerConfig,
+        ) -> impl ServiceFactory<
+            TcpStream,
+            Config = (),
+            Response = (),
+            Error = TlsError<io::Error, DispatchError>,
+            InitError = (),
+        > {
+            Acceptor::new(config)
+                .map_init_err(|_| {
+                    unreachable!("TLS acceptor service factory does not error on init")
+                })
+                .map_err(TlsError::into_service_error)
+                .map(|io: TlsStream<TcpStream>| {
+                    let peer_addr = io.get_ref().0.peer_addr().ok();
+                    (io, peer_addr)
+                })
+                .and_then(self.map_err(TlsError::Service))
+        }
+    }
+}
+
 impl<T, S, B, X, U> H1Service<T, S, B, X, U>
 where
     S: ServiceFactory<Request, Config = ()>,

actix-http/src/h2/service.rs

@@ -141,7 +141,7 @@ mod openssl {
 }
 
 #[cfg(feature = "rustls-0_20")]
-mod rustls_020 {
+mod rustls_0_20 {
     use std::io;
 
     use actix_service::ServiceFactoryExt as _;
@@ -192,7 +192,7 @@ mod rustls_020 {
 }
 
 #[cfg(feature = "rustls-0_21")]
-mod rustls_021 {
+mod rustls_0_21 {
     use std::io;
 
     use actix_service::ServiceFactoryExt as _;
@@ -242,6 +242,57 @@ mod rustls_021 {
     }
 }
 
+#[cfg(feature = "rustls-0_22")]
+mod rustls_0_22 {
+    use std::io;
+
+    use actix_service::ServiceFactoryExt as _;
+    use actix_tls::accept::{
+        rustls_0_22::{reexports::ServerConfig, Acceptor, TlsStream},
+        TlsError,
+    };
+
+    use super::*;
+
+    impl<S, B> H2Service<TlsStream<TcpStream>, S, B>
+    where
+        S: ServiceFactory<Request, Config = ()>,
+        S::Future: 'static,
+        S::Error: Into<Response<BoxBody>> + 'static,
+        S::Response: Into<Response<B>> + 'static,
+        <S::Service as Service<Request>>::Future: 'static,
+
+        B: MessageBody + 'static,
+    {
+        /// Create Rustls v0.22 based service.
+        pub fn rustls_0_22(
+            self,
+            mut config: ServerConfig,
+        ) -> impl ServiceFactory<
+            TcpStream,
+            Config = (),
+            Response = (),
+            Error = TlsError<io::Error, DispatchError>,
+            InitError = S::InitError,
+        > {
+            let mut protos = vec![b"h2".to_vec()];
+            protos.extend_from_slice(&config.alpn_protocols);
+            config.alpn_protocols = protos;
+
+            Acceptor::new(config)
+                .map_init_err(|_| {
+                    unreachable!("TLS acceptor service factory does not error on init")
+                })
+                .map_err(TlsError::into_service_error)
+                .map(|io: TlsStream<TcpStream>| {
+                    let peer_addr = io.get_ref().0.peer_addr().ok();
+                    (io, peer_addr)
+                })
+                .and_then(self.map_err(TlsError::Service))
+        }
+    }
+}
+
 impl<T, S, B> ServiceFactory<(T, Option<net::SocketAddr>)> for H2Service<T, S, B>
 where
     T: AsyncRead + AsyncWrite + Unpin + 'static,

actix-http/src/header/map.rs

@@ -650,6 +650,13 @@ impl From<HeaderMap> for http::HeaderMap {
     }
 }
 
+/// Convert our `&HeaderMap` to a `http::HeaderMap`.
+impl From<&HeaderMap> for http::HeaderMap {
+    fn from(map: &HeaderMap) -> Self {
+        map.to_owned().into()
+    }
+}
+
 /// Iterator over removed, owned values with the same associated name.
 ///
 /// Returned from methods that remove or replace items. See [`HeaderMap::insert`]

actix-http/src/lib.rs

@@ -58,7 +58,12 @@ pub mod ws;
 
 #[allow(deprecated)]
 pub use self::payload::PayloadStream;
-#[cfg(any(feature = "openssl", feature = "rustls-0_20", feature = "rustls-0_21"))]
+#[cfg(any(
+    feature = "openssl",
+    feature = "rustls-0_20",
+    feature = "rustls-0_21",
+    feature = "rustls-0_22",
+))]
 pub use self::service::TlsAcceptorConfig;
 pub use self::{
     builder::HttpServiceBuilder,

actix-http/src/requests/head.rs

@@ -16,7 +16,10 @@ pub struct RequestHead {
     pub uri: Uri,
     pub version: Version,
     pub headers: HeaderMap,
+
+    /// Will only be None when called in unit tests unless set manually.
     pub peer_addr: Option<net::SocketAddr>,
+
     flags: Flags,
 }
 

actix-http/src/requests/request.rs

@@ -173,7 +173,7 @@ impl<P> Request<P> {
     /// Peer address is the directly connected peer's socket address. If a proxy is used in front of
     /// the Actix Web server, then it would be address of this proxy.
     ///
-    /// Will only return None when called in unit tests.
+    /// Will only return None when called in unit tests unless set manually.
     #[inline]
     pub fn peer_addr(&self) -> Option<net::SocketAddr> {
         self.head().peer_addr

actix-http/src/service.rs

@@ -241,13 +241,23 @@ where
 }
 
 /// Configuration options used when accepting TLS connection.
-#[cfg(any(feature = "openssl", feature = "rustls-0_20", feature = "rustls-0_21"))]
+#[cfg(any(
+    feature = "openssl",
+    feature = "rustls-0_20",
+    feature = "rustls-0_21",
+    feature = "rustls-0_22",
+))]
 #[derive(Debug, Default)]
 pub struct TlsAcceptorConfig {
     pub(crate) handshake_timeout: Option<std::time::Duration>,
 }
 
-#[cfg(any(feature = "openssl", feature = "rustls-0_20", feature = "rustls-0_21"))]
+#[cfg(any(
+    feature = "openssl",
+    feature = "rustls-0_20",
+    feature = "rustls-0_21",
+    feature = "rustls-0_22",
+))]
 impl TlsAcceptorConfig {
     /// Set TLS handshake timeout duration.
     pub fn handshake_timeout(self, dur: std::time::Duration) -> Self {
@@ -353,12 +363,12 @@ mod openssl {
 }
 
 #[cfg(feature = "rustls-0_20")]
-mod rustls_020 {
+mod rustls_0_20 {
     use std::io;
 
     use actix_service::ServiceFactoryExt as _;
     use actix_tls::accept::{
-        rustls::{reexports::ServerConfig, Acceptor, TlsStream},
+        rustls_0_20::{reexports::ServerConfig, Acceptor, TlsStream},
         TlsError,
     };
 
@@ -389,7 +399,7 @@ mod rustls_020 {
         U::Error: fmt::Display + Into<Response<BoxBody>>,
         U::InitError: fmt::Debug,
     {
-        /// Create Rustls based service.
+        /// Create Rustls v0.20 based service.
         pub fn rustls(
             self,
             config: ServerConfig,
@@ -403,7 +413,7 @@ mod rustls_020 {
             self.rustls_with_config(config, TlsAcceptorConfig::default())
         }
 
-        /// Create Rustls based service with custom TLS acceptor configuration.
+        /// Create Rustls v0.20 based service with custom TLS acceptor configuration.
         pub fn rustls_with_config(
             self,
             mut config: ServerConfig,
@@ -449,7 +459,7 @@ mod rustls_020 {
 }
 
 #[cfg(feature = "rustls-0_21")]
-mod rustls_021 {
+mod rustls_0_21 {
     use std::io;
 
     use actix_service::ServiceFactoryExt as _;
@@ -485,7 +495,7 @@ mod rustls_021 {
         U::Error: fmt::Display + Into<Response<BoxBody>>,
         U::InitError: fmt::Debug,
     {
-        /// Create Rustls based service.
+        /// Create Rustls v0.21 based service.
         pub fn rustls_021(
             self,
             config: ServerConfig,
@@ -499,7 +509,7 @@ mod rustls_021 {
             self.rustls_021_with_config(config, TlsAcceptorConfig::default())
         }
 
-        /// Create Rustls based service with custom TLS acceptor configuration.
+        /// Create Rustls v0.21 based service with custom TLS acceptor configuration.
         pub fn rustls_021_with_config(
             self,
             mut config: ServerConfig,
@@ -544,6 +554,102 @@ mod rustls_021 {
     }
 }
 
+#[cfg(feature = "rustls-0_22")]
+mod rustls_0_22 {
+    use std::io;
+
+    use actix_service::ServiceFactoryExt as _;
+    use actix_tls::accept::{
+        rustls_0_22::{reexports::ServerConfig, Acceptor, TlsStream},
+        TlsError,
+    };
+
+    use super::*;
+
+    impl<S, B, X, U> HttpService<TlsStream<TcpStream>, S, B, X, U>
+    where
+        S: ServiceFactory<Request, Config = ()>,
+        S::Future: 'static,
+        S::Error: Into<Response<BoxBody>> + 'static,
+        S::InitError: fmt::Debug,
+        S::Response: Into<Response<B>> + 'static,
+        <S::Service as Service<Request>>::Future: 'static,
+
+        B: MessageBody + 'static,
+
+        X: ServiceFactory<Request, Config = (), Response = Request>,
+        X::Future: 'static,
+        X::Error: Into<Response<BoxBody>>,
+        X::InitError: fmt::Debug,
+
+        U: ServiceFactory<
+            (Request, Framed<TlsStream<TcpStream>, h1::Codec>),
+            Config = (),
+            Response = (),
+        >,
+        U::Future: 'static,
+        U::Error: fmt::Display + Into<Response<BoxBody>>,
+        U::InitError: fmt::Debug,
+    {
+        /// Create Rustls v0.22 based service.
+        pub fn rustls_0_22(
+            self,
+            config: ServerConfig,
+        ) -> impl ServiceFactory<
+            TcpStream,
+            Config = (),
+            Response = (),
+            Error = TlsError<io::Error, DispatchError>,
+            InitError = (),
+        > {
+            self.rustls_0_22_with_config(config, TlsAcceptorConfig::default())
+        }
+
+        /// Create Rustls v0.22 based service with custom TLS acceptor configuration.
+        pub fn rustls_0_22_with_config(
+            self,
+            mut config: ServerConfig,
+            tls_acceptor_config: TlsAcceptorConfig,
+        ) -> impl ServiceFactory<
+            TcpStream,
+            Config = (),
+            Response = (),
+            Error = TlsError<io::Error, DispatchError>,
+            InitError = (),
+        > {
+            let mut protos = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
+            protos.extend_from_slice(&config.alpn_protocols);
+            config.alpn_protocols = protos;
+
+            let mut acceptor = Acceptor::new(config);
+
+            if let Some(handshake_timeout) = tls_acceptor_config.handshake_timeout {
+                acceptor.set_handshake_timeout(handshake_timeout);
+            }
+
+            acceptor
+                .map_init_err(|_| {
+                    unreachable!("TLS acceptor service factory does not error on init")
+                })
+                .map_err(TlsError::into_service_error)
+                .and_then(|io: TlsStream<TcpStream>| async {
+                    let proto = if let Some(protos) = io.get_ref().1.alpn_protocol() {
+                        if protos.windows(2).any(|window| window == b"h2") {
+                            Protocol::Http2
+                        } else {
+                            Protocol::Http1
+                        }
+                    } else {
+                        Protocol::Http1
+                    };
+                    let peer_addr = io.get_ref().0.peer_addr().ok();
+                    Ok((io, proto, peer_addr))
+                })
+                .and_then(self.map_err(TlsError::Service))
+        }
+    }
+}
+
 impl<T, S, B, X, U> ServiceFactory<(T, Protocol, Option<net::SocketAddr>)>
     for HttpService<T, S, B, X, U>
 where

actix-http/tests/test_rustls.rs

@@ -1,6 +1,6 @@
-#![cfg(feature = "rustls-0_21")]
+#![cfg(feature = "rustls-0_22")]
 
-extern crate tls_rustls_021 as rustls;
+extern crate tls_rustls_022 as rustls;
 
 use std::{
     convert::Infallible,
@@ -20,13 +20,13 @@ use actix_http::{
 use actix_http_test::test_server;
 use actix_rt::pin;
 use actix_service::{fn_factory_with_config, fn_service};
-use actix_tls::connect::rustls_0_21::webpki_roots_cert_store;
+use actix_tls::connect::rustls_0_22::webpki_roots_cert_store;
 use actix_utils::future::{err, ok, poll_fn};
 use bytes::{Bytes, BytesMut};
 use derive_more::{Display, Error};
 use futures_core::{ready, Stream};
 use futures_util::stream::once;
-use rustls::{Certificate, PrivateKey, ServerConfig as RustlsServerConfig, ServerName};
+use rustls::{pki_types::ServerName, ServerConfig as RustlsServerConfig};
 use rustls_pemfile::{certs, pkcs8_private_keys};
 
 async fn load_body<S>(stream: S) -> Result<BytesMut, PayloadError>
@@ -59,17 +59,17 @@ fn tls_config() -> RustlsServerConfig {
     let cert_file = &mut BufReader::new(cert_file.as_bytes());
     let key_file = &mut BufReader::new(key_file.as_bytes());
 
-    let cert_chain = certs(cert_file)
+    let cert_chain = certs(cert_file).collect::<Result<Vec<_>, _>>().unwrap();
-        .unwrap()
+    let mut keys = pkcs8_private_keys(key_file)
-        .into_iter()
+        .collect::<Result<Vec<_>, _>>()
-        .map(Certificate)
+        .unwrap();
-        .collect();
-    let mut keys = pkcs8_private_keys(key_file).unwrap();
 
     let mut config = RustlsServerConfig::builder()
-        .with_safe_defaults()
         .with_no_client_auth()
-        .with_single_cert(cert_chain, PrivateKey(keys.remove(0)))
+        .with_single_cert(
+            cert_chain,
+            rustls::pki_types::PrivateKeyDer::Pkcs8(keys.remove(0)),
+        )
         .unwrap();
 
     config.alpn_protocols.push(HTTP1_1_ALPN_PROTOCOL.to_vec());
@@ -83,7 +83,6 @@ pub fn get_negotiated_alpn_protocol(
     client_alpn_protocol: &[u8],
 ) -> Option<Vec<u8>> {
     let mut config = rustls::ClientConfig::builder()
-        .with_safe_defaults()
         .with_root_certificates(webpki_roots_cert_store())
         .with_no_client_auth();
 
@@ -109,7 +108,7 @@ async fn h1() -> io::Result<()> {
     let srv = test_server(move || {
         HttpService::build()
             .h1(|_| ok::<_, Error>(Response::ok()))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
     })
     .await;
 
@@ -123,7 +122,7 @@ async fn h2() -> io::Result<()> {
     let srv = test_server(move || {
         HttpService::build()
             .h2(|_| ok::<_, Error>(Response::ok()))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
     })
     .await;
 
@@ -141,7 +140,7 @@ async fn h1_1() -> io::Result<()> {
                 assert_eq!(req.version(), Version::HTTP_11);
                 ok::<_, Error>(Response::ok())
             })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
     })
     .await;
 
@@ -159,7 +158,7 @@ async fn h2_1() -> io::Result<()> {
                 assert_eq!(req.version(), Version::HTTP_2);
                 ok::<_, Error>(Response::ok())
             })
-            .rustls_021_with_config(
+            .rustls_0_22_with_config(
                 tls_config(),
                 TlsAcceptorConfig::default().handshake_timeout(Duration::from_secs(5)),
             )
@@ -180,7 +179,7 @@ async fn h2_body1() -> io::Result<()> {
                 let body = load_body(req.take_payload()).await?;
                 Ok::<_, Error>(Response::ok().set_body(body))
             })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
     })
     .await;
 
@@ -206,7 +205,7 @@ async fn h2_content_length() {
                 ];
                 ok::<_, Infallible>(Response::new(statuses[indx]))
             })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
     })
     .await;
 
@@ -278,7 +277,7 @@ async fn h2_headers() {
                 }
                 ok::<_, Infallible>(config.body(data.clone()))
             })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
     })
     .await;
 
@@ -317,7 +316,7 @@ async fn h2_body2() {
     let mut srv = test_server(move || {
         HttpService::build()
             .h2(|_| ok::<_, Infallible>(Response::ok().set_body(STR)))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
     })
     .await;
 
@@ -334,7 +333,7 @@ async fn h2_head_empty() {
     let mut srv = test_server(move || {
         HttpService::build()
             .finish(|_| ok::<_, Infallible>(Response::ok().set_body(STR)))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
     })
     .await;
 
@@ -360,7 +359,7 @@ async fn h2_head_binary() {
     let mut srv = test_server(move || {
         HttpService::build()
             .h2(|_| ok::<_, Infallible>(Response::ok().set_body(STR)))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
     })
     .await;
 
@@ -385,7 +384,7 @@ async fn h2_head_binary2() {
     let srv = test_server(move || {
         HttpService::build()
             .h2(|_| ok::<_, Infallible>(Response::ok().set_body(STR)))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
     })
     .await;
 
@@ -411,7 +410,7 @@ async fn h2_body_length() {
                     Response::ok().set_body(SizedStream::new(STR.len() as u64, body)),
                 )
             })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
     })
     .await;
 
@@ -435,7 +434,7 @@ async fn h2_body_chunked_explicit() {
                         .body(BodyStream::new(body)),
                 )
             })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
     })
     .await;
 
@@ -464,7 +463,7 @@ async fn h2_response_http_error_handling() {
                     )
                 }))
             }))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
     })
     .await;
 
@@ -494,7 +493,7 @@ async fn h2_service_error() {
     let mut srv = test_server(move || {
         HttpService::build()
             .h2(|_| err::<Response<BoxBody>, _>(BadRequest))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
     })
     .await;
 
@@ -511,7 +510,7 @@ async fn h1_service_error() {
     let mut srv = test_server(move || {
         HttpService::build()
             .h1(|_| err::<Response<BoxBody>, _>(BadRequest))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
     })
     .await;
 
@@ -534,7 +533,7 @@ async fn alpn_h1() -> io::Result<()> {
         config.alpn_protocols.push(CUSTOM_ALPN_PROTOCOL.to_vec());
         HttpService::build()
             .h1(|_| ok::<_, Error>(Response::ok()))
-            .rustls_021(config)
+            .rustls_0_22(config)
     })
     .await;
 
@@ -556,7 +555,7 @@ async fn alpn_h2() -> io::Result<()> {
         config.alpn_protocols.push(CUSTOM_ALPN_PROTOCOL.to_vec());
         HttpService::build()
             .h2(|_| ok::<_, Error>(Response::ok()))
-            .rustls_021(config)
+            .rustls_0_22(config)
     })
     .await;
 
@@ -582,7 +581,7 @@ async fn alpn_h2_1() -> io::Result<()> {
         config.alpn_protocols.push(CUSTOM_ALPN_PROTOCOL.to_vec());
         HttpService::build()
             .finish(|_| ok::<_, Error>(Response::ok()))
-            .rustls_021(config)
+            .rustls_0_22(config)
     })
     .await;
 

actix-multipart-derive/README.md

@@ -1,7 +1,9 @@
-# actix-multipart-derive
+# `actix-multipart-derive`
 
 > The derive macro implementation for actix-multipart-derive.
 
+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-multipart-derive?label=latest)](https://crates.io/crates/actix-multipart-derive)
 [![Documentation](https://docs.rs/actix-multipart-derive/badge.svg?version=0.6.1)](https://docs.rs/actix-multipart-derive/0.6.1)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
@@ -11,6 +13,8 @@
 [![Download](https://img.shields.io/crates/d/actix-multipart-derive.svg)](https://crates.io/crates/actix-multipart-derive)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)
 
+<!-- prettier-ignore-end -->
+
 ## Documentation & Resources
 
 - [API Documentation](https://docs.rs/actix-multipart-derive)

actix-multipart/README.md

@@ -1,7 +1,9 @@
-# actix-multipart
+# `actix-multipart`
 
 > Multipart form support for Actix Web.
 
+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-multipart?label=latest)](https://crates.io/crates/actix-multipart)
 [![Documentation](https://docs.rs/actix-multipart/badge.svg?version=0.6.1)](https://docs.rs/actix-multipart/0.6.1)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
@@ -11,6 +13,8 @@
 [![Download](https://img.shields.io/crates/d/actix-multipart.svg)](https://crates.io/crates/actix-multipart)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)
 
+<!-- prettier-ignore-end -->
+
 ## Documentation & Resources
 
 - [API Documentation](https://docs.rs/actix-multipart)

actix-router/README.md

@@ -1,5 +1,7 @@
 # `actix-router`
 
+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-router?label=latest)](https://crates.io/crates/actix-router)
 [![Documentation](https://docs.rs/actix-router/badge.svg?version=0.5.2)](https://docs.rs/actix-router/0.5.2)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
@@ -9,6 +11,8 @@
 [![Download](https://img.shields.io/crates/d/actix-router.svg)](https://crates.io/crates/actix-router)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)
 
+<!-- prettier-ignore-end -->
+
 <!-- cargo-rdme start -->
 
 Resource path matching and router.

actix-test/CHANGES.md

@@ -2,6 +2,10 @@
 
 ## Unreleased
 
+## 0.1.3
+
+- Add `TestServerConfig::rustls_0_22()` method for Rustls v0.22 support behind new `rustls-0_22` crate feature.
+
 ## 0.1.2
 
 - Add `TestServerConfig::rustls_021()` method for Rustls v0.21 support behind new `rustls-0_21` crate feature.

actix-test/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "actix-test"
-version = "0.1.2"
+version = "0.1.3"
 authors = [
     "Nikolay Kim <fafhrd91@gmail.com>",
     "Rob Ede <robjtede@icloud.com>",
@@ -27,19 +27,21 @@ rustls = ["rustls-0_20"]
 rustls-0_20 = ["tls-rustls-0_20", "actix-http/rustls-0_20", "awc/rustls-0_20"]
 # TLS via Rustls v0.21
 rustls-0_21 = ["tls-rustls-0_21", "actix-http/rustls-0_21", "awc/rustls-0_21"]
+# TLS via Rustls v0.22
+rustls-0_22 = ["tls-rustls-0_22", "actix-http/rustls-0_22", "awc/rustls-0_22-webpki-roots"]
 
 # TLS via OpenSSL
 openssl = ["tls-openssl", "actix-http/openssl", "awc/openssl"]
 
 [dependencies]
 actix-codec = "0.5"
-actix-http = "3"
+actix-http = "3.6"
 actix-http-test = "3"
 actix-rt = "2.1"
 actix-service = "2"
 actix-utils = "3"
-actix-web = { version = "4", default-features = false, features = ["cookies"] }
+actix-web = { version = "4.5", default-features = false, features = ["cookies"] }
-awc = { version = "3", default-features = false, features = ["cookies"] }
+awc = { version = "3.4", default-features = false, features = ["cookies"] }
 
 futures-core = { version = "0.3.17", default-features = false, features = ["std"] }
 futures-util = { version = "0.3.17", default-features = false, features = [] }
@@ -50,4 +52,5 @@ serde_urlencoded = "0.7"
 tls-openssl = { package = "openssl", version = "0.10.55", optional = true }
 tls-rustls-0_20 = { package = "rustls", version = "0.20", optional = true }
 tls-rustls-0_21 = { package = "rustls", version = "0.21", optional = true }
+tls-rustls-0_22 = { package = "rustls", version = "0.22", optional = true }
 tokio = { version = "1.24.2", features = ["sync"] }

actix-test/src/lib.rs

@@ -143,6 +143,8 @@ where
         StreamType::Rustls020(_) => true,
         #[cfg(feature = "rustls-0_21")]
         StreamType::Rustls021(_) => true,
+        #[cfg(feature = "rustls-0_22")]
+        StreamType::Rustls022(_) => true,
     };
 
     // run server in separate orphaned thread
@@ -327,6 +329,48 @@ where
                             .rustls_021(config.clone())
                     }),
                 },
+                #[cfg(feature = "rustls-0_22")]
+                StreamType::Rustls022(config) => match cfg.tp {
+                    HttpVer::Http1 => builder.listen("test", tcp, move || {
+                        let app_cfg =
+                            AppConfig::__priv_test_new(false, local_addr.to_string(), local_addr);
+
+                        let fac = factory()
+                            .into_factory()
+                            .map_err(|err| err.into().error_response());
+
+                        HttpService::build()
+                            .client_request_timeout(timeout)
+                            .h1(map_config(fac, move |_| app_cfg.clone()))
+                            .rustls_0_22(config.clone())
+                    }),
+                    HttpVer::Http2 => builder.listen("test", tcp, move || {
+                        let app_cfg =
+                            AppConfig::__priv_test_new(false, local_addr.to_string(), local_addr);
+
+                        let fac = factory()
+                            .into_factory()
+                            .map_err(|err| err.into().error_response());
+
+                        HttpService::build()
+                            .client_request_timeout(timeout)
+                            .h2(map_config(fac, move |_| app_cfg.clone()))
+                            .rustls_0_22(config.clone())
+                    }),
+                    HttpVer::Both => builder.listen("test", tcp, move || {
+                        let app_cfg =
+                            AppConfig::__priv_test_new(false, local_addr.to_string(), local_addr);
+
+                        let fac = factory()
+                            .into_factory()
+                            .map_err(|err| err.into().error_response());
+
+                        HttpService::build()
+                            .client_request_timeout(timeout)
+                            .finish(map_config(fac, move |_| app_cfg.clone()))
+                            .rustls_0_22(config.clone())
+                    }),
+                },
             }
             .expect("test server could not be created");
 
@@ -401,6 +445,8 @@ enum StreamType {
     Rustls020(tls_rustls_0_20::ServerConfig),
     #[cfg(feature = "rustls-0_21")]
     Rustls021(tls_rustls_0_21::ServerConfig),
+    #[cfg(feature = "rustls-0_22")]
+    Rustls022(tls_rustls_0_22::ServerConfig),
 }
 
 /// Create default test server config.
@@ -424,7 +470,7 @@ impl Default for TestServerConfig {
 }
 
 impl TestServerConfig {
-    /// Create default server configuration
+    /// Constructs default server configuration.
     pub(crate) fn new() -> TestServerConfig {
         TestServerConfig {
             tp: HttpVer::Both,
@@ -435,40 +481,63 @@ impl TestServerConfig {
         }
     }
 
-    /// Accept HTTP/1.1 only.
+    /// Accepts HTTP/1.1 only.
     pub fn h1(mut self) -> Self {
         self.tp = HttpVer::Http1;
         self
     }
 
-    /// Accept HTTP/2 only.
+    /// Accepts HTTP/2 only.
     pub fn h2(mut self) -> Self {
         self.tp = HttpVer::Http2;
         self
     }
 
-    /// Accept secure connections via OpenSSL.
+    /// Accepts secure connections via OpenSSL.
     #[cfg(feature = "openssl")]
     pub fn openssl(mut self, acceptor: openssl::ssl::SslAcceptor) -> Self {
         self.stream = StreamType::Openssl(acceptor);
         self
     }
 
-    /// Accept secure connections via Rustls.
+    #[doc(hidden)]
+    #[deprecated(note = "Renamed to `rustls_0_20()`.")]
     #[cfg(feature = "rustls-0_20")]
     pub fn rustls(mut self, config: tls_rustls_0_20::ServerConfig) -> Self {
         self.stream = StreamType::Rustls020(config);
         self
     }
 
-    /// Accept secure connections via Rustls.
+    /// Accepts secure connections via Rustls v0.20.
+    #[cfg(feature = "rustls-0_20")]
+    pub fn rustls_0_20(mut self, config: tls_rustls_0_20::ServerConfig) -> Self {
+        self.stream = StreamType::Rustls020(config);
+        self
+    }
+
+    #[doc(hidden)]
+    #[deprecated(note = "Renamed to `rustls_0_21()`.")]
     #[cfg(feature = "rustls-0_21")]
     pub fn rustls_021(mut self, config: tls_rustls_0_21::ServerConfig) -> Self {
         self.stream = StreamType::Rustls021(config);
         self
     }
 
-    /// Set client timeout for first request.
+    /// Accepts secure connections via Rustls v0.21.
+    #[cfg(feature = "rustls-0_21")]
+    pub fn rustls_0_21(mut self, config: tls_rustls_0_21::ServerConfig) -> Self {
+        self.stream = StreamType::Rustls021(config);
+        self
+    }
+
+    /// Accepts secure connections via Rustls v0.22.
+    #[cfg(feature = "rustls-0_22")]
+    pub fn rustls_0_22(mut self, config: tls_rustls_0_22::ServerConfig) -> Self {
+        self.stream = StreamType::Rustls022(config);
+        self
+    }
+
+    /// Sets client timeout for first request.
     pub fn client_request_timeout(mut self, dur: Duration) -> Self {
         self.client_request_timeout = dur;
         self

actix-web-actors/CHANGES.md

@@ -2,6 +2,8 @@
 
 ## Unreleased
 
+## 4.3.0
+
 - Minimum supported Rust version (MSRV) is now 1.68 due to transitive `time` dependency.
 
 ## 4.2.0

actix-web-actors/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "actix-web-actors"
-version = "4.2.0"
+version = "4.3.0"
 authors = ["Nikolay Kim <fafhrd91@gmail.com>"]
 description = "Actix actors support for Actix Web"
 keywords = ["actix", "http", "web", "framework", "async"]

actix-web-actors/README.md

@@ -1,16 +1,20 @@
-# actix-web-actors
+# `actix-web-actors`
 
 > Actix actors support for Actix Web.
 
+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-web-actors?label=latest)](https://crates.io/crates/actix-web-actors)
-[![Documentation](https://docs.rs/actix-web-actors/badge.svg?version=4.2.0)](https://docs.rs/actix-web-actors/4.2.0)
+[![Documentation](https://docs.rs/actix-web-actors/badge.svg?version=4.3.0)](https://docs.rs/actix-web-actors/4.3.0)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
 ![License](https://img.shields.io/crates/l/actix-web-actors.svg)
 <br />
-[![dependency status](https://deps.rs/crate/actix-web-actors/4.2.0/status.svg)](https://deps.rs/crate/actix-web-actors/4.2.0)
+[![dependency status](https://deps.rs/crate/actix-web-actors/4.3.0/status.svg)](https://deps.rs/crate/actix-web-actors/4.3.0)
 [![Download](https://img.shields.io/crates/d/actix-web-actors.svg)](https://crates.io/crates/actix-web-actors)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)
 
+<!-- prettier-ignore-end -->
+
 ## Documentation & Resources
 
 - [API Documentation](https://docs.rs/actix-web-actors)

actix-web-codegen/README.md

@@ -1,7 +1,9 @@
-# actix-web-codegen
+# `actix-web-codegen`
 
 > Routing and runtime macros for Actix Web.
 
+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-web-codegen?label=latest)](https://crates.io/crates/actix-web-codegen)
 [![Documentation](https://docs.rs/actix-web-codegen/badge.svg?version=4.2.2)](https://docs.rs/actix-web-codegen/4.2.2)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
@@ -11,6 +13,8 @@
 [![Download](https://img.shields.io/crates/d/actix-web-codegen.svg)](https://crates.io/crates/actix-web-codegen)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)
 
+<!-- prettier-ignore-end -->
+
 ## Documentation & Resources
 
 - [API Documentation](https://docs.rs/actix-web-codegen)

actix-web/CHANGES.md

@@ -2,6 +2,11 @@
 
 ## Unreleased
 
+## 4.5.0
+
+- Add `rustls-0_22` crate feature.
+- Add `HttpServer::{bind_rustls_0_22, listen_rustls_0_22}()` builder methods.
+
 ## 4.4.1
 
 ### Changed

actix-web/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "actix-web"
-version = "4.4.1"
+version = "4.5.0"
 description = "Actix Web is a powerful, pragmatic, and extremely fast web framework for Rust"
 authors = [
     "Nikolay Kim <fafhrd91@gmail.com>",
@@ -20,9 +20,20 @@ edition.workspace = true
 rust-version.workspace = true
 
 [package.metadata.docs.rs]
-# features that docs.rs will build with
-features = ["macros", "openssl", "rustls-0_20", "rustls-0_21", "compress-brotli", "compress-gzip", "compress-zstd", "cookies", "secure-cookies"]
 rustdoc-args = ["--cfg", "docsrs"]
+features = [
+    "macros",
+    "openssl",
+    "rustls-0_20",
+    "rustls-0_21",
+    "rustls-0_22",
+    "compress-brotli",
+    "compress-gzip",
+    "compress-zstd",
+    "cookies",
+    "secure-cookies",
+]
+
 
 [lib]
 name = "actix_web"
@@ -58,6 +69,8 @@ rustls = ["rustls-0_20"]
 rustls-0_20 = ["http2", "actix-http/rustls-0_20", "actix-tls/accept", "actix-tls/rustls-0_20"]
 # TLS via Rustls v0.21
 rustls-0_21 = ["http2", "actix-http/rustls-0_21", "actix-tls/accept", "actix-tls/rustls-0_21"]
+# TLS via Rustls v0.22
+rustls-0_22 = ["http2", "actix-http/rustls-0_22", "actix-tls/accept", "actix-tls/rustls-0_22"]
 
 # Internal (PRIVATE!) features used to aid testing and checking feature status.
 # Don't rely on these whatsoever. They may disappear at anytime.
@@ -73,9 +86,9 @@ actix-rt = { version = "2.6", default-features = false }
 actix-server = "2"
 actix-service = "2"
 actix-utils = "3"
-actix-tls = { version = "3.1", default-features = false, optional = true }
+actix-tls = { version = "3.3", default-features = false, optional = true }
 
-actix-http = { version = "3.5", features = ["ws"] }
+actix-http = { version = "3.6", features = ["ws"] }
 actix-router = "0.5"
 actix-web-codegen = { version = "4.2", optional = true }
 

actix-web/MIGRATION-4.0.md

@@ -372,13 +372,13 @@ You may need to review the [guidance on shared mutable state](https://docs.rs/ac
   HttpServer::new(|| {
 -     App::new()
 -         .data(MyState::default())
--         .service(hander)
+-         .service(handler)
 
 +     let my_state: Data<MyState> = Data::new(MyState::default());
 +
 +     App::new()
 +         .app_data(my_state)
-+         .service(hander)
++         .service(handler)
   })
 ```
 

actix-web/README.md

@@ -8,10 +8,10 @@
 <!-- prettier-ignore-start -->
 
 [![crates.io](https://img.shields.io/crates/v/actix-web?label=latest)](https://crates.io/crates/actix-web)
-[![Documentation](https://docs.rs/actix-web/badge.svg?version=4.4.1)](https://docs.rs/actix-web/4.4.1)
+[![Documentation](https://docs.rs/actix-web/badge.svg?version=4.5.0)](https://docs.rs/actix-web/4.5.0)
 ![MSRV](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
 ![MIT or Apache 2.0 licensed](https://img.shields.io/crates/l/actix-web.svg)
-[![Dependency Status](https://deps.rs/crate/actix-web/4.4.1/status.svg)](https://deps.rs/crate/actix-web/4.4.1)
+[![Dependency Status](https://deps.rs/crate/actix-web/4.5.0/status.svg)](https://deps.rs/crate/actix-web/4.5.0)
 <br />
 [![CI](https://github.com/actix/actix-web/actions/workflows/ci.yml/badge.svg)](https://github.com/actix/actix-web/actions/workflows/ci.yml)
 [![codecov](https://codecov.io/gh/actix/actix-web/branch/master/graph/badge.svg)](https://codecov.io/gh/actix/actix-web)

actix-web/src/app.rs

@@ -129,6 +129,8 @@ where
     ///
     /// Data items are constructed during application initialization, before the server starts
     /// accepting requests.
+    ///
+    /// The returned data value `D` is wrapped as [`Data<D>`].
     pub fn data_factory<F, Out, D, E>(mut self, data: F) -> Self
     where
         F: Fn() -> Out + 'static,

actix-web/src/data.rs

@@ -69,7 +69,7 @@ pub(crate) type FnDataFactory =
 ///     HttpResponse::Ok()
 /// }
 ///
-/// /// Alteratively, use the `HttpRequest::app_data` method to access data in a handler.
+/// /// Alternatively, use the `HttpRequest::app_data` method to access data in a handler.
 /// async fn index_alt(req: HttpRequest) -> impl Responder {
 ///     let data = req.app_data::<Data<Mutex<MyData>>>().unwrap();
 ///     let mut my_data = data.lock().unwrap();

actix-web/src/guard/acceptable.rs

@@ -20,7 +20,7 @@ use crate::http::header::Accept;
 pub struct Acceptable {
     mime: mime::Mime,
 
-    /// Wether to match `*/*` mime type.
+    /// Whether to match `*/*` mime type.
     ///
     /// Defaults to false because it's not very useful otherwise.
     match_star_star: bool,

actix-web/src/guard/host.rs

@@ -2,7 +2,7 @@ use actix_http::{header, uri::Uri, RequestHead};
 
 use super::{Guard, GuardContext};
 
-/// Creates a guard that matches requests targetting a specific host.
+/// Creates a guard that matches requests targeting a specific host.
 ///
 /// # Matching Host
 /// This guard will:

actix-web/src/server.rs

@@ -442,6 +442,25 @@ where
         Ok(self)
     }
 
+    /// Resolves socket address(es) and binds server to created listener(s) for TLS connections
+    /// using Rustls v0.22.
+    ///
+    /// See [`bind()`](Self::bind()) for more details on `addrs` argument.
+    ///
+    /// ALPN protocols "h2" and "http/1.1" are added to any configured ones.
+    #[cfg(feature = "rustls-0_22")]
+    pub fn bind_rustls_0_22<A: net::ToSocketAddrs>(
+        mut self,
+        addrs: A,
+        config: actix_tls::accept::rustls_0_22::reexports::ServerConfig,
+    ) -> io::Result<Self> {
+        let sockets = bind_addrs(addrs, self.backlog)?;
+        for lst in sockets {
+            self = self.listen_rustls_0_22_inner(lst, config.clone())?;
+        }
+        Ok(self)
+    }
+
     /// Resolves socket address(es) and binds server to created listener(s) for TLS connections
     /// using OpenSSL.
     ///
@@ -685,6 +704,72 @@ where
         Ok(self)
     }
 
+    /// Binds to existing listener for accepting incoming TLS connection requests using Rustls
+    /// v0.22.
+    ///
+    /// See [`listen()`](Self::listen) for more details on the `lst` argument.
+    ///
+    /// ALPN protocols "h2" and "http/1.1" are added to any configured ones.
+    #[cfg(feature = "rustls-0_22")]
+    pub fn listen_rustls_0_22(
+        self,
+        lst: net::TcpListener,
+        config: actix_tls::accept::rustls_0_22::reexports::ServerConfig,
+    ) -> io::Result<Self> {
+        self.listen_rustls_0_22_inner(lst, config)
+    }
+
+    #[cfg(feature = "rustls-0_22")]
+    fn listen_rustls_0_22_inner(
+        mut self,
+        lst: net::TcpListener,
+        config: actix_tls::accept::rustls_0_22::reexports::ServerConfig,
+    ) -> io::Result<Self> {
+        let factory = self.factory.clone();
+        let cfg = self.config.clone();
+        let addr = lst.local_addr().unwrap();
+        self.sockets.push(Socket {
+            addr,
+            scheme: "https",
+        });
+
+        let on_connect_fn = self.on_connect_fn.clone();
+
+        self.builder =
+            self.builder
+                .listen(format!("actix-web-service-{}", addr), lst, move || {
+                    let c = cfg.lock().unwrap();
+                    let host = c.host.clone().unwrap_or_else(|| format!("{}", addr));
+
+                    let svc = HttpService::build()
+                        .keep_alive(c.keep_alive)
+                        .client_request_timeout(c.client_request_timeout)
+                        .client_disconnect_timeout(c.client_disconnect_timeout);
+
+                    let svc = if let Some(handler) = on_connect_fn.clone() {
+                        svc.on_connect_ext(move |io: &_, ext: _| (handler)(io as &dyn Any, ext))
+                    } else {
+                        svc
+                    };
+
+                    let fac = factory()
+                        .into_factory()
+                        .map_err(|err| err.into().error_response());
+
+                    let acceptor_config = match c.tls_handshake_timeout {
+                        Some(dur) => TlsAcceptorConfig::default().handshake_timeout(dur),
+                        None => TlsAcceptorConfig::default(),
+                    };
+
+                    svc.finish(map_config(fac, move |_| {
+                        AppConfig::new(true, host.clone(), addr)
+                    }))
+                    .rustls_0_22_with_config(config.clone(), acceptor_config)
+                })?;
+
+        Ok(self)
+    }
+
     /// Binds to existing listener for accepting incoming TLS connection requests using OpenSSL.
     ///
     /// See [`listen()`](Self::listen) for more details on the `lst` argument.

actix-web/src/service.rs

@@ -221,12 +221,9 @@ impl ServiceRequest {
 
     /// Returns peer's socket address.
     ///
-    /// Peer address is the directly connected peer's socket address. If a proxy is used in front of
+    /// See [`HttpRequest::peer_addr`] for more details.
-    /// the Actix Web server, then it would be address of this proxy.
     ///
-    /// To get client connection information `ConnectionInfo` should be used.
+    /// [`HttpRequest::peer_addr`]: crate::HttpRequest::peer_addr
-    ///
-    /// Will only return None when called in unit tests.
     #[inline]
     pub fn peer_addr(&self) -> Option<net::SocketAddr> {
         self.head().peer_addr

actix-web/src/test/test_request.rs

@@ -86,76 +86,77 @@ impl Default for TestRequest {
 
 #[allow(clippy::wrong_self_convention)]
 impl TestRequest {
-    /// Create TestRequest and set request uri
+    /// Constructs test request and sets request URI.
-    pub fn with_uri(path: &str) -> TestRequest {
+    pub fn with_uri(uri: &str) -> TestRequest {
-        TestRequest::default().uri(path)
+        TestRequest::default().uri(uri)
     }
 
-    /// Create TestRequest and set method to `Method::GET`
+    /// Constructs test request with GET method.
     pub fn get() -> TestRequest {
         TestRequest::default().method(Method::GET)
     }
 
-    /// Create TestRequest and set method to `Method::POST`
+    /// Constructs test request with POST method.
     pub fn post() -> TestRequest {
         TestRequest::default().method(Method::POST)
     }
 
-    /// Create TestRequest and set method to `Method::PUT`
+    /// Constructs test request with PUT method.
     pub fn put() -> TestRequest {
         TestRequest::default().method(Method::PUT)
     }
 
-    /// Create TestRequest and set method to `Method::PATCH`
+    /// Constructs test request with PATCH method.
     pub fn patch() -> TestRequest {
         TestRequest::default().method(Method::PATCH)
     }
 
-    /// Create TestRequest and set method to `Method::DELETE`
+    /// Constructs test request with DELETE method.
     pub fn delete() -> TestRequest {
         TestRequest::default().method(Method::DELETE)
     }
 
-    /// Set HTTP version of this request
+    /// Sets HTTP version of this request.
     pub fn version(mut self, ver: Version) -> Self {
         self.req.version(ver);
         self
     }
 
-    /// Set HTTP method of this request
+    /// Sets method of this request.
     pub fn method(mut self, meth: Method) -> Self {
         self.req.method(meth);
         self
     }
 
-    /// Set HTTP URI of this request
+    /// Sets URI of this request.
     pub fn uri(mut self, path: &str) -> Self {
         self.req.uri(path);
         self
     }
 
-    /// Insert a header, replacing any that were set with an equivalent field name.
+    /// Inserts a header, replacing any that were set with an equivalent field name.
     pub fn insert_header(mut self, header: impl TryIntoHeaderPair) -> Self {
         self.req.insert_header(header);
         self
     }
 
-    /// Append a header, keeping any that were set with an equivalent field name.
+    /// Appends a header, keeping any that were set with an equivalent field name.
     pub fn append_header(mut self, header: impl TryIntoHeaderPair) -> Self {
         self.req.append_header(header);
         self
     }
 
-    /// Set cookie for this request.
+    /// Sets cookie for this request.
     #[cfg(feature = "cookies")]
     pub fn cookie(mut self, cookie: Cookie<'_>) -> Self {
         self.cookies.add(cookie.into_owned());
         self
     }
 
-    /// Set request path pattern parameter.
+    /// Sets request path pattern parameter.
     ///
     /// # Examples
+    ///
     /// ```
     /// use actix_web::test::TestRequest;
     ///
@@ -171,19 +172,19 @@ impl TestRequest {
         self
     }
 
-    /// Set peer addr.
+    /// Sets peer address.
     pub fn peer_addr(mut self, addr: SocketAddr) -> Self {
         self.peer_addr = Some(addr);
         self
     }
 
-    /// Set request payload.
+    /// Sets request payload.
     pub fn set_payload(mut self, data: impl Into<Bytes>) -> Self {
         self.req.set_payload(data);
         self
     }
 
-    /// Serialize `data` to a URL encoded form and set it as the request payload.
+    /// Serializes `data` to a URL encoded form and set it as the request payload.
     ///
     /// The `Content-Type` header is set to `application/x-www-form-urlencoded`.
     pub fn set_form(mut self, data: impl Serialize) -> Self {
@@ -194,7 +195,7 @@ impl TestRequest {
         self
     }
 
-    /// Serialize `data` to JSON and set it as the request payload.
+    /// Serializes `data` to JSON and set it as the request payload.
     ///
     /// The `Content-Type` header is set to `application/json`.
     pub fn set_json(mut self, data: impl Serialize) -> Self {
@@ -204,27 +205,33 @@ impl TestRequest {
         self
     }
 
-    /// Set application data. This is equivalent of `App::data()` method
+    /// Inserts application data.
-    /// for testing purpose.
+    ///
-    pub fn data<T: 'static>(mut self, data: T) -> Self {
+    /// This is equivalent of `App::app_data()` method for testing purpose.
-        self.app_data.insert(Data::new(data));
-        self
-    }
-
-    /// Set application data. This is equivalent of `App::app_data()` method
-    /// for testing purpose.
     pub fn app_data<T: 'static>(mut self, data: T) -> Self {
         self.app_data.insert(data);
         self
     }
 
+    /// Inserts application data.
+    ///
+    /// This is equivalent of `App::data()` method for testing purpose.
+    #[doc(hidden)]
+    pub fn data<T: 'static>(mut self, data: T) -> Self {
+        self.app_data.insert(Data::new(data));
+        self
+    }
+
+    /// Sets resource map.
     #[cfg(test)]
-    /// Set request config
     pub(crate) fn rmap(mut self, rmap: ResourceMap) -> Self {
         self.rmap = rmap;
         self
     }
 
+    /// Finalizes test request.
+    ///
+    /// This request builder will be useless after calling `finish()`.
     fn finish(&mut self) -> Request {
         // mut used when cookie feature is enabled
         #[allow(unused_mut)]
@@ -251,14 +258,14 @@ impl TestRequest {
         req
     }
 
-    /// Complete request creation and generate `Request` instance
+    /// Finalizes request creation and returns `Request` instance.
     pub fn to_request(mut self) -> Request {
         let mut req = self.finish();
         req.head_mut().peer_addr = self.peer_addr;
         req
     }
 
-    /// Complete request creation and generate `ServiceRequest` instance
+    /// Finalizes request creation and returns `ServiceRequest` instance.
     pub fn to_srv_request(mut self) -> ServiceRequest {
         let (mut head, payload) = self.finish().into_parts();
         head.peer_addr = self.peer_addr;
@@ -279,12 +286,12 @@ impl TestRequest {
         )
     }
 
-    /// Complete request creation and generate `ServiceResponse` instance
+    /// Finalizes request creation and returns `ServiceResponse` instance.
     pub fn to_srv_response<B>(self, res: HttpResponse<B>) -> ServiceResponse<B> {
         self.to_srv_request().into_response(res)
     }
 
-    /// Complete request creation and generate `HttpRequest` instance
+    /// Finalizes request creation and returns `HttpRequest` instance.
     pub fn to_http_request(mut self) -> HttpRequest {
         let (mut head, _) = self.finish().into_parts();
         head.peer_addr = self.peer_addr;
@@ -302,7 +309,7 @@ impl TestRequest {
         )
     }
 
-    /// Complete request creation and generate `HttpRequest` and `Payload` instances
+    /// Finalizes request creation and returns `HttpRequest` and `Payload` pair.
     pub fn to_http_parts(mut self) -> (HttpRequest, Payload) {
         let (mut head, payload) = self.finish().into_parts();
         head.peer_addr = self.peer_addr;
@@ -322,7 +329,7 @@ impl TestRequest {
         (req, payload)
     }
 
-    /// Complete request creation, calls service and waits for response future completion.
+    /// Finalizes request creation, calls service, and waits for response future completion.
     pub async fn send_request<S, B, E>(self, app: &S) -> S::Response
     where
         S: Service<Request, Response = ServiceResponse<B>, Error = E>,

actix-web/tests/test_server.rs

@@ -743,7 +743,7 @@ mod plus_rustls {
             .map(char::from)
             .collect::<String>();
 
-        let srv = actix_test::start_with(actix_test::config().rustls_021(tls_config()), || {
+        let srv = actix_test::start_with(actix_test::config().rustls_0_21(tls_config()), || {
             App::new().service(web::resource("/").route(web::to(|bytes: Bytes| async {
                 // echo decompressed request body back in response
                 HttpResponse::Ok()

awc/CHANGES.md

@@ -2,6 +2,11 @@
 
 ## Unreleased
 
+## 3.4.0
+
+- Add `rustls-0_22-webpki-roots` and `rustls-0_22-native-roots` crate feature.
+- Add `awc::Connector::rustls_0_22()` method.
+
 ## 3.3.0
 
 - Update `trust-dns-resolver` dependency to `0.23`.

awc/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "awc"
-version = "3.3.0"
+version = "3.4.0"
 authors = ["Nikolay Kim <fafhrd91@gmail.com>"]
 description = "Async HTTP and WebSocket client library"
 keywords = ["actix", "http", "framework", "async", "web"]
@@ -20,8 +20,17 @@ name = "awc"
 path = "src/lib.rs"
 
 [package.metadata.docs.rs]
-# features that docs.rs will build with
+rustdoc-args = ["--cfg", "docsrs"]
-features = ["openssl", "rustls-0_20", "rustls-0_21", "compress-brotli", "compress-gzip", "compress-zstd", "cookies"]
+features = [
+    "cookies",
+    "openssl",
+    "rustls-0_20",
+    "rustls-0_21",
+    "rustls-0_22-webpki-roots",
+    "compress-brotli",
+    "compress-gzip",
+    "compress-zstd",
+]
 
 [features]
 default = ["compress-brotli", "compress-gzip", "compress-zstd", "cookies"]
@@ -35,6 +44,10 @@ rustls = ["rustls-0_20"]
 rustls-0_20 = ["tls-rustls-0_20", "actix-tls/rustls-0_20"]
 # TLS via Rustls v0.21
 rustls-0_21 = ["tls-rustls-0_21", "actix-tls/rustls-0_21"]
+# TLS via Rustls v0.22 (WebPKI roots)
+rustls-0_22-webpki-roots = ["tls-rustls-0_22", "actix-tls/rustls-0_22-webpki-roots"]
+# TLS via Rustls v0.22 (Native roots)
+rustls-0_22-native-roots = ["tls-rustls-0_22", "actix-tls/rustls-0_22-native-roots"]
 
 # Brotli algorithm content-encoding support
 compress-brotli = ["actix-http/compress-brotli", "__compress"]
@@ -61,9 +74,9 @@ dangerous-h2c = []
 [dependencies]
 actix-codec = "0.5"
 actix-service = "2"
-actix-http = { version = "3.5", features = ["http2", "ws"] }
+actix-http = { version = "3.6", features = ["http2", "ws"] }
 actix-rt = { version = "2.1", default-features = false }
-actix-tls = { version = "3.1", features = ["connect", "uri"] }
+actix-tls = { version = "3.3", features = ["connect", "uri"] }
 actix-utils = "3"
 
 base64 = "0.21"
@@ -72,7 +85,7 @@ cfg-if = "1"
 derive_more = "0.99.5"
 futures-core = { version = "0.3.17", default-features = false, features = ["alloc"] }
 futures-util = { version = "0.3.17", default-features = false, features = ["alloc", "sink"] }
-h2 = "0.3.17"
+h2 = "0.3.24"
 http = "0.2.7"
 itoa = "1"
 log =" 0.4"
@@ -90,15 +103,16 @@ cookie = { version = "0.16", features = ["percent-encode"], optional = true }
 tls-openssl = { package = "openssl", version = "0.10.55", optional = true }
 tls-rustls-0_20 = { package = "rustls", version = "0.20", optional = true, features = ["dangerous_configuration"] }
 tls-rustls-0_21 = { package = "rustls", version = "0.21", optional = true, features = ["dangerous_configuration"] }
+tls-rustls-0_22 = { package = "rustls", version = "0.22", optional = true }
 
 trust-dns-resolver = { version = "0.23", optional = true }
 
 [dev-dependencies]
-actix-http = { version = "3.5", features = ["openssl"] }
+actix-http = { version = "3.6", features = ["openssl"] }
 actix-http-test = { version = "3", features = ["openssl"] }
 actix-server = "2"
-actix-test = { version = "0.1", features = ["openssl", "rustls-0_21"] }
+actix-test = { version = "0.1", features = ["openssl", "rustls-0_22"] }
-actix-tls = { version = "3", features = ["openssl", "rustls-0_21"] }
+actix-tls = { version = "3.3", features = ["openssl", "rustls-0_22"] }
 actix-utils = "3"
 actix-web = { version = "4", features = ["openssl"] }
 
@@ -108,11 +122,11 @@ env_logger = "0.10"
 flate2 = "1.0.13"
 futures-util = { version = "0.3.17", default-features = false }
 static_assertions = "1.1"
-rcgen = "0.11"
+rcgen = "0.12"
-rustls-pemfile = "1"
+rustls-pemfile = "2"
 tokio = { version = "1.24.2", features = ["rt-multi-thread", "macros"] }
 zstd = "0.13"
 
 [[example]]
 name = "client"
-required-features = ["rustls-0_21"]
+required-features = ["rustls-0_22-webpki-roots"]

awc/README.md

@@ -1,13 +1,17 @@
-# awc (Actix Web Client)
+# `awc` (Actix Web Client)
 
 > Async HTTP and WebSocket client library.
 
+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/awc?label=latest)](https://crates.io/crates/awc)
-[![Documentation](https://docs.rs/awc/badge.svg?version=3.3.0)](https://docs.rs/awc/3.3.0)
+[![Documentation](https://docs.rs/awc/badge.svg?version=3.4.0)](https://docs.rs/awc/3.4.0)
 ![MIT or Apache 2.0 licensed](https://img.shields.io/crates/l/awc)
-[![Dependency Status](https://deps.rs/crate/awc/3.3.0/status.svg)](https://deps.rs/crate/awc/3.3.0)
+[![Dependency Status](https://deps.rs/crate/awc/3.4.0/status.svg)](https://deps.rs/crate/awc/3.4.0)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)
 
+<!-- prettier-ignore-end -->
+
 ## Documentation & Resources
 
 - [API Documentation](https://docs.rs/awc)

awc/src/client/connector.rs

@@ -40,14 +40,23 @@ enum OurTlsConnector {
     /// Provided because building the OpenSSL context on newer versions can be very slow.
     /// This prevents unnecessary calls to `.build()` while constructing the client connector.
     #[cfg(feature = "openssl")]
-    #[allow(dead_code)] // false positive; used in build_ssl
+    #[allow(dead_code)] // false positive; used in build_tls
     OpensslBuilder(actix_tls::connect::openssl::reexports::SslConnectorBuilder),
 
     #[cfg(feature = "rustls-0_20")]
+    #[allow(dead_code)] // false positive; used in build_tls
     Rustls020(std::sync::Arc<actix_tls::connect::rustls_0_20::reexports::ClientConfig>),
 
     #[cfg(feature = "rustls-0_21")]
+    #[allow(dead_code)] // false positive; used in build_tls
     Rustls021(std::sync::Arc<actix_tls::connect::rustls_0_21::reexports::ClientConfig>),
+
+    #[cfg(any(
+        feature = "rustls-0_22-webpki-roots",
+        feature = "rustls-0_22-native-roots",
+    ))]
+    #[allow(dead_code)] // false positive; used in build_tls
+    Rustls022(std::sync::Arc<actix_tls::connect::rustls_0_22::reexports::ClientConfig>),
 }
 
 /// Manages HTTP client network connectivity.
@@ -86,67 +95,83 @@ impl Connector<()> {
         }
     }
 
-    /// Provides an empty TLS connector when no TLS feature is enabled.
+    cfg_if::cfg_if! {
-    #[cfg(not(any(feature = "openssl", feature = "rustls-0_20", feature = "rustls-0_21")))]
+        if #[cfg(any(feature = "rustls-0_22-webpki-roots", feature = "rustls-0_22-webpki-roots"))] {
-    fn build_tls(_: Vec<Vec<u8>>) -> OurTlsConnector {
+            /// Build TLS connector with Rustls v0.22, based on supplied ALPN protocols.
-        OurTlsConnector::None
+            ///
-    }
+            /// Note that if other TLS crate features are enabled, Rustls v0.22 will be used.
+            fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
+                use actix_tls::connect::rustls_0_22::{self, reexports::ClientConfig};
 
-    /// Build TLS connector with Rustls v0.21, based on supplied ALPN protocols
+                cfg_if::cfg_if! {
-    ///
+                    if #[cfg(feature = "rustls-0_22-webpki-roots")] {
-    /// Note that if other TLS crate features are enabled, Rustls v0.21 will be used.
+                        let certs = rustls_0_22::webpki_roots_cert_store();
-    #[cfg(feature = "rustls-0_21")]
+                    } else if #[cfg(feature = "rustls-0_22-native-roots")] {
-    fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
+                        let certs = rustls_0_22::native_roots_cert_store();
-        use actix_tls::connect::rustls_0_21::{reexports::ClientConfig, webpki_roots_cert_store};
+                    }
+                }
 
-        let mut config = ClientConfig::builder()
+                let mut config = ClientConfig::builder()
-            .with_safe_defaults()
+                    .with_root_certificates(certs)
-            .with_root_certificates(webpki_roots_cert_store())
+                    .with_no_client_auth();
-            .with_no_client_auth();
 
-        config.alpn_protocols = protocols;
+                config.alpn_protocols = protocols;
 
-        OurTlsConnector::Rustls021(std::sync::Arc::new(config))
+                OurTlsConnector::Rustls022(std::sync::Arc::new(config))
-    }
+            }
+        } else if #[cfg(feature = "rustls-0_21")] {
+            /// Build TLS connector with Rustls v0.21, based on supplied ALPN protocols.
+            fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
+                use actix_tls::connect::rustls_0_21::{reexports::ClientConfig, webpki_roots_cert_store};
 
-    /// Build TLS connector with Rustls v0.20, based on supplied ALPN protocols
+                let mut config = ClientConfig::builder()
-    ///
+                    .with_safe_defaults()
-    /// Note that if other TLS crate features are enabled, Rustls v0.21 will be used.
+                    .with_root_certificates(webpki_roots_cert_store())
-    #[cfg(all(feature = "rustls-0_20", not(feature = "rustls-0_21")))]
+                    .with_no_client_auth();
-    fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
-        use actix_tls::connect::rustls_0_20::{reexports::ClientConfig, webpki_roots_cert_store};
 
-        let mut config = ClientConfig::builder()
+                config.alpn_protocols = protocols;
-            .with_safe_defaults()
-            .with_root_certificates(webpki_roots_cert_store())
-            .with_no_client_auth();
 
-        config.alpn_protocols = protocols;
+                OurTlsConnector::Rustls021(std::sync::Arc::new(config))
+            }
+        } else if #[cfg(feature = "rustls-0_20")] {
+            /// Build TLS connector with Rustls v0.20, based on supplied ALPN protocols.
+            fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
+                use actix_tls::connect::rustls_0_20::{reexports::ClientConfig, webpki_roots_cert_store};
 
-        OurTlsConnector::Rustls020(std::sync::Arc::new(config))
+                let mut config = ClientConfig::builder()
-    }
+                    .with_safe_defaults()
+                    .with_root_certificates(webpki_roots_cert_store())
+                    .with_no_client_auth();
 
-    /// Build TLS connector with OpenSSL, based on supplied ALPN protocols
+                config.alpn_protocols = protocols;
-    #[cfg(all(
-        feature = "openssl",
-        not(any(feature = "rustls-0_20", feature = "rustls-0_21")),
-    ))]
-    fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
-        use actix_tls::connect::openssl::reexports::{SslConnector, SslMethod};
-        use bytes::{BufMut, BytesMut};
 
-        let mut alpn = BytesMut::with_capacity(20);
+                OurTlsConnector::Rustls020(std::sync::Arc::new(config))
-        for proto in &protocols {
+            }
-            alpn.put_u8(proto.len() as u8);
+        } else if #[cfg(feature = "openssl")] {
-            alpn.put(proto.as_slice());
+            /// Build TLS connector with OpenSSL, based on supplied ALPN protocols.
+            fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
+                use actix_tls::connect::openssl::reexports::{SslConnector, SslMethod};
+                use bytes::{BufMut, BytesMut};
+
+                let mut alpn = BytesMut::with_capacity(20);
+                for proto in &protocols {
+                    alpn.put_u8(proto.len() as u8);
+                    alpn.put(proto.as_slice());
+                }
+
+                let mut ssl = SslConnector::builder(SslMethod::tls()).unwrap();
+                if let Err(err) = ssl.set_alpn_protos(&alpn) {
+                    log::error!("Can not set ALPN protocol: {err:?}");
+                }
+
+                OurTlsConnector::OpensslBuilder(ssl)
+            }
+        } else {
+            /// Provides an empty TLS connector when no TLS feature is enabled.
+            fn build_tls(_: Vec<Vec<u8>>) -> OurTlsConnector {
+                OurTlsConnector::None
+            }
         }
-
-        let mut ssl = SslConnector::builder(SslMethod::tls()).unwrap();
-        if let Err(err) = ssl.set_alpn_protos(&alpn) {
-            log::error!("Can not set ALPN protocol: {:?}", err);
-        }
-
-        OurTlsConnector::OpensslBuilder(ssl)
     }
 }
 
@@ -240,6 +265,19 @@ where
         self
     }
 
+    /// Sets custom Rustls v0.22 `ClientConfig` instance.
+    #[cfg(any(
+        feature = "rustls-0_22-webpki-roots",
+        feature = "rustls-0_22-native-roots",
+    ))]
+    pub fn rustls_0_22(
+        mut self,
+        connector: std::sync::Arc<actix_tls::connect::rustls_0_22::reexports::ClientConfig>,
+    ) -> Self {
+        self.tls = OurTlsConnector::Rustls022(connector);
+        self
+    }
+
     /// Sets maximum supported HTTP major version.
     ///
     /// Supported versions are HTTP/1.1 and HTTP/2.
@@ -509,6 +547,42 @@ where
 
                 Some(actix_service::boxed::rc_service(tls_service))
             }
+
+            #[cfg(any(
+                feature = "rustls-0_22-webpki-roots",
+                feature = "rustls-0_22-native-roots",
+            ))]
+            OurTlsConnector::Rustls022(tls) => {
+                const H2: &[u8] = b"h2";
+
+                use actix_tls::connect::rustls_0_22::{reexports::AsyncTlsStream, TlsConnector};
+
+                impl<Io: ConnectionIo> IntoConnectionIo for TcpConnection<Uri, AsyncTlsStream<Io>> {
+                    fn into_connection_io(self) -> (Box<dyn ConnectionIo>, Protocol) {
+                        let sock = self.into_parts().0;
+                        let h2 = sock
+                            .get_ref()
+                            .1
+                            .alpn_protocol()
+                            .map_or(false, |protos| protos.windows(2).any(|w| w == H2));
+                        if h2 {
+                            (Box::new(sock), Protocol::Http2)
+                        } else {
+                            (Box::new(sock), Protocol::Http1)
+                        }
+                    }
+                }
+
+                let handshake_timeout = self.config.handshake_timeout;
+
+                let tls_service = TlsConnectorService {
+                    tcp_service: tcp_service_inner,
+                    tls_service: TlsConnector::service(tls),
+                    timeout: handshake_timeout,
+                };
+
+                Some(actix_service::boxed::rc_service(tls_service))
+            }
         };
 
         let tcp_config = self.config.no_disconnect_timeout();

awc/tests/test_rustls_client.rs

@@ -1,6 +1,6 @@
-#![cfg(feature = "rustls-0_21")]
+#![cfg(feature = "rustls-0_22-webpki-roots")]
 
-extern crate tls_rustls_0_21 as rustls;
+extern crate tls_rustls_0_22 as rustls;
 
 use std::{
     io::BufReader,
@@ -8,18 +8,17 @@ use std::{
         atomic::{AtomicUsize, Ordering},
         Arc,
     },
-    time::SystemTime,
 };
 
 use actix_http::HttpService;
 use actix_http_test::test_server;
 use actix_service::{fn_service, map_config, ServiceFactoryExt};
-use actix_tls::connect::rustls_0_21::webpki_roots_cert_store;
+use actix_tls::connect::rustls_0_22::webpki_roots_cert_store;
 use actix_utils::future::ok;
 use actix_web::{dev::AppConfig, http::Version, web, App, HttpResponse};
 use rustls::{
-    client::{ServerCertVerified, ServerCertVerifier},
+    pki_types::{CertificateDer, PrivateKeyDer, ServerName},
-    Certificate, ClientConfig, PrivateKey, ServerConfig, ServerName,
+    ClientConfig, ServerConfig,
 };
 use rustls_pemfile::{certs, pkcs8_private_keys};
 
@@ -31,36 +30,62 @@ fn tls_config() -> ServerConfig {
     let cert_file = &mut BufReader::new(cert_file.as_bytes());
     let key_file = &mut BufReader::new(key_file.as_bytes());
 
-    let cert_chain = certs(cert_file)
+    let cert_chain = certs(cert_file).collect::<Result<Vec<_>, _>>().unwrap();
-        .unwrap()
+    let mut keys = pkcs8_private_keys(key_file)
-        .into_iter()
+        .collect::<Result<Vec<_>, _>>()
-        .map(Certificate)
+        .unwrap();
-        .collect();
-    let mut keys = pkcs8_private_keys(key_file).unwrap();
 
     ServerConfig::builder()
-        .with_safe_defaults()
         .with_no_client_auth()
-        .with_single_cert(cert_chain, PrivateKey(keys.remove(0)))
+        .with_single_cert(cert_chain, PrivateKeyDer::Pkcs8(keys.remove(0)))
         .unwrap()
 }
 
 mod danger {
+    use rustls::{
+        client::danger::{ServerCertVerified, ServerCertVerifier},
+        pki_types::UnixTime,
+    };
+
     use super::*;
 
+    #[derive(Debug)]
     pub struct NoCertificateVerification;
 
     impl ServerCertVerifier for NoCertificateVerification {
         fn verify_server_cert(
             &self,
-            _end_entity: &Certificate,
+            _end_entity: &CertificateDer<'_>,
-            _intermediates: &[Certificate],
+            _intermediates: &[CertificateDer<'_>],
-            _server_name: &ServerName,
+            _server_name: &ServerName<'_>,
-            _scts: &mut dyn Iterator<Item = &[u8]>,
             _ocsp_response: &[u8],
-            _now: SystemTime,
+            _now: UnixTime,
         ) -> Result<ServerCertVerified, rustls::Error> {
-            Ok(ServerCertVerified::assertion())
+            Ok(rustls::client::danger::ServerCertVerified::assertion())
+        }
+
+        fn verify_tls12_signature(
+            &self,
+            _message: &[u8],
+            _cert: &CertificateDer<'_>,
+            _dss: &rustls::DigitallySignedStruct,
+        ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
+            Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
+        }
+
+        fn verify_tls13_signature(
+            &self,
+            _message: &[u8],
+            _cert: &CertificateDer<'_>,
+            _dss: &rustls::DigitallySignedStruct,
+        ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
+            Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
+        }
+
+        fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
+            rustls::crypto::ring::default_provider()
+                .signature_verification_algorithms
+                .supported_schemes()
         }
     }
 }
@@ -82,14 +107,13 @@ async fn test_connection_reuse_h2() {
                     App::new().service(web::resource("/").route(web::to(HttpResponse::Ok))),
                     |_| AppConfig::default(),
                 ))
-                .rustls_021(tls_config())
+                .rustls_0_22(tls_config())
                 .map_err(|_| ()),
         )
     })
     .await;
 
     let mut config = ClientConfig::builder()
-        .with_safe_defaults()
         .with_root_certificates(webpki_roots_cert_store())
         .with_no_client_auth();
 
@@ -102,7 +126,7 @@ async fn test_connection_reuse_h2() {
         .set_certificate_verifier(Arc::new(danger::NoCertificateVerification));
 
     let client = awc::Client::builder()
-        .connector(awc::Connector::new().rustls_021(Arc::new(config)))
+        .connector(awc::Connector::new().rustls_0_22(Arc::new(config)))
         .finish();
 
     // req 1

justfile

@@ -1,6 +1,11 @@
 _list:
     @just --list
 
+# Format workspace.
+fmt:
+    cargo +nightly fmt
+    npx -y prettier --write $(fd --type=file --hidden --extension=md --extension=yml)
+
 # Document crates in workspace.
 doc:
     RUSTDOCFLAGS="--cfg=docsrs" cargo +nightly doc --no-deps --workspace --features=rustls,openssl
@@ -9,3 +14,8 @@ doc:
 doc-watch:
     RUSTDOCFLAGS="--cfg=docsrs" cargo +nightly doc --no-deps --workspace --features=rustls,openssl --open
     cargo watch -- RUSTDOCFLAGS="--cfg=docsrs" cargo +nightly doc --no-deps --workspace --features=rustls,openssl
+
+# Update READMEs from crate root documentation.
+update-readmes: && fmt
+    cd ./actix-files && cargo rdme --force
+    cd ./actix-router && cargo rdme --force

scripts/bump

@@ -113,16 +113,23 @@ read -p "Update all references: (y/N) " UPDATE_REFERENCES
 UPDATE_REFERENCES="${UPDATE_REFERENCES:-n}"
 
 if [ "$UPDATE_REFERENCES" = 'y' ] || [ "$UPDATE_REFERENCES" = 'Y' ]; then
+    if [[ $NEW_VERSION == *".0.0" ]]; then
+        NEW_VERSION_SPEC="${NEW_VERSION%.0.0}"
+    elif [[ $NEW_VERSION == *".0" ]]; then
+        NEW_VERSION_SPEC="${NEW_VERSION%.0}"
+    else
+        NEW_VERSION_SPEC="$NEW_VERSION"
+    fi
 
     for f in $(fd Cargo.toml); do
         sed -i.bak -E \
-            "s/^(${PACKAGE_NAME} ?= ?\")[^\"]+(\")$/\1${NEW_VERSION}\2/g" $f
+            "s/^(${PACKAGE_NAME} ?= ?\")[^\"]+(\")$/\1${NEW_VERSION_SPEC}\2/g" $f
         sed -i.bak -E \
-            "s/^(${PACKAGE_NAME} ?=.*version ?= ?\")[^\"]+(\".*)$/\1${NEW_VERSION}\2/g" $f
+            "s/^(${PACKAGE_NAME} ?=.*version ?= ?\")[^\"]+(\".*)$/\1${NEW_VERSION_SPEC}\2/g" $f
         sed -i.bak -E \
-            "s/^(.*package ?= ?\"${PACKAGE_NAME}\".*version ?= ?\")[^\"]+(\".*)$/\1${NEW_VERSION}\2/g" $f
+            "s/^(.*package ?= ?\"${PACKAGE_NAME}\".*version ?= ?\")[^\"]+(\".*)$/\1${NEW_VERSION_SPEC}\2/g" $f
         sed -i.bak -E \
-            "s/^(.*version ?= ?\")[^\"]+(\".*package ?= ?\"${PACKAGE_NAME}\".*)$/\1${NEW_VERSION}\2/g" $f
+            "s/^(.*version ?= ?\")[^\"]+(\".*package ?= ?\"${PACKAGE_NAME}\".*)$/\1${NEW_VERSION_SPEC}\2/g" $f
 
         # remove backup file
         rm -f $f.bak