chore(actix-http-test): prepare release 3.2.0

chore(actix-test): prepare release 0.1.3
chore(actix-web-actors): prepare release 4.3.0
2025-07-03 17:41:30 +02:00 · 2024-02-04 00:34:00 +00:00 · 2024-02-04 00:33:42 +00:00 · 2024-02-04 00:33:38 +00:00 · 2024-02-04 00:32:57 +00:00 · 2024-02-04 00:32:28 +00:00
57 changed files with 952 additions and 312 deletions
--- a/.cargo/config.toml
+++ b/.cargo/config.toml
@ -1,6 +1,6 @@
 [alias]
-lint = "clippy --workspace --tests --examples --bins -- -Dclippy::todo"
-lint-all = "clippy --workspace --all-features --tests --examples --bins -- -Dclippy::todo"
+lint = "clippy --workspace --all-targets -- -Dclippy::todo"
+lint-all = "clippy --workspace --all-features --all-targets -- -Dclippy::todo"

 # lib checking
 ci-check-min = "hack --workspace check --no-default-features"
--- a/.github/workflows/ci-post-merge.yml
+++ b/.github/workflows/ci-post-merge.yml
@ -32,22 +32,22 @@ jobs:

      - name: Install OpenSSL
        if: matrix.target.os == 'windows-latest'
-        run: choco install openssl -y --forcex64 --no-progress
-      - name: Set OpenSSL dir in env
-        if: matrix.target.os == 'windows-latest'
+        shell: bash
        run: |
-          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL-Win64' | Out-File -FilePath $env:GITHUB_ENV -Append
-          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL' | Out-File -FilePath $env:GITHUB_ENV -Append
+          set -e
+          choco install openssl --version=1.1.1.2100 -y --no-progress
+          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL' >> $GITHUB_ENV
+          echo "RUSTFLAGS=-C target-feature=+crt-static" >> $GITHUB_ENV

      - name: Install Rust (${{ matrix.version.name }})
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
        with:
          toolchain: ${{ matrix.version.version }}

-      - name: Install cargo-hack
-        uses: taiki-e/install-action@v2.23.7
+      - name: Install cargo-hack and cargo-ci-cache-clean
+        uses: taiki-e/install-action@v2.26.8
        with:
-          tool: cargo-hack
+          tool: cargo-hack,cargo-ci-cache-clean

      - name: check minimal
        run: cargo ci-check-min
@ -57,10 +57,12 @@ jobs:

      - name: tests
        timeout-minutes: 60
+        shell: bash
        run: |
+          set -e
          cargo test --lib --tests -p=actix-router --all-features
          cargo test --lib --tests -p=actix-http --all-features
-          cargo test --lib --tests -p=actix-web --features=rustls-0_20,rustls-0_21,openssl -- --skip=test_reading_deflate_encoding_large_random_rustls
+          cargo test --lib --tests -p=actix-web --features=rustls-0_20,rustls-0_21,rustls-0_22,openssl -- --skip=test_reading_deflate_encoding_large_random_rustls
          cargo test --lib --tests -p=actix-web-codegen --all-features
          cargo test --lib --tests -p=awc --all-features
          cargo test --lib --tests -p=actix-http-test --all-features
@ -69,10 +71,8 @@ jobs:
          cargo test --lib --tests -p=actix-multipart --all-features
          cargo test --lib --tests -p=actix-web-actors --all-features

-      - name: Clear the cargo caches
-        run: |
-          cargo --locked install cargo-cache --version 0.8.3 --no-default-features --features ci-autoclean
-          cargo-cache
+      - name: CI cache clean
+        run: cargo-ci-cache-clean

  ci_feature_powerset_check:
    name: Verify Feature Combinations
@ -82,10 +82,10 @@ jobs:
      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0

      - name: Install cargo-hack
-        uses: taiki-e/install-action@v2.23.7
+        uses: taiki-e/install-action@v2.26.8
        with:
          tool: cargo-hack

@ -103,10 +103,10 @@ jobs:
      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0

      - name: Install nextest
-        uses: taiki-e/install-action@v2.23.7
+        uses: taiki-e/install-action@v2.26.8
        with:
          tool: nextest

--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -37,26 +37,28 @@ jobs:

      - name: Install OpenSSL
        if: matrix.target.os == 'windows-latest'
-        run: choco install openssl -y --forcex64 --no-progress
-      - name: Set OpenSSL dir in env
-        if: matrix.target.os == 'windows-latest'
+        shell: bash
        run: |
-          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL-Win64' | Out-File -FilePath $env:GITHUB_ENV -Append
-          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL' | Out-File -FilePath $env:GITHUB_ENV -Append
+          set -e
+          choco install openssl --version=1.1.1.2100 -y --no-progress
+          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL' >> $GITHUB_ENV
+          echo "RUSTFLAGS=-C target-feature=+crt-static" >> $GITHUB_ENV

      - name: Install Rust (${{ matrix.version.name }})
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
        with:
          toolchain: ${{ matrix.version.version }}

-      - name: Install cargo-hack
-        uses: taiki-e/install-action@v2.23.7
+      - name: Install cargo-hack and cargo-ci-cache-clean
+        uses: taiki-e/install-action@v2.26.8
        with:
-          tool: cargo-hack
+          tool: cargo-hack,cargo-ci-cache-clean

      - name: workaround MSRV issues
        if: matrix.version.name == 'msrv'
        run: |
+          cargo update -p=ciborium --precise=0.2.1
+          cargo update -p=ciborium-ll --precise=0.2.1
          cargo update -p=clap --precise=4.3.24
          cargo update -p=clap_lex --precise=0.5.0
          cargo update -p=anstyle --precise=1.0.2
@ -69,10 +71,12 @@ jobs:

      - name: tests
        timeout-minutes: 60
+        shell: bash
        run: |
+          set -e
          cargo test --lib --tests -p=actix-router --all-features
          cargo test --lib --tests -p=actix-http --all-features
-          cargo test --lib --tests -p=actix-web --features=rustls-0_20,rustls-0_21,openssl -- --skip=test_reading_deflate_encoding_large_random_rustls
+          cargo test --lib --tests -p=actix-web --features=rustls-0_20,rustls-0_21,rustls-0_22,openssl -- --skip=test_reading_deflate_encoding_large_random_rustls
          cargo test --lib --tests -p=actix-web-codegen --all-features
          cargo test --lib --tests -p=awc --all-features
          cargo test --lib --tests -p=actix-http-test --all-features
@ -81,10 +85,8 @@ jobs:
          cargo test --lib --tests -p=actix-multipart --all-features
          cargo test --lib --tests -p=actix-web-actors --all-features

-      - name: Clear the cargo caches
-        run: |
-          cargo --locked install cargo-cache --version 0.8.3 --no-default-features --features ci-autoclean
-          cargo-cache
+      - name: CI cache clean
+        run: cargo-ci-cache-clean

  io-uring:
    name: io-uring tests
@ -93,7 +95,7 @@ jobs:
      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
        with:
          toolchain: nightly

@ -109,7 +111,7 @@ jobs:
      - uses: actions/checkout@v4

      - name: Install Rust (nightly)
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
        with:
          toolchain: nightly

--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@ -18,12 +18,12 @@ jobs:
      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
        with:
          components: llvm-tools-preview

      - name: Install cargo-llvm-cov
-        uses: taiki-e/install-action@v2.23.7
+        uses: taiki-e/install-action@v2.26.8
        with:
          tool: cargo-llvm-cov

@ -31,7 +31,9 @@ jobs:
        run: cargo llvm-cov --workspace --all-features --codecov --output-path codecov.json

      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3.1.4
+        uses: codecov/codecov-action@v4.0.0
        with:
          files: codecov.json
          fail_ci_if_error: true
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -17,12 +17,13 @@ jobs:
    steps:
      - uses: actions/checkout@v4

-      - uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+      - name: Install Rust (nightly)
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
        with:
          toolchain: nightly
          components: rustfmt

-      - name: Check with rustfmt
+      - name: Check with Rustfmt
        run: cargo fmt --all -- --check

  clippy:
@ -35,7 +36,7 @@ jobs:
      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
        with:
          components: clippy

@ -53,7 +54,8 @@ jobs:
    steps:
      - uses: actions/checkout@v4

-      - uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+      - name: Install Rust (nightly)
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
        with:
          toolchain: nightly
          components: rust-docs
@ -66,21 +68,25 @@ jobs:
  public-api-diff:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - name: Checkout main branch
+        uses: actions/checkout@v4
        with:
          ref: ${{ github.base_ref }}

-      - uses: actions/checkout@v4
+      - name: Checkout PR branch
+        uses: actions/checkout@v4

-      - uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+      - name: Install Rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
        with:
          toolchain: nightly-2023-08-25

-      - uses: taiki-e/cache-cargo-install-action@v1.3.0
+      - name: Install cargo-public-api
+        uses: taiki-e/install-action@v2.26.8
        with:
          tool: cargo-public-api

-      - name: generate API diff
+      - name: Generate API diff
        run: |
          for f in $(find -mindepth 2 -maxdepth 2 -name Cargo.toml); do
            cargo public-api --manifest-path "$f" diff ${{ github.event.pull_request.base.sha }}..${{ github.sha }}
--- a/.github/workflows/upload-doc.yml
+++ b/.github/workflows/upload-doc.yml
@ -22,7 +22,7 @@ jobs:
      - uses: actions/checkout@v4

      - name: Install Rust
-        uses: actions-rust-lang/setup-rust-toolchain@v1.6.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
        with:
          toolchain: nightly

--- a/.prettierrc.yml
+++ b/.prettierrc.yml
@ -1,5 +1,5 @@
 overrides:
-  - files: '*.md'
+  - files: "*.md"
    options:
      printWidth: 9999
      proseWrap: never
--- a/actix-files/CHANGES.md
+++ b/actix-files/CHANGES.md
@ -2,6 +2,10 @@

 ## Unreleased

+## 0.6.5
+
+- Fix handling of special characters in filenames.
+
 ## 0.6.4

 - Fix handling of newlines in filenames.
--- a/actix-files/Cargo.toml
+++ b/actix-files/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "actix-files"
-version = "0.6.4"
+version = "0.6.5"
 authors = [
    "Nikolay Kim <fafhrd91@gmail.com>",
    "Rob Ede <robjtede@icloud.com>",
--- a/actix-files/README.md
+++ b/actix-files/README.md
@ -1,18 +1,32 @@
-# actix-files
+# `actix-files`

-> Static file serving for Actix Web
+<!-- prettier-ignore-start -->

 [![crates.io](https://img.shields.io/crates/v/actix-files?label=latest)](https://crates.io/crates/actix-files)
-[![Documentation](https://docs.rs/actix-files/badge.svg?version=0.6.4)](https://docs.rs/actix-files/0.6.4)
+[![Documentation](https://docs.rs/actix-files/badge.svg?version=0.6.5)](https://docs.rs/actix-files/0.6.5)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
 ![License](https://img.shields.io/crates/l/actix-files.svg)
 <br />
-[![dependency status](https://deps.rs/crate/actix-files/0.6.4/status.svg)](https://deps.rs/crate/actix-files/0.6.4)
+[![dependency status](https://deps.rs/crate/actix-files/0.6.5/status.svg)](https://deps.rs/crate/actix-files/0.6.5)
 [![Download](https://img.shields.io/crates/d/actix-files.svg)](https://crates.io/crates/actix-files)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)

-## Documentation & Resources
+<!-- prettier-ignore-end -->

- [API Documentation](https://docs.rs/actix-files)
- [Example Project](https://github.com/actix/examples/tree/master/basics/static-files)
- Minimum Supported Rust Version (MSRV): 1.68
+<!-- cargo-rdme start -->
+
+Static file serving for Actix Web.
+
+Provides a non-blocking service for serving static files from disk.
+
+## Examples
+
+```rust
+use actix_web::App;
+use actix_files::Files;
+
+let app = App::new()
+    .service(Files::new("/static", ".").prefer_utf8(true));
+```
+
+<!-- cargo-rdme end -->
--- a/actix-files/src/lib.rs
+++ b/actix-files/src/lib.rs
@ -568,19 +568,22 @@ mod tests {
        assert_eq!(bytes, data);
    }

+    #[cfg(not(target_os = "windows"))]
    #[actix_rt::test]
-    async fn test_static_files_with_newlines() {
+    async fn test_static_files_with_special_characters() {
        // Create the file we want to test against ad-hoc. We can't check it in as otherwise
        // Windows can't even checkout this repository.
        let temp_dir = tempfile::tempdir().unwrap();
-        let file_with_newlines = temp_dir.path().join("test\nnewline.text");
+        let file_with_newlines = temp_dir.path().join("test\n\x0B\x0C\rnewline.text");
        fs::write(&file_with_newlines, "Look at my newlines").unwrap();

        let srv = test::init_service(
            App::new().service(Files::new("/", temp_dir.path()).index_file("Cargo.toml")),
        )
        .await;
-        let request = TestRequest::get().uri("/test%0Anewline.text").to_request();
+        let request = TestRequest::get()
+            .uri("/test%0A%0B%0C%0Dnewline.text")
+            .to_request();
        let response = test::call_service(&srv, request).await;
        assert_eq!(response.status(), StatusCode::OK);

--- a/actix-files/src/named.rs
+++ b/actix-files/src/named.rs
@ -139,8 +139,12 @@ impl NamedFile {
                _ => DispositionType::Attachment,
            };

-            // Replace newlines in filenames which could occur on some filesystems.
-            let filename_s = filename.replace('\n', "%0A");
+            // replace special characters in filenames which could occur on some filesystems
+            let filename_s = filename
+                .replace('\n', "%0A") // \n line break
+                .replace('\x0B', "%0B") // \v vertical tab
+                .replace('\x0C', "%0C") // \f form feed
+                .replace('\r', "%0D"); // \r carriage return
            let mut parameters = vec![DispositionParam::Filename(filename_s)];

            if !filename.is_ascii() {
--- a/actix-http-test/CHANGES.md
+++ b/actix-http-test/CHANGES.md
@ -2,6 +2,8 @@

 ## Unreleased

+## 3.2.0
+
 - Minimum supported Rust version (MSRV) is now 1.68 due to transitive `time` dependency.

 ## 3.1.0
--- a/actix-http-test/Cargo.toml
+++ b/actix-http-test/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "actix-http-test"
-version = "3.1.0"
+version = "3.2.0"
 authors = ["Nikolay Kim <fafhrd91@gmail.com>"]
 description = "Various helpers for Actix applications to use during testing"
 keywords = ["http", "web", "framework", "async", "futures"]
--- a/actix-http-test/README.md
+++ b/actix-http-test/README.md
@ -1,16 +1,20 @@
-# actix-http-test
+# `actix-http-test`

 > Various helpers for Actix applications to use during testing.

+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-http-test?label=latest)](https://crates.io/crates/actix-http-test)
-[![Documentation](https://docs.rs/actix-http-test/badge.svg?version=3.1.0)](https://docs.rs/actix-http-test/3.1.0)
+[![Documentation](https://docs.rs/actix-http-test/badge.svg?version=3.2.0)](https://docs.rs/actix-http-test/3.2.0)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
 ![MIT or Apache 2.0 licensed](https://img.shields.io/crates/l/actix-http-test)
 <br>
-[![Dependency Status](https://deps.rs/crate/actix-http-test/3.1.0/status.svg)](https://deps.rs/crate/actix-http-test/3.1.0)
+[![Dependency Status](https://deps.rs/crate/actix-http-test/3.2.0/status.svg)](https://deps.rs/crate/actix-http-test/3.2.0)
 [![Download](https://img.shields.io/crates/d/actix-http-test.svg)](https://crates.io/crates/actix-http-test)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)

+<!-- prettier-ignore-end -->
+
 ## Documentation & Resources

 - [API Documentation](https://docs.rs/actix-http-test)
--- a/actix-http/CHANGES.md
+++ b/actix-http/CHANGES.md
@ -2,6 +2,14 @@

 ## Unreleased

+## 3.6.0
+
+### Added
+
+- Add `rustls-0_22` crate feature.
+- Add `{h1::H1Service, h2::H2Service, HttpService}::rustls_0_22()` and `HttpService::rustls_0_22_with_config()` service constructors.
+- Implement `From<&HeaderMap>` for `http::HeaderMap`.
+
 ## 3.5.1

 ### Fixed
--- a/actix-http/Cargo.toml
+++ b/actix-http/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "actix-http"
-version = "3.5.1"
+version = "3.6.0"
 authors = [
    "Nikolay Kim <fafhrd91@gmail.com>",
    "Rob Ede <robjtede@icloud.com>",
@ -20,8 +20,18 @@ edition.workspace = true
 rust-version.workspace = true

 [package.metadata.docs.rs]
-# features that docs.rs will build with
-features = ["http2", "ws", "openssl", "rustls-0_20", "rustls-0_21", "compress-brotli", "compress-gzip", "compress-zstd"]
+rustdoc-args = ["--cfg", "docsrs"]
+features = [
+    "http2",
+    "ws",
+    "openssl",
+    "rustls-0_20",
+    "rustls-0_21",
+    "rustls-0_22",
+    "compress-brotli",
+    "compress-gzip",
+    "compress-zstd",
+]

 [lib]
 name = "actix_http"
@ -53,6 +63,9 @@ rustls-0_20 = ["actix-tls/accept", "actix-tls/rustls-0_20"]
 # TLS via Rustls v0.21
 rustls-0_21 = ["actix-tls/accept", "actix-tls/rustls-0_21"]

+# TLS via Rustls v0.22
+rustls-0_22 = ["actix-tls/accept", "actix-tls/rustls-0_22"]
+
 # Compression codecs
 compress-brotli = ["__compress", "brotli"]
 compress-gzip   = ["__compress", "flate2"]
@ -89,7 +102,7 @@ tokio-util = { version = "0.7", features = ["io", "codec"] }
 tracing = { version = "0.1.30", default-features = false, features = ["log"] }

 # http2
-h2 = { version = "0.3.17", optional = true }
+h2 = { version = "0.3.24", optional = true }

 # websockets
 local-channel = { version = "0.1", optional = true }
@ -98,7 +111,7 @@ rand = { version = "0.8", optional = true }
 sha1 = { version = "0.10", optional = true }

 # openssl/rustls
-actix-tls = { version = "3.1", default-features = false, optional = true }
+actix-tls = { version = "3.3", default-features = false, optional = true }

 # compress-*
 brotli = { version = "3.3.3", optional = true }
@ -108,7 +121,7 @@ zstd = { version = "0.13", optional = true }
 [dev-dependencies]
 actix-http-test = { version = "3", features = ["openssl"] }
 actix-server = "2"
-actix-tls = { version = "3.1", features = ["openssl"] }
+actix-tls = { version = "3.3", features = ["openssl", "rustls-0_22-webpki-roots"] }
 actix-web = "4"

 async-stream = "0.3"
@ -117,24 +130,24 @@ env_logger = "0.10"
 futures-util = { version = "0.3.17", default-features = false, features = ["alloc"] }
 memchr = "2.4"
 once_cell = "1.9"
-rcgen = "0.11"
+rcgen = "0.12"
 regex = "1.3"
 rustversion = "1"
-rustls-pemfile = "1"
+rustls-pemfile = "2"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 static_assertions = "1"
 tls-openssl = { package = "openssl", version = "0.10.55" }
-tls-rustls_021 = { package = "rustls", version = "0.21" }
+tls-rustls_022 = { package = "rustls", version = "0.22" }
 tokio = { version = "1.24.2", features = ["net", "rt", "macros"] }

 [[example]]
 name = "ws"
-required-features = ["ws", "rustls-0_21"]
+required-features = ["ws", "rustls-0_22"]

 [[example]]
 name = "tls_rustls"
-required-features = ["http2", "rustls-0_21"]
+required-features = ["http2", "rustls-0_22"]

 [[bench]]
 name = "response-body-compression"
--- a/actix-http/README.md
+++ b/actix-http/README.md
@ -5,11 +5,11 @@
 <!-- prettier-ignore-start -->

 [![crates.io](https://img.shields.io/crates/v/actix-http?label=latest)](https://crates.io/crates/actix-http)
-[![Documentation](https://docs.rs/actix-http/badge.svg?version=3.5.1)](https://docs.rs/actix-http/3.5.1)
+[![Documentation](https://docs.rs/actix-http/badge.svg?version=3.6.0)](https://docs.rs/actix-http/3.6.0)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
 ![MIT or Apache 2.0 licensed](https://img.shields.io/crates/l/actix-http.svg)
 <br />
-[![dependency status](https://deps.rs/crate/actix-http/3.5.1/status.svg)](https://deps.rs/crate/actix-http/3.5.1)
+[![dependency status](https://deps.rs/crate/actix-http/3.6.0/status.svg)](https://deps.rs/crate/actix-http/3.6.0)
 [![Download](https://img.shields.io/crates/d/actix-http.svg)](https://crates.io/crates/actix-http)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)

--- a/actix-http/examples/tls_rustls.rs
+++ b/actix-http/examples/tls_rustls.rs
@ -12,7 +12,7 @@
 //! Protocol: HTTP/1.1
 //! ```

-extern crate tls_rustls_021 as rustls;
+extern crate tls_rustls_022 as rustls;

 use std::io;

@ -36,7 +36,7 @@ async fn main() -> io::Result<()> {
                    );
                    ok::<_, Error>(Response::ok().set_body(body))
                })
-                .rustls_021(rustls_config())
+                .rustls_0_22(rustls_config())
        })?
        .run()
        .await
@ -51,16 +51,18 @@ fn rustls_config() -> rustls::ServerConfig {
    let key_file = &mut io::BufReader::new(key_file.as_bytes());

    let cert_chain = rustls_pemfile::certs(cert_file)
-        .unwrap()
-        .into_iter()
-        .map(rustls::Certificate)
-        .collect();
-    let mut keys = rustls_pemfile::pkcs8_private_keys(key_file).unwrap();
+        .collect::<Result<Vec<_>, _>>()
+        .unwrap();
+    let mut keys = rustls_pemfile::pkcs8_private_keys(key_file)
+        .collect::<Result<Vec<_>, _>>()
+        .unwrap();

    let mut config = rustls::ServerConfig::builder()
-        .with_safe_defaults()
        .with_no_client_auth()
-        .with_single_cert(cert_chain, rustls::PrivateKey(keys.remove(0)))
+        .with_single_cert(
+            cert_chain,
+            rustls::pki_types::PrivateKeyDer::Pkcs8(keys.remove(0)),
+        )
        .unwrap();

    const H1_ALPN: &[u8] = b"http/1.1";
--- a/actix-http/examples/ws.rs
+++ b/actix-http/examples/ws.rs
@ -1,7 +1,7 @@
 //! Sets up a WebSocket server over TCP and TLS.
 //! Sends a heartbeat message every 4 seconds but does not respond to any incoming frames.

-extern crate tls_rustls_021 as rustls;
+extern crate tls_rustls_022 as rustls;

 use std::{
    io,
@ -30,7 +30,7 @@ async fn main() -> io::Result<()> {
        .bind("tls", ("127.0.0.1", 8443), || {
            HttpService::build()
                .finish(handler)
-                .rustls_021(tls_config())
+                .rustls_0_22(tls_config())
        })?
        .run()
        .await
@ -85,7 +85,6 @@ impl Stream for Heartbeat {
 fn tls_config() -> rustls::ServerConfig {
    use std::io::BufReader;

-    use rustls::{Certificate, PrivateKey};
    use rustls_pemfile::{certs, pkcs8_private_keys};

    let cert = rcgen::generate_simple_self_signed(vec!["localhost".to_owned()]).unwrap();
@ -95,17 +94,17 @@ fn tls_config() -> rustls::ServerConfig {
    let cert_file = &mut BufReader::new(cert_file.as_bytes());
    let key_file = &mut BufReader::new(key_file.as_bytes());

-    let cert_chain = certs(cert_file)
-        .unwrap()
-        .into_iter()
-        .map(Certificate)
-        .collect();
-    let mut keys = pkcs8_private_keys(key_file).unwrap();
+    let cert_chain = certs(cert_file).collect::<Result<Vec<_>, _>>().unwrap();
+    let mut keys = pkcs8_private_keys(key_file)
+        .collect::<Result<Vec<_>, _>>()
+        .unwrap();

    let mut config = rustls::ServerConfig::builder()
-        .with_safe_defaults()
        .with_no_client_auth()
-        .with_single_cert(cert_chain, PrivateKey(keys.remove(0)))
+        .with_single_cert(
+            cert_chain,
+            rustls::pki_types::PrivateKeyDer::Pkcs8(keys.remove(0)),
+        )
        .unwrap();

    config.alpn_protocols.push(b"http/1.1".to_vec());
--- a/actix-http/src/h1/service.rs
+++ b/actix-http/src/h1/service.rs
@ -153,7 +153,7 @@ mod openssl {
 }

 #[cfg(feature = "rustls-0_20")]
-mod rustls_020 {
+mod rustls_0_20 {
    use std::io;

    use actix_service::ServiceFactoryExt as _;
@ -214,7 +214,7 @@ mod rustls_020 {
 }

 #[cfg(feature = "rustls-0_21")]
-mod rustls_021 {
+mod rustls_0_21 {
    use std::io;

    use actix_service::ServiceFactoryExt as _;
@ -274,6 +274,67 @@ mod rustls_021 {
    }
 }

+#[cfg(feature = "rustls-0_22")]
+mod rustls_0_22 {
+    use std::io;
+
+    use actix_service::ServiceFactoryExt as _;
+    use actix_tls::accept::{
+        rustls_0_22::{reexports::ServerConfig, Acceptor, TlsStream},
+        TlsError,
+    };
+
+    use super::*;
+
+    impl<S, B, X, U> H1Service<TlsStream<TcpStream>, S, B, X, U>
+    where
+        S: ServiceFactory<Request, Config = ()>,
+        S::Future: 'static,
+        S::Error: Into<Response<BoxBody>>,
+        S::InitError: fmt::Debug,
+        S::Response: Into<Response<B>>,
+
+        B: MessageBody,
+
+        X: ServiceFactory<Request, Config = (), Response = Request>,
+        X::Future: 'static,
+        X::Error: Into<Response<BoxBody>>,
+        X::InitError: fmt::Debug,
+
+        U: ServiceFactory<
+            (Request, Framed<TlsStream<TcpStream>, Codec>),
+            Config = (),
+            Response = (),
+        >,
+        U::Future: 'static,
+        U::Error: fmt::Display + Into<Response<BoxBody>>,
+        U::InitError: fmt::Debug,
+    {
+        /// Create Rustls v0.22 based service.
+        pub fn rustls_0_22(
+            self,
+            config: ServerConfig,
+        ) -> impl ServiceFactory<
+            TcpStream,
+            Config = (),
+            Response = (),
+            Error = TlsError<io::Error, DispatchError>,
+            InitError = (),
+        > {
+            Acceptor::new(config)
+                .map_init_err(|_| {
+                    unreachable!("TLS acceptor service factory does not error on init")
+                })
+                .map_err(TlsError::into_service_error)
+                .map(|io: TlsStream<TcpStream>| {
+                    let peer_addr = io.get_ref().0.peer_addr().ok();
+                    (io, peer_addr)
+                })
+                .and_then(self.map_err(TlsError::Service))
+        }
+    }
+}
+
 impl<T, S, B, X, U> H1Service<T, S, B, X, U>
 where
    S: ServiceFactory<Request, Config = ()>,
--- a/actix-http/src/h2/service.rs
+++ b/actix-http/src/h2/service.rs
@ -141,7 +141,7 @@ mod openssl {
 }

 #[cfg(feature = "rustls-0_20")]
-mod rustls_020 {
+mod rustls_0_20 {
    use std::io;

    use actix_service::ServiceFactoryExt as _;
@ -192,7 +192,7 @@ mod rustls_020 {
 }

 #[cfg(feature = "rustls-0_21")]
-mod rustls_021 {
+mod rustls_0_21 {
    use std::io;

    use actix_service::ServiceFactoryExt as _;
@ -242,6 +242,57 @@ mod rustls_021 {
    }
 }

+#[cfg(feature = "rustls-0_22")]
+mod rustls_0_22 {
+    use std::io;
+
+    use actix_service::ServiceFactoryExt as _;
+    use actix_tls::accept::{
+        rustls_0_22::{reexports::ServerConfig, Acceptor, TlsStream},
+        TlsError,
+    };
+
+    use super::*;
+
+    impl<S, B> H2Service<TlsStream<TcpStream>, S, B>
+    where
+        S: ServiceFactory<Request, Config = ()>,
+        S::Future: 'static,
+        S::Error: Into<Response<BoxBody>> + 'static,
+        S::Response: Into<Response<B>> + 'static,
+        <S::Service as Service<Request>>::Future: 'static,
+
+        B: MessageBody + 'static,
+    {
+        /// Create Rustls v0.22 based service.
+        pub fn rustls_0_22(
+            self,
+            mut config: ServerConfig,
+        ) -> impl ServiceFactory<
+            TcpStream,
+            Config = (),
+            Response = (),
+            Error = TlsError<io::Error, DispatchError>,
+            InitError = S::InitError,
+        > {
+            let mut protos = vec![b"h2".to_vec()];
+            protos.extend_from_slice(&config.alpn_protocols);
+            config.alpn_protocols = protos;
+
+            Acceptor::new(config)
+                .map_init_err(|_| {
+                    unreachable!("TLS acceptor service factory does not error on init")
+                })
+                .map_err(TlsError::into_service_error)
+                .map(|io: TlsStream<TcpStream>| {
+                    let peer_addr = io.get_ref().0.peer_addr().ok();
+                    (io, peer_addr)
+                })
+                .and_then(self.map_err(TlsError::Service))
+        }
+    }
+}
+
 impl<T, S, B> ServiceFactory<(T, Option<net::SocketAddr>)> for H2Service<T, S, B>
 where
    T: AsyncRead + AsyncWrite + Unpin + 'static,
--- a/actix-http/src/header/map.rs
+++ b/actix-http/src/header/map.rs
@ -650,6 +650,13 @@ impl From<HeaderMap> for http::HeaderMap {
    }
 }

+/// Convert our `&HeaderMap` to a `http::HeaderMap`.
+impl From<&HeaderMap> for http::HeaderMap {
+    fn from(map: &HeaderMap) -> Self {
+        map.to_owned().into()
+    }
+}
+
 /// Iterator over removed, owned values with the same associated name.
 ///
 /// Returned from methods that remove or replace items. See [`HeaderMap::insert`]
--- a/actix-http/src/lib.rs
+++ b/actix-http/src/lib.rs
@ -58,7 +58,12 @@ pub mod ws;

 #[allow(deprecated)]
 pub use self::payload::PayloadStream;
-#[cfg(any(feature = "openssl", feature = "rustls-0_20", feature = "rustls-0_21"))]
+#[cfg(any(
+    feature = "openssl",
+    feature = "rustls-0_20",
+    feature = "rustls-0_21",
+    feature = "rustls-0_22",
+))]
 pub use self::service::TlsAcceptorConfig;
 pub use self::{
    builder::HttpServiceBuilder,
--- a/actix-http/src/requests/head.rs
+++ b/actix-http/src/requests/head.rs
@ -16,7 +16,10 @@ pub struct RequestHead {
    pub uri: Uri,
    pub version: Version,
    pub headers: HeaderMap,
+
+    /// Will only be None when called in unit tests unless set manually.
    pub peer_addr: Option<net::SocketAddr>,
+
    flags: Flags,
 }

--- a/actix-http/src/requests/request.rs
+++ b/actix-http/src/requests/request.rs
@ -173,7 +173,7 @@ impl<P> Request<P> {
    /// Peer address is the directly connected peer's socket address. If a proxy is used in front of
    /// the Actix Web server, then it would be address of this proxy.
    ///
-    /// Will only return None when called in unit tests.
+    /// Will only return None when called in unit tests unless set manually.
    #[inline]
    pub fn peer_addr(&self) -> Option<net::SocketAddr> {
        self.head().peer_addr
--- a/actix-http/src/service.rs
+++ b/actix-http/src/service.rs
@ -241,13 +241,23 @@ where
 }

 /// Configuration options used when accepting TLS connection.
-#[cfg(any(feature = "openssl", feature = "rustls-0_20", feature = "rustls-0_21"))]
+#[cfg(any(
+    feature = "openssl",
+    feature = "rustls-0_20",
+    feature = "rustls-0_21",
+    feature = "rustls-0_22",
+))]
 #[derive(Debug, Default)]
 pub struct TlsAcceptorConfig {
    pub(crate) handshake_timeout: Option<std::time::Duration>,
 }

-#[cfg(any(feature = "openssl", feature = "rustls-0_20", feature = "rustls-0_21"))]
+#[cfg(any(
+    feature = "openssl",
+    feature = "rustls-0_20",
+    feature = "rustls-0_21",
+    feature = "rustls-0_22",
+))]
 impl TlsAcceptorConfig {
    /// Set TLS handshake timeout duration.
    pub fn handshake_timeout(self, dur: std::time::Duration) -> Self {
@ -353,12 +363,12 @@ mod openssl {
 }

 #[cfg(feature = "rustls-0_20")]
-mod rustls_020 {
+mod rustls_0_20 {
    use std::io;

    use actix_service::ServiceFactoryExt as _;
    use actix_tls::accept::{
-        rustls::{reexports::ServerConfig, Acceptor, TlsStream},
+        rustls_0_20::{reexports::ServerConfig, Acceptor, TlsStream},
        TlsError,
    };

@ -389,7 +399,7 @@ mod rustls_020 {
        U::Error: fmt::Display + Into<Response<BoxBody>>,
        U::InitError: fmt::Debug,
    {
-        /// Create Rustls based service.
+        /// Create Rustls v0.20 based service.
        pub fn rustls(
            self,
            config: ServerConfig,
@ -403,7 +413,7 @@ mod rustls_020 {
            self.rustls_with_config(config, TlsAcceptorConfig::default())
        }

-        /// Create Rustls based service with custom TLS acceptor configuration.
+        /// Create Rustls v0.20 based service with custom TLS acceptor configuration.
        pub fn rustls_with_config(
            self,
            mut config: ServerConfig,
@ -449,7 +459,7 @@ mod rustls_020 {
 }

 #[cfg(feature = "rustls-0_21")]
-mod rustls_021 {
+mod rustls_0_21 {
    use std::io;

    use actix_service::ServiceFactoryExt as _;
@ -485,7 +495,7 @@ mod rustls_021 {
        U::Error: fmt::Display + Into<Response<BoxBody>>,
        U::InitError: fmt::Debug,
    {
-        /// Create Rustls based service.
+        /// Create Rustls v0.21 based service.
        pub fn rustls_021(
            self,
            config: ServerConfig,
@ -499,7 +509,7 @@ mod rustls_021 {
            self.rustls_021_with_config(config, TlsAcceptorConfig::default())
        }

-        /// Create Rustls based service with custom TLS acceptor configuration.
+        /// Create Rustls v0.21 based service with custom TLS acceptor configuration.
        pub fn rustls_021_with_config(
            self,
            mut config: ServerConfig,
@ -544,6 +554,102 @@ mod rustls_021 {
    }
 }

+#[cfg(feature = "rustls-0_22")]
+mod rustls_0_22 {
+    use std::io;
+
+    use actix_service::ServiceFactoryExt as _;
+    use actix_tls::accept::{
+        rustls_0_22::{reexports::ServerConfig, Acceptor, TlsStream},
+        TlsError,
+    };
+
+    use super::*;
+
+    impl<S, B, X, U> HttpService<TlsStream<TcpStream>, S, B, X, U>
+    where
+        S: ServiceFactory<Request, Config = ()>,
+        S::Future: 'static,
+        S::Error: Into<Response<BoxBody>> + 'static,
+        S::InitError: fmt::Debug,
+        S::Response: Into<Response<B>> + 'static,
+        <S::Service as Service<Request>>::Future: 'static,
+
+        B: MessageBody + 'static,
+
+        X: ServiceFactory<Request, Config = (), Response = Request>,
+        X::Future: 'static,
+        X::Error: Into<Response<BoxBody>>,
+        X::InitError: fmt::Debug,
+
+        U: ServiceFactory<
+            (Request, Framed<TlsStream<TcpStream>, h1::Codec>),
+            Config = (),
+            Response = (),
+        >,
+        U::Future: 'static,
+        U::Error: fmt::Display + Into<Response<BoxBody>>,
+        U::InitError: fmt::Debug,
+    {
+        /// Create Rustls v0.22 based service.
+        pub fn rustls_0_22(
+            self,
+            config: ServerConfig,
+        ) -> impl ServiceFactory<
+            TcpStream,
+            Config = (),
+            Response = (),
+            Error = TlsError<io::Error, DispatchError>,
+            InitError = (),
+        > {
+            self.rustls_0_22_with_config(config, TlsAcceptorConfig::default())
+        }
+
+        /// Create Rustls v0.22 based service with custom TLS acceptor configuration.
+        pub fn rustls_0_22_with_config(
+            self,
+            mut config: ServerConfig,
+            tls_acceptor_config: TlsAcceptorConfig,
+        ) -> impl ServiceFactory<
+            TcpStream,
+            Config = (),
+            Response = (),
+            Error = TlsError<io::Error, DispatchError>,
+            InitError = (),
+        > {
+            let mut protos = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
+            protos.extend_from_slice(&config.alpn_protocols);
+            config.alpn_protocols = protos;
+
+            let mut acceptor = Acceptor::new(config);
+
+            if let Some(handshake_timeout) = tls_acceptor_config.handshake_timeout {
+                acceptor.set_handshake_timeout(handshake_timeout);
+            }
+
+            acceptor
+                .map_init_err(|_| {
+                    unreachable!("TLS acceptor service factory does not error on init")
+                })
+                .map_err(TlsError::into_service_error)
+                .and_then(|io: TlsStream<TcpStream>| async {
+                    let proto = if let Some(protos) = io.get_ref().1.alpn_protocol() {
+                        if protos.windows(2).any(|window| window == b"h2") {
+                            Protocol::Http2
+                        } else {
+                            Protocol::Http1
+                        }
+                    } else {
+                        Protocol::Http1
+                    };
+                    let peer_addr = io.get_ref().0.peer_addr().ok();
+                    Ok((io, proto, peer_addr))
+                })
+                .and_then(self.map_err(TlsError::Service))
+        }
+    }
+}
+
 impl<T, S, B, X, U> ServiceFactory<(T, Protocol, Option<net::SocketAddr>)>
    for HttpService<T, S, B, X, U>
 where
--- a/actix-http/tests/test_rustls.rs
+++ b/actix-http/tests/test_rustls.rs
@ -1,6 +1,6 @@
-#![cfg(feature = "rustls-0_21")]
+#![cfg(feature = "rustls-0_22")]

-extern crate tls_rustls_021 as rustls;
+extern crate tls_rustls_022 as rustls;

 use std::{
    convert::Infallible,
@ -20,13 +20,13 @@ use actix_http::{
 use actix_http_test::test_server;
 use actix_rt::pin;
 use actix_service::{fn_factory_with_config, fn_service};
-use actix_tls::connect::rustls_0_21::webpki_roots_cert_store;
+use actix_tls::connect::rustls_0_22::webpki_roots_cert_store;
 use actix_utils::future::{err, ok, poll_fn};
 use bytes::{Bytes, BytesMut};
 use derive_more::{Display, Error};
 use futures_core::{ready, Stream};
 use futures_util::stream::once;
-use rustls::{Certificate, PrivateKey, ServerConfig as RustlsServerConfig, ServerName};
+use rustls::{pki_types::ServerName, ServerConfig as RustlsServerConfig};
 use rustls_pemfile::{certs, pkcs8_private_keys};

 async fn load_body<S>(stream: S) -> Result<BytesMut, PayloadError>
@ -59,17 +59,17 @@ fn tls_config() -> RustlsServerConfig {
    let cert_file = &mut BufReader::new(cert_file.as_bytes());
    let key_file = &mut BufReader::new(key_file.as_bytes());

-    let cert_chain = certs(cert_file)
-        .unwrap()
-        .into_iter()
-        .map(Certificate)
-        .collect();
-    let mut keys = pkcs8_private_keys(key_file).unwrap();
+    let cert_chain = certs(cert_file).collect::<Result<Vec<_>, _>>().unwrap();
+    let mut keys = pkcs8_private_keys(key_file)
+        .collect::<Result<Vec<_>, _>>()
+        .unwrap();

    let mut config = RustlsServerConfig::builder()
-        .with_safe_defaults()
        .with_no_client_auth()
-        .with_single_cert(cert_chain, PrivateKey(keys.remove(0)))
+        .with_single_cert(
+            cert_chain,
+            rustls::pki_types::PrivateKeyDer::Pkcs8(keys.remove(0)),
+        )
        .unwrap();

    config.alpn_protocols.push(HTTP1_1_ALPN_PROTOCOL.to_vec());
@ -83,7 +83,6 @@ pub fn get_negotiated_alpn_protocol(
    client_alpn_protocol: &[u8],
 ) -> Option<Vec<u8>> {
    let mut config = rustls::ClientConfig::builder()
-        .with_safe_defaults()
        .with_root_certificates(webpki_roots_cert_store())
        .with_no_client_auth();

@ -109,7 +108,7 @@ async fn h1() -> io::Result<()> {
    let srv = test_server(move || {
        HttpService::build()
            .h1(|_| ok::<_, Error>(Response::ok()))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -123,7 +122,7 @@ async fn h2() -> io::Result<()> {
    let srv = test_server(move || {
        HttpService::build()
            .h2(|_| ok::<_, Error>(Response::ok()))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -141,7 +140,7 @@ async fn h1_1() -> io::Result<()> {
                assert_eq!(req.version(), Version::HTTP_11);
                ok::<_, Error>(Response::ok())
            })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -159,7 +158,7 @@ async fn h2_1() -> io::Result<()> {
                assert_eq!(req.version(), Version::HTTP_2);
                ok::<_, Error>(Response::ok())
            })
-            .rustls_021_with_config(
+            .rustls_0_22_with_config(
                tls_config(),
                TlsAcceptorConfig::default().handshake_timeout(Duration::from_secs(5)),
            )
@ -180,7 +179,7 @@ async fn h2_body1() -> io::Result<()> {
                let body = load_body(req.take_payload()).await?;
                Ok::<_, Error>(Response::ok().set_body(body))
            })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -206,7 +205,7 @@ async fn h2_content_length() {
                ];
                ok::<_, Infallible>(Response::new(statuses[indx]))
            })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -278,7 +277,7 @@ async fn h2_headers() {
                }
                ok::<_, Infallible>(config.body(data.clone()))
            })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -317,7 +316,7 @@ async fn h2_body2() {
    let mut srv = test_server(move || {
        HttpService::build()
            .h2(|_| ok::<_, Infallible>(Response::ok().set_body(STR)))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -334,7 +333,7 @@ async fn h2_head_empty() {
    let mut srv = test_server(move || {
        HttpService::build()
            .finish(|_| ok::<_, Infallible>(Response::ok().set_body(STR)))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -360,7 +359,7 @@ async fn h2_head_binary() {
    let mut srv = test_server(move || {
        HttpService::build()
            .h2(|_| ok::<_, Infallible>(Response::ok().set_body(STR)))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -385,7 +384,7 @@ async fn h2_head_binary2() {
    let srv = test_server(move || {
        HttpService::build()
            .h2(|_| ok::<_, Infallible>(Response::ok().set_body(STR)))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -411,7 +410,7 @@ async fn h2_body_length() {
                    Response::ok().set_body(SizedStream::new(STR.len() as u64, body)),
                )
            })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -435,7 +434,7 @@ async fn h2_body_chunked_explicit() {
                        .body(BodyStream::new(body)),
                )
            })
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -464,7 +463,7 @@ async fn h2_response_http_error_handling() {
                    )
                }))
            }))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -494,7 +493,7 @@ async fn h2_service_error() {
    let mut srv = test_server(move || {
        HttpService::build()
            .h2(|_| err::<Response<BoxBody>, _>(BadRequest))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -511,7 +510,7 @@ async fn h1_service_error() {
    let mut srv = test_server(move || {
        HttpService::build()
            .h1(|_| err::<Response<BoxBody>, _>(BadRequest))
-            .rustls_021(tls_config())
+            .rustls_0_22(tls_config())
    })
    .await;

@ -534,7 +533,7 @@ async fn alpn_h1() -> io::Result<()> {
        config.alpn_protocols.push(CUSTOM_ALPN_PROTOCOL.to_vec());
        HttpService::build()
            .h1(|_| ok::<_, Error>(Response::ok()))
-            .rustls_021(config)
+            .rustls_0_22(config)
    })
    .await;

@ -556,7 +555,7 @@ async fn alpn_h2() -> io::Result<()> {
        config.alpn_protocols.push(CUSTOM_ALPN_PROTOCOL.to_vec());
        HttpService::build()
            .h2(|_| ok::<_, Error>(Response::ok()))
-            .rustls_021(config)
+            .rustls_0_22(config)
    })
    .await;

@ -582,7 +581,7 @@ async fn alpn_h2_1() -> io::Result<()> {
        config.alpn_protocols.push(CUSTOM_ALPN_PROTOCOL.to_vec());
        HttpService::build()
            .finish(|_| ok::<_, Error>(Response::ok()))
-            .rustls_021(config)
+            .rustls_0_22(config)
    })
    .await;

--- a/actix-multipart-derive/README.md
+++ b/actix-multipart-derive/README.md
@ -1,7 +1,9 @@
-# actix-multipart-derive
+# `actix-multipart-derive`

 > The derive macro implementation for actix-multipart-derive.

+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-multipart-derive?label=latest)](https://crates.io/crates/actix-multipart-derive)
 [![Documentation](https://docs.rs/actix-multipart-derive/badge.svg?version=0.6.1)](https://docs.rs/actix-multipart-derive/0.6.1)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
@ -11,6 +13,8 @@
 [![Download](https://img.shields.io/crates/d/actix-multipart-derive.svg)](https://crates.io/crates/actix-multipart-derive)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)

+<!-- prettier-ignore-end -->
+
 ## Documentation & Resources

 - [API Documentation](https://docs.rs/actix-multipart-derive)
--- a/actix-multipart/README.md
+++ b/actix-multipart/README.md
@ -1,7 +1,9 @@
-# actix-multipart
+# `actix-multipart`

 > Multipart form support for Actix Web.

+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-multipart?label=latest)](https://crates.io/crates/actix-multipart)
 [![Documentation](https://docs.rs/actix-multipart/badge.svg?version=0.6.1)](https://docs.rs/actix-multipart/0.6.1)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
@ -11,6 +13,8 @@
 [![Download](https://img.shields.io/crates/d/actix-multipart.svg)](https://crates.io/crates/actix-multipart)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)

+<!-- prettier-ignore-end -->
+
 ## Documentation & Resources

 - [API Documentation](https://docs.rs/actix-multipart)
--- a/actix-router/README.md
+++ b/actix-router/README.md
@ -1,5 +1,7 @@
 # `actix-router`

+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-router?label=latest)](https://crates.io/crates/actix-router)
 [![Documentation](https://docs.rs/actix-router/badge.svg?version=0.5.2)](https://docs.rs/actix-router/0.5.2)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
@ -9,6 +11,8 @@
 [![Download](https://img.shields.io/crates/d/actix-router.svg)](https://crates.io/crates/actix-router)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)

+<!-- prettier-ignore-end -->
+
 <!-- cargo-rdme start -->

 Resource path matching and router.
--- a/actix-test/CHANGES.md
+++ b/actix-test/CHANGES.md
@ -2,6 +2,10 @@

 ## Unreleased

+## 0.1.3
+
+- Add `TestServerConfig::rustls_0_22()` method for Rustls v0.22 support behind new `rustls-0_22` crate feature.
+
 ## 0.1.2

 - Add `TestServerConfig::rustls_021()` method for Rustls v0.21 support behind new `rustls-0_21` crate feature.
--- a/actix-test/Cargo.toml
+++ b/actix-test/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "actix-test"
-version = "0.1.2"
+version = "0.1.3"
 authors = [
    "Nikolay Kim <fafhrd91@gmail.com>",
    "Rob Ede <robjtede@icloud.com>",
@ -27,19 +27,21 @@ rustls = ["rustls-0_20"]
 rustls-0_20 = ["tls-rustls-0_20", "actix-http/rustls-0_20", "awc/rustls-0_20"]
 # TLS via Rustls v0.21
 rustls-0_21 = ["tls-rustls-0_21", "actix-http/rustls-0_21", "awc/rustls-0_21"]
+# TLS via Rustls v0.22
+rustls-0_22 = ["tls-rustls-0_22", "actix-http/rustls-0_22", "awc/rustls-0_22-webpki-roots"]

 # TLS via OpenSSL
 openssl = ["tls-openssl", "actix-http/openssl", "awc/openssl"]

 [dependencies]
 actix-codec = "0.5"
-actix-http = "3"
+actix-http = "3.6"
 actix-http-test = "3"
 actix-rt = "2.1"
 actix-service = "2"
 actix-utils = "3"
-actix-web = { version = "4", default-features = false, features = ["cookies"] }
-awc = { version = "3", default-features = false, features = ["cookies"] }
+actix-web = { version = "4.5", default-features = false, features = ["cookies"] }
+awc = { version = "3.4", default-features = false, features = ["cookies"] }

 futures-core = { version = "0.3.17", default-features = false, features = ["std"] }
 futures-util = { version = "0.3.17", default-features = false, features = [] }
@ -50,4 +52,5 @@ serde_urlencoded = "0.7"
 tls-openssl = { package = "openssl", version = "0.10.55", optional = true }
 tls-rustls-0_20 = { package = "rustls", version = "0.20", optional = true }
 tls-rustls-0_21 = { package = "rustls", version = "0.21", optional = true }
+tls-rustls-0_22 = { package = "rustls", version = "0.22", optional = true }
 tokio = { version = "1.24.2", features = ["sync"] }
--- a/actix-test/src/lib.rs
+++ b/actix-test/src/lib.rs
@ -143,6 +143,8 @@ where
        StreamType::Rustls020(_) => true,
        #[cfg(feature = "rustls-0_21")]
        StreamType::Rustls021(_) => true,
+        #[cfg(feature = "rustls-0_22")]
+        StreamType::Rustls022(_) => true,
    };

    // run server in separate orphaned thread
@ -327,6 +329,48 @@ where
                            .rustls_021(config.clone())
                    }),
                },
+                #[cfg(feature = "rustls-0_22")]
+                StreamType::Rustls022(config) => match cfg.tp {
+                    HttpVer::Http1 => builder.listen("test", tcp, move || {
+                        let app_cfg =
+                            AppConfig::__priv_test_new(false, local_addr.to_string(), local_addr);
+
+                        let fac = factory()
+                            .into_factory()
+                            .map_err(|err| err.into().error_response());
+
+                        HttpService::build()
+                            .client_request_timeout(timeout)
+                            .h1(map_config(fac, move |_| app_cfg.clone()))
+                            .rustls_0_22(config.clone())
+                    }),
+                    HttpVer::Http2 => builder.listen("test", tcp, move || {
+                        let app_cfg =
+                            AppConfig::__priv_test_new(false, local_addr.to_string(), local_addr);
+
+                        let fac = factory()
+                            .into_factory()
+                            .map_err(|err| err.into().error_response());
+
+                        HttpService::build()
+                            .client_request_timeout(timeout)
+                            .h2(map_config(fac, move |_| app_cfg.clone()))
+                            .rustls_0_22(config.clone())
+                    }),
+                    HttpVer::Both => builder.listen("test", tcp, move || {
+                        let app_cfg =
+                            AppConfig::__priv_test_new(false, local_addr.to_string(), local_addr);
+
+                        let fac = factory()
+                            .into_factory()
+                            .map_err(|err| err.into().error_response());
+
+                        HttpService::build()
+                            .client_request_timeout(timeout)
+                            .finish(map_config(fac, move |_| app_cfg.clone()))
+                            .rustls_0_22(config.clone())
+                    }),
+                },
            }
            .expect("test server could not be created");

@ -401,6 +445,8 @@ enum StreamType {
    Rustls020(tls_rustls_0_20::ServerConfig),
    #[cfg(feature = "rustls-0_21")]
    Rustls021(tls_rustls_0_21::ServerConfig),
+    #[cfg(feature = "rustls-0_22")]
+    Rustls022(tls_rustls_0_22::ServerConfig),
 }

 /// Create default test server config.
@ -424,7 +470,7 @@ impl Default for TestServerConfig {
 }

 impl TestServerConfig {
-    /// Create default server configuration
+    /// Constructs default server configuration.
    pub(crate) fn new() -> TestServerConfig {
        TestServerConfig {
            tp: HttpVer::Both,
@ -435,40 +481,63 @@ impl TestServerConfig {
        }
    }

-    /// Accept HTTP/1.1 only.
+    /// Accepts HTTP/1.1 only.
    pub fn h1(mut self) -> Self {
        self.tp = HttpVer::Http1;
        self
    }

-    /// Accept HTTP/2 only.
+    /// Accepts HTTP/2 only.
    pub fn h2(mut self) -> Self {
        self.tp = HttpVer::Http2;
        self
    }

-    /// Accept secure connections via OpenSSL.
+    /// Accepts secure connections via OpenSSL.
    #[cfg(feature = "openssl")]
    pub fn openssl(mut self, acceptor: openssl::ssl::SslAcceptor) -> Self {
        self.stream = StreamType::Openssl(acceptor);
        self
    }

-    /// Accept secure connections via Rustls.
+    #[doc(hidden)]
+    #[deprecated(note = "Renamed to `rustls_0_20()`.")]
    #[cfg(feature = "rustls-0_20")]
    pub fn rustls(mut self, config: tls_rustls_0_20::ServerConfig) -> Self {
        self.stream = StreamType::Rustls020(config);
        self
    }

-    /// Accept secure connections via Rustls.
+    /// Accepts secure connections via Rustls v0.20.
+    #[cfg(feature = "rustls-0_20")]
+    pub fn rustls_0_20(mut self, config: tls_rustls_0_20::ServerConfig) -> Self {
+        self.stream = StreamType::Rustls020(config);
+        self
+    }
+
+    #[doc(hidden)]
+    #[deprecated(note = "Renamed to `rustls_0_21()`.")]
    #[cfg(feature = "rustls-0_21")]
    pub fn rustls_021(mut self, config: tls_rustls_0_21::ServerConfig) -> Self {
        self.stream = StreamType::Rustls021(config);
        self
    }

-    /// Set client timeout for first request.
+    /// Accepts secure connections via Rustls v0.21.
+    #[cfg(feature = "rustls-0_21")]
+    pub fn rustls_0_21(mut self, config: tls_rustls_0_21::ServerConfig) -> Self {
+        self.stream = StreamType::Rustls021(config);
+        self
+    }
+
+    /// Accepts secure connections via Rustls v0.22.
+    #[cfg(feature = "rustls-0_22")]
+    pub fn rustls_0_22(mut self, config: tls_rustls_0_22::ServerConfig) -> Self {
+        self.stream = StreamType::Rustls022(config);
+        self
+    }
+
+    /// Sets client timeout for first request.
    pub fn client_request_timeout(mut self, dur: Duration) -> Self {
        self.client_request_timeout = dur;
        self
--- a/actix-web-actors/CHANGES.md
+++ b/actix-web-actors/CHANGES.md
@ -2,6 +2,8 @@

 ## Unreleased

+## 4.3.0
+
 - Minimum supported Rust version (MSRV) is now 1.68 due to transitive `time` dependency.

 ## 4.2.0
--- a/actix-web-actors/Cargo.toml
+++ b/actix-web-actors/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "actix-web-actors"
-version = "4.2.0"
+version = "4.3.0"
 authors = ["Nikolay Kim <fafhrd91@gmail.com>"]
 description = "Actix actors support for Actix Web"
 keywords = ["actix", "http", "web", "framework", "async"]
--- a/actix-web-actors/README.md
+++ b/actix-web-actors/README.md
@ -1,16 +1,20 @@
-# actix-web-actors
+# `actix-web-actors`

 > Actix actors support for Actix Web.

+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-web-actors?label=latest)](https://crates.io/crates/actix-web-actors)
-[![Documentation](https://docs.rs/actix-web-actors/badge.svg?version=4.2.0)](https://docs.rs/actix-web-actors/4.2.0)
+[![Documentation](https://docs.rs/actix-web-actors/badge.svg?version=4.3.0)](https://docs.rs/actix-web-actors/4.3.0)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
 ![License](https://img.shields.io/crates/l/actix-web-actors.svg)
 <br />
-[![dependency status](https://deps.rs/crate/actix-web-actors/4.2.0/status.svg)](https://deps.rs/crate/actix-web-actors/4.2.0)
+[![dependency status](https://deps.rs/crate/actix-web-actors/4.3.0/status.svg)](https://deps.rs/crate/actix-web-actors/4.3.0)
 [![Download](https://img.shields.io/crates/d/actix-web-actors.svg)](https://crates.io/crates/actix-web-actors)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)

+<!-- prettier-ignore-end -->
+
 ## Documentation & Resources

 - [API Documentation](https://docs.rs/actix-web-actors)
--- a/actix-web-codegen/README.md
+++ b/actix-web-codegen/README.md
@ -1,7 +1,9 @@
-# actix-web-codegen
+# `actix-web-codegen`

 > Routing and runtime macros for Actix Web.

+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/actix-web-codegen?label=latest)](https://crates.io/crates/actix-web-codegen)
 [![Documentation](https://docs.rs/actix-web-codegen/badge.svg?version=4.2.2)](https://docs.rs/actix-web-codegen/4.2.2)
 ![Version](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
@ -11,6 +13,8 @@
 [![Download](https://img.shields.io/crates/d/actix-web-codegen.svg)](https://crates.io/crates/actix-web-codegen)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)

+<!-- prettier-ignore-end -->
+
 ## Documentation & Resources

 - [API Documentation](https://docs.rs/actix-web-codegen)
--- a/actix-web/CHANGES.md
+++ b/actix-web/CHANGES.md
@ -2,6 +2,11 @@

 ## Unreleased

+## 4.5.0
+
+- Add `rustls-0_22` crate feature.
+- Add `HttpServer::{bind_rustls_0_22, listen_rustls_0_22}()` builder methods.
+
 ## 4.4.1

 ### Changed
--- a/actix-web/Cargo.toml
+++ b/actix-web/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "actix-web"
-version = "4.4.1"
+version = "4.5.0"
 description = "Actix Web is a powerful, pragmatic, and extremely fast web framework for Rust"
 authors = [
    "Nikolay Kim <fafhrd91@gmail.com>",
@ -20,9 +20,20 @@ edition.workspace = true
 rust-version.workspace = true

 [package.metadata.docs.rs]
-# features that docs.rs will build with
-features = ["macros", "openssl", "rustls-0_20", "rustls-0_21", "compress-brotli", "compress-gzip", "compress-zstd", "cookies", "secure-cookies"]
 rustdoc-args = ["--cfg", "docsrs"]
+features = [
+    "macros",
+    "openssl",
+    "rustls-0_20",
+    "rustls-0_21",
+    "rustls-0_22",
+    "compress-brotli",
+    "compress-gzip",
+    "compress-zstd",
+    "cookies",
+    "secure-cookies",
+]
+

 [lib]
 name = "actix_web"
@ -58,6 +69,8 @@ rustls = ["rustls-0_20"]
 rustls-0_20 = ["http2", "actix-http/rustls-0_20", "actix-tls/accept", "actix-tls/rustls-0_20"]
 # TLS via Rustls v0.21
 rustls-0_21 = ["http2", "actix-http/rustls-0_21", "actix-tls/accept", "actix-tls/rustls-0_21"]
+# TLS via Rustls v0.22
+rustls-0_22 = ["http2", "actix-http/rustls-0_22", "actix-tls/accept", "actix-tls/rustls-0_22"]

 # Internal (PRIVATE!) features used to aid testing and checking feature status.
 # Don't rely on these whatsoever. They may disappear at anytime.
@ -73,9 +86,9 @@ actix-rt = { version = "2.6", default-features = false }
 actix-server = "2"
 actix-service = "2"
 actix-utils = "3"
-actix-tls = { version = "3.1", default-features = false, optional = true }
+actix-tls = { version = "3.3", default-features = false, optional = true }

-actix-http = { version = "3.5", features = ["ws"] }
+actix-http = { version = "3.6", features = ["ws"] }
 actix-router = "0.5"
 actix-web-codegen = { version = "4.2", optional = true }

--- a/actix-web/MIGRATION-4.0.md
+++ b/actix-web/MIGRATION-4.0.md
@ -372,13 +372,13 @@ You may need to review the [guidance on shared mutable state](https://docs.rs/ac
  HttpServer::new(|| {
 -     App::new()
 -         .data(MyState::default())
-         .service(hander)
+-         .service(handler)

 +     let my_state: Data<MyState> = Data::new(MyState::default());
 +
 +     App::new()
 +         .app_data(my_state)
-+         .service(hander)
+         .service(handler)
  })
 ```

--- a/actix-web/README.md
+++ b/actix-web/README.md
@ -8,10 +8,10 @@
 <!-- prettier-ignore-start -->

 [![crates.io](https://img.shields.io/crates/v/actix-web?label=latest)](https://crates.io/crates/actix-web)
-[![Documentation](https://docs.rs/actix-web/badge.svg?version=4.4.1)](https://docs.rs/actix-web/4.4.1)
+[![Documentation](https://docs.rs/actix-web/badge.svg?version=4.5.0)](https://docs.rs/actix-web/4.5.0)
 ![MSRV](https://img.shields.io/badge/rustc-1.68+-ab6000.svg)
 ![MIT or Apache 2.0 licensed](https://img.shields.io/crates/l/actix-web.svg)
-[![Dependency Status](https://deps.rs/crate/actix-web/4.4.1/status.svg)](https://deps.rs/crate/actix-web/4.4.1)
+[![Dependency Status](https://deps.rs/crate/actix-web/4.5.0/status.svg)](https://deps.rs/crate/actix-web/4.5.0)
 <br />
 [![CI](https://github.com/actix/actix-web/actions/workflows/ci.yml/badge.svg)](https://github.com/actix/actix-web/actions/workflows/ci.yml)
 [![codecov](https://codecov.io/gh/actix/actix-web/branch/master/graph/badge.svg)](https://codecov.io/gh/actix/actix-web)
--- a/actix-web/src/app.rs
+++ b/actix-web/src/app.rs
@ -129,6 +129,8 @@ where
    ///
    /// Data items are constructed during application initialization, before the server starts
    /// accepting requests.
+    ///
+    /// The returned data value `D` is wrapped as [`Data<D>`].
    pub fn data_factory<F, Out, D, E>(mut self, data: F) -> Self
    where
        F: Fn() -> Out + 'static,
--- a/actix-web/src/data.rs
+++ b/actix-web/src/data.rs
@ -69,7 +69,7 @@ pub(crate) type FnDataFactory =
 ///     HttpResponse::Ok()
 /// }
 ///
-/// /// Alteratively, use the `HttpRequest::app_data` method to access data in a handler.
+/// /// Alternatively, use the `HttpRequest::app_data` method to access data in a handler.
 /// async fn index_alt(req: HttpRequest) -> impl Responder {
 ///     let data = req.app_data::<Data<Mutex<MyData>>>().unwrap();
 ///     let mut my_data = data.lock().unwrap();
--- a/actix-web/src/guard/acceptable.rs
+++ b/actix-web/src/guard/acceptable.rs
@ -20,7 +20,7 @@ use crate::http::header::Accept;
 pub struct Acceptable {
    mime: mime::Mime,

-    /// Wether to match `*/*` mime type.
+    /// Whether to match `*/*` mime type.
    ///
    /// Defaults to false because it's not very useful otherwise.
    match_star_star: bool,
--- a/actix-web/src/guard/host.rs
+++ b/actix-web/src/guard/host.rs
@ -2,7 +2,7 @@ use actix_http::{header, uri::Uri, RequestHead};

 use super::{Guard, GuardContext};

-/// Creates a guard that matches requests targetting a specific host.
+/// Creates a guard that matches requests targeting a specific host.
 ///
 /// # Matching Host
 /// This guard will:
--- a/actix-web/src/server.rs
+++ b/actix-web/src/server.rs
@ -442,6 +442,25 @@ where
        Ok(self)
    }

+    /// Resolves socket address(es) and binds server to created listener(s) for TLS connections
+    /// using Rustls v0.22.
+    ///
+    /// See [`bind()`](Self::bind()) for more details on `addrs` argument.
+    ///
+    /// ALPN protocols "h2" and "http/1.1" are added to any configured ones.
+    #[cfg(feature = "rustls-0_22")]
+    pub fn bind_rustls_0_22<A: net::ToSocketAddrs>(
+        mut self,
+        addrs: A,
+        config: actix_tls::accept::rustls_0_22::reexports::ServerConfig,
+    ) -> io::Result<Self> {
+        let sockets = bind_addrs(addrs, self.backlog)?;
+        for lst in sockets {
+            self = self.listen_rustls_0_22_inner(lst, config.clone())?;
+        }
+        Ok(self)
+    }
+
    /// Resolves socket address(es) and binds server to created listener(s) for TLS connections
    /// using OpenSSL.
    ///
@ -685,6 +704,72 @@ where
        Ok(self)
    }

+    /// Binds to existing listener for accepting incoming TLS connection requests using Rustls
+    /// v0.22.
+    ///
+    /// See [`listen()`](Self::listen) for more details on the `lst` argument.
+    ///
+    /// ALPN protocols "h2" and "http/1.1" are added to any configured ones.
+    #[cfg(feature = "rustls-0_22")]
+    pub fn listen_rustls_0_22(
+        self,
+        lst: net::TcpListener,
+        config: actix_tls::accept::rustls_0_22::reexports::ServerConfig,
+    ) -> io::Result<Self> {
+        self.listen_rustls_0_22_inner(lst, config)
+    }
+
+    #[cfg(feature = "rustls-0_22")]
+    fn listen_rustls_0_22_inner(
+        mut self,
+        lst: net::TcpListener,
+        config: actix_tls::accept::rustls_0_22::reexports::ServerConfig,
+    ) -> io::Result<Self> {
+        let factory = self.factory.clone();
+        let cfg = self.config.clone();
+        let addr = lst.local_addr().unwrap();
+        self.sockets.push(Socket {
+            addr,
+            scheme: "https",
+        });
+
+        let on_connect_fn = self.on_connect_fn.clone();
+
+        self.builder =
+            self.builder
+                .listen(format!("actix-web-service-{}", addr), lst, move || {
+                    let c = cfg.lock().unwrap();
+                    let host = c.host.clone().unwrap_or_else(|| format!("{}", addr));
+
+                    let svc = HttpService::build()
+                        .keep_alive(c.keep_alive)
+                        .client_request_timeout(c.client_request_timeout)
+                        .client_disconnect_timeout(c.client_disconnect_timeout);
+
+                    let svc = if let Some(handler) = on_connect_fn.clone() {
+                        svc.on_connect_ext(move |io: &_, ext: _| (handler)(io as &dyn Any, ext))
+                    } else {
+                        svc
+                    };
+
+                    let fac = factory()
+                        .into_factory()
+                        .map_err(|err| err.into().error_response());
+
+                    let acceptor_config = match c.tls_handshake_timeout {
+                        Some(dur) => TlsAcceptorConfig::default().handshake_timeout(dur),
+                        None => TlsAcceptorConfig::default(),
+                    };
+
+                    svc.finish(map_config(fac, move |_| {
+                        AppConfig::new(true, host.clone(), addr)
+                    }))
+                    .rustls_0_22_with_config(config.clone(), acceptor_config)
+                })?;
+
+        Ok(self)
+    }
+
    /// Binds to existing listener for accepting incoming TLS connection requests using OpenSSL.
    ///
    /// See [`listen()`](Self::listen) for more details on the `lst` argument.
--- a/actix-web/src/service.rs
+++ b/actix-web/src/service.rs
@ -221,12 +221,9 @@ impl ServiceRequest {

    /// Returns peer's socket address.
    ///
-    /// Peer address is the directly connected peer's socket address. If a proxy is used in front of
-    /// the Actix Web server, then it would be address of this proxy.
+    /// See [`HttpRequest::peer_addr`] for more details.
    ///
-    /// To get client connection information `ConnectionInfo` should be used.
-    ///
-    /// Will only return None when called in unit tests.
+    /// [`HttpRequest::peer_addr`]: crate::HttpRequest::peer_addr
    #[inline]
    pub fn peer_addr(&self) -> Option<net::SocketAddr> {
        self.head().peer_addr
--- a/actix-web/src/test/test_request.rs
+++ b/actix-web/src/test/test_request.rs
@ -86,76 +86,77 @@ impl Default for TestRequest {

 #[allow(clippy::wrong_self_convention)]
 impl TestRequest {
-    /// Create TestRequest and set request uri
-    pub fn with_uri(path: &str) -> TestRequest {
-        TestRequest::default().uri(path)
+    /// Constructs test request and sets request URI.
+    pub fn with_uri(uri: &str) -> TestRequest {
+        TestRequest::default().uri(uri)
    }

-    /// Create TestRequest and set method to `Method::GET`
+    /// Constructs test request with GET method.
    pub fn get() -> TestRequest {
        TestRequest::default().method(Method::GET)
    }

-    /// Create TestRequest and set method to `Method::POST`
+    /// Constructs test request with POST method.
    pub fn post() -> TestRequest {
        TestRequest::default().method(Method::POST)
    }

-    /// Create TestRequest and set method to `Method::PUT`
+    /// Constructs test request with PUT method.
    pub fn put() -> TestRequest {
        TestRequest::default().method(Method::PUT)
    }

-    /// Create TestRequest and set method to `Method::PATCH`
+    /// Constructs test request with PATCH method.
    pub fn patch() -> TestRequest {
        TestRequest::default().method(Method::PATCH)
    }

-    /// Create TestRequest and set method to `Method::DELETE`
+    /// Constructs test request with DELETE method.
    pub fn delete() -> TestRequest {
        TestRequest::default().method(Method::DELETE)
    }

-    /// Set HTTP version of this request
+    /// Sets HTTP version of this request.
    pub fn version(mut self, ver: Version) -> Self {
        self.req.version(ver);
        self
    }

-    /// Set HTTP method of this request
+    /// Sets method of this request.
    pub fn method(mut self, meth: Method) -> Self {
        self.req.method(meth);
        self
    }

-    /// Set HTTP URI of this request
+    /// Sets URI of this request.
    pub fn uri(mut self, path: &str) -> Self {
        self.req.uri(path);
        self
    }

-    /// Insert a header, replacing any that were set with an equivalent field name.
+    /// Inserts a header, replacing any that were set with an equivalent field name.
    pub fn insert_header(mut self, header: impl TryIntoHeaderPair) -> Self {
        self.req.insert_header(header);
        self
    }

-    /// Append a header, keeping any that were set with an equivalent field name.
+    /// Appends a header, keeping any that were set with an equivalent field name.
    pub fn append_header(mut self, header: impl TryIntoHeaderPair) -> Self {
        self.req.append_header(header);
        self
    }

-    /// Set cookie for this request.
+    /// Sets cookie for this request.
    #[cfg(feature = "cookies")]
    pub fn cookie(mut self, cookie: Cookie<'_>) -> Self {
        self.cookies.add(cookie.into_owned());
        self
    }

-    /// Set request path pattern parameter.
+    /// Sets request path pattern parameter.
    ///
    /// # Examples
+    ///
    /// ```
    /// use actix_web::test::TestRequest;
    ///
@ -171,19 +172,19 @@ impl TestRequest {
        self
    }

-    /// Set peer addr.
+    /// Sets peer address.
    pub fn peer_addr(mut self, addr: SocketAddr) -> Self {
        self.peer_addr = Some(addr);
        self
    }

-    /// Set request payload.
+    /// Sets request payload.
    pub fn set_payload(mut self, data: impl Into<Bytes>) -> Self {
        self.req.set_payload(data);
        self
    }

-    /// Serialize `data` to a URL encoded form and set it as the request payload.
+    /// Serializes `data` to a URL encoded form and set it as the request payload.
    ///
    /// The `Content-Type` header is set to `application/x-www-form-urlencoded`.
    pub fn set_form(mut self, data: impl Serialize) -> Self {
@ -194,7 +195,7 @@ impl TestRequest {
        self
    }

-    /// Serialize `data` to JSON and set it as the request payload.
+    /// Serializes `data` to JSON and set it as the request payload.
    ///
    /// The `Content-Type` header is set to `application/json`.
    pub fn set_json(mut self, data: impl Serialize) -> Self {
@ -204,27 +205,33 @@ impl TestRequest {
        self
    }

-    /// Set application data. This is equivalent of `App::data()` method
-    /// for testing purpose.
-    pub fn data<T: 'static>(mut self, data: T) -> Self {
-        self.app_data.insert(Data::new(data));
-        self
-    }
-
-    /// Set application data. This is equivalent of `App::app_data()` method
-    /// for testing purpose.
+    /// Inserts application data.
+    ///
+    /// This is equivalent of `App::app_data()` method for testing purpose.
    pub fn app_data<T: 'static>(mut self, data: T) -> Self {
        self.app_data.insert(data);
        self
    }

+    /// Inserts application data.
+    ///
+    /// This is equivalent of `App::data()` method for testing purpose.
+    #[doc(hidden)]
+    pub fn data<T: 'static>(mut self, data: T) -> Self {
+        self.app_data.insert(Data::new(data));
+        self
+    }
+
+    /// Sets resource map.
    #[cfg(test)]
-    /// Set request config
    pub(crate) fn rmap(mut self, rmap: ResourceMap) -> Self {
        self.rmap = rmap;
        self
    }

+    /// Finalizes test request.
+    ///
+    /// This request builder will be useless after calling `finish()`.
    fn finish(&mut self) -> Request {
        // mut used when cookie feature is enabled
        #[allow(unused_mut)]
@ -251,14 +258,14 @@ impl TestRequest {
        req
    }

-    /// Complete request creation and generate `Request` instance
+    /// Finalizes request creation and returns `Request` instance.
    pub fn to_request(mut self) -> Request {
        let mut req = self.finish();
        req.head_mut().peer_addr = self.peer_addr;
        req
    }

-    /// Complete request creation and generate `ServiceRequest` instance
+    /// Finalizes request creation and returns `ServiceRequest` instance.
    pub fn to_srv_request(mut self) -> ServiceRequest {
        let (mut head, payload) = self.finish().into_parts();
        head.peer_addr = self.peer_addr;
@ -279,12 +286,12 @@ impl TestRequest {
        )
    }

-    /// Complete request creation and generate `ServiceResponse` instance
+    /// Finalizes request creation and returns `ServiceResponse` instance.
    pub fn to_srv_response<B>(self, res: HttpResponse<B>) -> ServiceResponse<B> {
        self.to_srv_request().into_response(res)
    }

-    /// Complete request creation and generate `HttpRequest` instance
+    /// Finalizes request creation and returns `HttpRequest` instance.
    pub fn to_http_request(mut self) -> HttpRequest {
        let (mut head, _) = self.finish().into_parts();
        head.peer_addr = self.peer_addr;
@ -302,7 +309,7 @@ impl TestRequest {
        )
    }

-    /// Complete request creation and generate `HttpRequest` and `Payload` instances
+    /// Finalizes request creation and returns `HttpRequest` and `Payload` pair.
    pub fn to_http_parts(mut self) -> (HttpRequest, Payload) {
        let (mut head, payload) = self.finish().into_parts();
        head.peer_addr = self.peer_addr;
@ -322,7 +329,7 @@ impl TestRequest {
        (req, payload)
    }

-    /// Complete request creation, calls service and waits for response future completion.
+    /// Finalizes request creation, calls service, and waits for response future completion.
    pub async fn send_request<S, B, E>(self, app: &S) -> S::Response
    where
        S: Service<Request, Response = ServiceResponse<B>, Error = E>,
--- a/actix-web/tests/test_server.rs
+++ b/actix-web/tests/test_server.rs
@ -743,7 +743,7 @@ mod plus_rustls {
            .map(char::from)
            .collect::<String>();

-        let srv = actix_test::start_with(actix_test::config().rustls_021(tls_config()), || {
+        let srv = actix_test::start_with(actix_test::config().rustls_0_21(tls_config()), || {
            App::new().service(web::resource("/").route(web::to(|bytes: Bytes| async {
                // echo decompressed request body back in response
                HttpResponse::Ok()
--- a/awc/CHANGES.md
+++ b/awc/CHANGES.md
@ -2,6 +2,11 @@

 ## Unreleased

+## 3.4.0
+
+- Add `rustls-0_22-webpki-roots` and `rustls-0_22-native-roots` crate feature.
+- Add `awc::Connector::rustls_0_22()` method.
+
 ## 3.3.0

 - Update `trust-dns-resolver` dependency to `0.23`.
--- a/awc/Cargo.toml
+++ b/awc/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "awc"
-version = "3.3.0"
+version = "3.4.0"
 authors = ["Nikolay Kim <fafhrd91@gmail.com>"]
 description = "Async HTTP and WebSocket client library"
 keywords = ["actix", "http", "framework", "async", "web"]
@ -20,8 +20,17 @@ name = "awc"
 path = "src/lib.rs"

 [package.metadata.docs.rs]
-# features that docs.rs will build with
-features = ["openssl", "rustls-0_20", "rustls-0_21", "compress-brotli", "compress-gzip", "compress-zstd", "cookies"]
+rustdoc-args = ["--cfg", "docsrs"]
+features = [
+    "cookies",
+    "openssl",
+    "rustls-0_20",
+    "rustls-0_21",
+    "rustls-0_22-webpki-roots",
+    "compress-brotli",
+    "compress-gzip",
+    "compress-zstd",
+]

 [features]
 default = ["compress-brotli", "compress-gzip", "compress-zstd", "cookies"]
@ -35,6 +44,10 @@ rustls = ["rustls-0_20"]
 rustls-0_20 = ["tls-rustls-0_20", "actix-tls/rustls-0_20"]
 # TLS via Rustls v0.21
 rustls-0_21 = ["tls-rustls-0_21", "actix-tls/rustls-0_21"]
+# TLS via Rustls v0.22 (WebPKI roots)
+rustls-0_22-webpki-roots = ["tls-rustls-0_22", "actix-tls/rustls-0_22-webpki-roots"]
+# TLS via Rustls v0.22 (Native roots)
+rustls-0_22-native-roots = ["tls-rustls-0_22", "actix-tls/rustls-0_22-native-roots"]

 # Brotli algorithm content-encoding support
 compress-brotli = ["actix-http/compress-brotli", "__compress"]
@ -61,9 +74,9 @@ dangerous-h2c = []
 [dependencies]
 actix-codec = "0.5"
 actix-service = "2"
-actix-http = { version = "3.5", features = ["http2", "ws"] }
+actix-http = { version = "3.6", features = ["http2", "ws"] }
 actix-rt = { version = "2.1", default-features = false }
-actix-tls = { version = "3.1", features = ["connect", "uri"] }
+actix-tls = { version = "3.3", features = ["connect", "uri"] }
 actix-utils = "3"

 base64 = "0.21"
@ -72,7 +85,7 @@ cfg-if = "1"
 derive_more = "0.99.5"
 futures-core = { version = "0.3.17", default-features = false, features = ["alloc"] }
 futures-util = { version = "0.3.17", default-features = false, features = ["alloc", "sink"] }
-h2 = "0.3.17"
+h2 = "0.3.24"
 http = "0.2.7"
 itoa = "1"
 log =" 0.4"
@ -90,15 +103,16 @@ cookie = { version = "0.16", features = ["percent-encode"], optional = true }
 tls-openssl = { package = "openssl", version = "0.10.55", optional = true }
 tls-rustls-0_20 = { package = "rustls", version = "0.20", optional = true, features = ["dangerous_configuration"] }
 tls-rustls-0_21 = { package = "rustls", version = "0.21", optional = true, features = ["dangerous_configuration"] }
+tls-rustls-0_22 = { package = "rustls", version = "0.22", optional = true }

 trust-dns-resolver = { version = "0.23", optional = true }

 [dev-dependencies]
-actix-http = { version = "3.5", features = ["openssl"] }
+actix-http = { version = "3.6", features = ["openssl"] }
 actix-http-test = { version = "3", features = ["openssl"] }
 actix-server = "2"
-actix-test = { version = "0.1", features = ["openssl", "rustls-0_21"] }
-actix-tls = { version = "3", features = ["openssl", "rustls-0_21"] }
+actix-test = { version = "0.1", features = ["openssl", "rustls-0_22"] }
+actix-tls = { version = "3.3", features = ["openssl", "rustls-0_22"] }
 actix-utils = "3"
 actix-web = { version = "4", features = ["openssl"] }

@ -108,11 +122,11 @@ env_logger = "0.10"
 flate2 = "1.0.13"
 futures-util = { version = "0.3.17", default-features = false }
 static_assertions = "1.1"
-rcgen = "0.11"
-rustls-pemfile = "1"
+rcgen = "0.12"
+rustls-pemfile = "2"
 tokio = { version = "1.24.2", features = ["rt-multi-thread", "macros"] }
 zstd = "0.13"

 [[example]]
 name = "client"
-required-features = ["rustls-0_21"]
+required-features = ["rustls-0_22-webpki-roots"]
--- a/awc/README.md
+++ b/awc/README.md
@ -1,13 +1,17 @@
-# awc (Actix Web Client)
+# `awc` (Actix Web Client)

 > Async HTTP and WebSocket client library.

+<!-- prettier-ignore-start -->
+
 [![crates.io](https://img.shields.io/crates/v/awc?label=latest)](https://crates.io/crates/awc)
-[![Documentation](https://docs.rs/awc/badge.svg?version=3.3.0)](https://docs.rs/awc/3.3.0)
+[![Documentation](https://docs.rs/awc/badge.svg?version=3.4.0)](https://docs.rs/awc/3.4.0)
 ![MIT or Apache 2.0 licensed](https://img.shields.io/crates/l/awc)
-[![Dependency Status](https://deps.rs/crate/awc/3.3.0/status.svg)](https://deps.rs/crate/awc/3.3.0)
+[![Dependency Status](https://deps.rs/crate/awc/3.4.0/status.svg)](https://deps.rs/crate/awc/3.4.0)
 [![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)

+<!-- prettier-ignore-end -->
+
 ## Documentation & Resources

 - [API Documentation](https://docs.rs/awc)
--- a/awc/src/client/connector.rs
+++ b/awc/src/client/connector.rs
@ -40,14 +40,23 @@ enum OurTlsConnector {
    /// Provided because building the OpenSSL context on newer versions can be very slow.
    /// This prevents unnecessary calls to `.build()` while constructing the client connector.
    #[cfg(feature = "openssl")]
-    #[allow(dead_code)] // false positive; used in build_ssl
+    #[allow(dead_code)] // false positive; used in build_tls
    OpensslBuilder(actix_tls::connect::openssl::reexports::SslConnectorBuilder),

    #[cfg(feature = "rustls-0_20")]
+    #[allow(dead_code)] // false positive; used in build_tls
    Rustls020(std::sync::Arc<actix_tls::connect::rustls_0_20::reexports::ClientConfig>),

    #[cfg(feature = "rustls-0_21")]
+    #[allow(dead_code)] // false positive; used in build_tls
    Rustls021(std::sync::Arc<actix_tls::connect::rustls_0_21::reexports::ClientConfig>),
+
+    #[cfg(any(
+        feature = "rustls-0_22-webpki-roots",
+        feature = "rustls-0_22-native-roots",
+    ))]
+    #[allow(dead_code)] // false positive; used in build_tls
+    Rustls022(std::sync::Arc<actix_tls::connect::rustls_0_22::reexports::ClientConfig>),
 }

 /// Manages HTTP client network connectivity.
@ -86,16 +95,32 @@ impl Connector<()> {
        }
    }

-    /// Provides an empty TLS connector when no TLS feature is enabled.
-    #[cfg(not(any(feature = "openssl", feature = "rustls-0_20", feature = "rustls-0_21")))]
-    fn build_tls(_: Vec<Vec<u8>>) -> OurTlsConnector {
-        OurTlsConnector::None
+    cfg_if::cfg_if! {
+        if #[cfg(any(feature = "rustls-0_22-webpki-roots", feature = "rustls-0_22-webpki-roots"))] {
+            /// Build TLS connector with Rustls v0.22, based on supplied ALPN protocols.
+            ///
+            /// Note that if other TLS crate features are enabled, Rustls v0.22 will be used.
+            fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
+                use actix_tls::connect::rustls_0_22::{self, reexports::ClientConfig};
+
+                cfg_if::cfg_if! {
+                    if #[cfg(feature = "rustls-0_22-webpki-roots")] {
+                        let certs = rustls_0_22::webpki_roots_cert_store();
+                    } else if #[cfg(feature = "rustls-0_22-native-roots")] {
+                        let certs = rustls_0_22::native_roots_cert_store();
+                    }
                }

-    /// Build TLS connector with Rustls v0.21, based on supplied ALPN protocols
-    ///
-    /// Note that if other TLS crate features are enabled, Rustls v0.21 will be used.
-    #[cfg(feature = "rustls-0_21")]
+                let mut config = ClientConfig::builder()
+                    .with_root_certificates(certs)
+                    .with_no_client_auth();
+
+                config.alpn_protocols = protocols;
+
+                OurTlsConnector::Rustls022(std::sync::Arc::new(config))
+            }
+        } else if #[cfg(feature = "rustls-0_21")] {
+            /// Build TLS connector with Rustls v0.21, based on supplied ALPN protocols.
            fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
                use actix_tls::connect::rustls_0_21::{reexports::ClientConfig, webpki_roots_cert_store};

@ -108,11 +133,8 @@ impl Connector<()> {

                OurTlsConnector::Rustls021(std::sync::Arc::new(config))
            }
-
-    /// Build TLS connector with Rustls v0.20, based on supplied ALPN protocols
-    ///
-    /// Note that if other TLS crate features are enabled, Rustls v0.21 will be used.
-    #[cfg(all(feature = "rustls-0_20", not(feature = "rustls-0_21")))]
+        } else if #[cfg(feature = "rustls-0_20")] {
+            /// Build TLS connector with Rustls v0.20, based on supplied ALPN protocols.
            fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
                use actix_tls::connect::rustls_0_20::{reexports::ClientConfig, webpki_roots_cert_store};

@ -125,12 +147,8 @@ impl Connector<()> {

                OurTlsConnector::Rustls020(std::sync::Arc::new(config))
            }
-
-    /// Build TLS connector with OpenSSL, based on supplied ALPN protocols
-    #[cfg(all(
-        feature = "openssl",
-        not(any(feature = "rustls-0_20", feature = "rustls-0_21")),
-    ))]
+        } else if #[cfg(feature = "openssl")] {
+            /// Build TLS connector with OpenSSL, based on supplied ALPN protocols.
            fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
                use actix_tls::connect::openssl::reexports::{SslConnector, SslMethod};
                use bytes::{BufMut, BytesMut};
@ -143,11 +161,18 @@ impl Connector<()> {

                let mut ssl = SslConnector::builder(SslMethod::tls()).unwrap();
                if let Err(err) = ssl.set_alpn_protos(&alpn) {
-            log::error!("Can not set ALPN protocol: {:?}", err);
+                    log::error!("Can not set ALPN protocol: {err:?}");
                }

                OurTlsConnector::OpensslBuilder(ssl)
            }
+        } else {
+            /// Provides an empty TLS connector when no TLS feature is enabled.
+            fn build_tls(_: Vec<Vec<u8>>) -> OurTlsConnector {
+                OurTlsConnector::None
+            }
+        }
+    }
 }

 impl<S> Connector<S> {
@ -240,6 +265,19 @@ where
        self
    }

+    /// Sets custom Rustls v0.22 `ClientConfig` instance.
+    #[cfg(any(
+        feature = "rustls-0_22-webpki-roots",
+        feature = "rustls-0_22-native-roots",
+    ))]
+    pub fn rustls_0_22(
+        mut self,
+        connector: std::sync::Arc<actix_tls::connect::rustls_0_22::reexports::ClientConfig>,
+    ) -> Self {
+        self.tls = OurTlsConnector::Rustls022(connector);
+        self
+    }
+
    /// Sets maximum supported HTTP major version.
    ///
    /// Supported versions are HTTP/1.1 and HTTP/2.
@ -509,6 +547,42 @@ where

                Some(actix_service::boxed::rc_service(tls_service))
            }
+
+            #[cfg(any(
+                feature = "rustls-0_22-webpki-roots",
+                feature = "rustls-0_22-native-roots",
+            ))]
+            OurTlsConnector::Rustls022(tls) => {
+                const H2: &[u8] = b"h2";
+
+                use actix_tls::connect::rustls_0_22::{reexports::AsyncTlsStream, TlsConnector};
+
+                impl<Io: ConnectionIo> IntoConnectionIo for TcpConnection<Uri, AsyncTlsStream<Io>> {
+                    fn into_connection_io(self) -> (Box<dyn ConnectionIo>, Protocol) {
+                        let sock = self.into_parts().0;
+                        let h2 = sock
+                            .get_ref()
+                            .1
+                            .alpn_protocol()
+                            .map_or(false, |protos| protos.windows(2).any(|w| w == H2));
+                        if h2 {
+                            (Box::new(sock), Protocol::Http2)
+                        } else {
+                            (Box::new(sock), Protocol::Http1)
+                        }
+                    }
+                }
+
+                let handshake_timeout = self.config.handshake_timeout;
+
+                let tls_service = TlsConnectorService {
+                    tcp_service: tcp_service_inner,
+                    tls_service: TlsConnector::service(tls),
+                    timeout: handshake_timeout,
+                };
+
+                Some(actix_service::boxed::rc_service(tls_service))
+            }
        };

        let tcp_config = self.config.no_disconnect_timeout();
--- a/awc/tests/test_rustls_client.rs
+++ b/awc/tests/test_rustls_client.rs
@ -1,6 +1,6 @@
-#![cfg(feature = "rustls-0_21")]
+#![cfg(feature = "rustls-0_22-webpki-roots")]

-extern crate tls_rustls_0_21 as rustls;
+extern crate tls_rustls_0_22 as rustls;

 use std::{
    io::BufReader,
@ -8,18 +8,17 @@ use std::{
        atomic::{AtomicUsize, Ordering},
        Arc,
    },
-    time::SystemTime,
 };

 use actix_http::HttpService;
 use actix_http_test::test_server;
 use actix_service::{fn_service, map_config, ServiceFactoryExt};
-use actix_tls::connect::rustls_0_21::webpki_roots_cert_store;
+use actix_tls::connect::rustls_0_22::webpki_roots_cert_store;
 use actix_utils::future::ok;
 use actix_web::{dev::AppConfig, http::Version, web, App, HttpResponse};
 use rustls::{
-    client::{ServerCertVerified, ServerCertVerifier},
-    Certificate, ClientConfig, PrivateKey, ServerConfig, ServerName,
+    pki_types::{CertificateDer, PrivateKeyDer, ServerName},
+    ClientConfig, ServerConfig,
 };
 use rustls_pemfile::{certs, pkcs8_private_keys};

@ -31,36 +30,62 @@ fn tls_config() -> ServerConfig {
    let cert_file = &mut BufReader::new(cert_file.as_bytes());
    let key_file = &mut BufReader::new(key_file.as_bytes());

-    let cert_chain = certs(cert_file)
-        .unwrap()
-        .into_iter()
-        .map(Certificate)
-        .collect();
-    let mut keys = pkcs8_private_keys(key_file).unwrap();
+    let cert_chain = certs(cert_file).collect::<Result<Vec<_>, _>>().unwrap();
+    let mut keys = pkcs8_private_keys(key_file)
+        .collect::<Result<Vec<_>, _>>()
+        .unwrap();

    ServerConfig::builder()
-        .with_safe_defaults()
        .with_no_client_auth()
-        .with_single_cert(cert_chain, PrivateKey(keys.remove(0)))
+        .with_single_cert(cert_chain, PrivateKeyDer::Pkcs8(keys.remove(0)))
        .unwrap()
 }

 mod danger {
+    use rustls::{
+        client::danger::{ServerCertVerified, ServerCertVerifier},
+        pki_types::UnixTime,
+    };
+
    use super::*;

+    #[derive(Debug)]
    pub struct NoCertificateVerification;

    impl ServerCertVerifier for NoCertificateVerification {
        fn verify_server_cert(
            &self,
-            _end_entity: &Certificate,
-            _intermediates: &[Certificate],
-            _server_name: &ServerName,
-            _scts: &mut dyn Iterator<Item = &[u8]>,
+            _end_entity: &CertificateDer<'_>,
+            _intermediates: &[CertificateDer<'_>],
+            _server_name: &ServerName<'_>,
            _ocsp_response: &[u8],
-            _now: SystemTime,
+            _now: UnixTime,
        ) -> Result<ServerCertVerified, rustls::Error> {
-            Ok(ServerCertVerified::assertion())
+            Ok(rustls::client::danger::ServerCertVerified::assertion())
+        }
+
+        fn verify_tls12_signature(
+            &self,
+            _message: &[u8],
+            _cert: &CertificateDer<'_>,
+            _dss: &rustls::DigitallySignedStruct,
+        ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
+            Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
+        }
+
+        fn verify_tls13_signature(
+            &self,
+            _message: &[u8],
+            _cert: &CertificateDer<'_>,
+            _dss: &rustls::DigitallySignedStruct,
+        ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
+            Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
+        }
+
+        fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
+            rustls::crypto::ring::default_provider()
+                .signature_verification_algorithms
+                .supported_schemes()
        }
    }
 }
@ -82,14 +107,13 @@ async fn test_connection_reuse_h2() {
                    App::new().service(web::resource("/").route(web::to(HttpResponse::Ok))),
                    |_| AppConfig::default(),
                ))
-                .rustls_021(tls_config())
+                .rustls_0_22(tls_config())
                .map_err(|_| ()),
        )
    })
    .await;

    let mut config = ClientConfig::builder()
-        .with_safe_defaults()
        .with_root_certificates(webpki_roots_cert_store())
        .with_no_client_auth();

@ -102,7 +126,7 @@ async fn test_connection_reuse_h2() {
        .set_certificate_verifier(Arc::new(danger::NoCertificateVerification));

    let client = awc::Client::builder()
-        .connector(awc::Connector::new().rustls_021(Arc::new(config)))
+        .connector(awc::Connector::new().rustls_0_22(Arc::new(config)))
        .finish();

    // req 1
--- a/10
+++ b/10
@ -1,6 +1,11 @@
 _list:
    @just --list

+# Format workspace.
+fmt:
+    cargo +nightly fmt
+    npx -y prettier --write $(fd --type=file --hidden --extension=md --extension=yml)
+
 # Document crates in workspace.
 doc:
    RUSTDOCFLAGS="--cfg=docsrs" cargo +nightly doc --no-deps --workspace --features=rustls,openssl
@ -9,3 +14,8 @@ doc:
 doc-watch:
    RUSTDOCFLAGS="--cfg=docsrs" cargo +nightly doc --no-deps --workspace --features=rustls,openssl --open
    cargo watch -- RUSTDOCFLAGS="--cfg=docsrs" cargo +nightly doc --no-deps --workspace --features=rustls,openssl
+
+# Update READMEs from crate root documentation.
+update-readmes: && fmt
+    cd ./actix-files && cargo rdme --force
+    cd ./actix-router && cargo rdme --force
--- a/scripts/bump
+++ b/scripts/bump
@ -113,16 +113,23 @@ read -p "Update all references: (y/N) " UPDATE_REFERENCES
 UPDATE_REFERENCES="${UPDATE_REFERENCES:-n}"

 if [ "$UPDATE_REFERENCES" = 'y' ] || [ "$UPDATE_REFERENCES" = 'Y' ]; then
+    if [[ $NEW_VERSION == *".0.0" ]]; then
+        NEW_VERSION_SPEC="${NEW_VERSION%.0.0}"
+    elif [[ $NEW_VERSION == *".0" ]]; then
+        NEW_VERSION_SPEC="${NEW_VERSION%.0}"
+    else
+        NEW_VERSION_SPEC="$NEW_VERSION"
+    fi

    for f in $(fd Cargo.toml); do
        sed -i.bak -E \
-            "s/^(${PACKAGE_NAME} ?= ?\")[^\"]+(\")$/\1${NEW_VERSION}\2/g" $f
+            "s/^(${PACKAGE_NAME} ?= ?\")[^\"]+(\")$/\1${NEW_VERSION_SPEC}\2/g" $f
        sed -i.bak -E \
-            "s/^(${PACKAGE_NAME} ?=.*version ?= ?\")[^\"]+(\".*)$/\1${NEW_VERSION}\2/g" $f
+            "s/^(${PACKAGE_NAME} ?=.*version ?= ?\")[^\"]+(\".*)$/\1${NEW_VERSION_SPEC}\2/g" $f
        sed -i.bak -E \
-            "s/^(.*package ?= ?\"${PACKAGE_NAME}\".*version ?= ?\")[^\"]+(\".*)$/\1${NEW_VERSION}\2/g" $f
+            "s/^(.*package ?= ?\"${PACKAGE_NAME}\".*version ?= ?\")[^\"]+(\".*)$/\1${NEW_VERSION_SPEC}\2/g" $f
        sed -i.bak -E \
-            "s/^(.*version ?= ?\")[^\"]+(\".*package ?= ?\"${PACKAGE_NAME}\".*)$/\1${NEW_VERSION}\2/g" $f
+            "s/^(.*version ?= ?\")[^\"]+(\".*package ?= ?\"${PACKAGE_NAME}\".*)$/\1${NEW_VERSION_SPEC}\2/g" $f

        # remove backup file
        rm -f $f.bak
Author	SHA1	Message	Date
Rob Ede	59bc85fe0e	chore(actix-http-test): prepare release 3.2.0	2024-02-04 00:34:00 +00:00
Rob Ede	3f2fd2d59f	chore(actix-test): prepare release 0.1.3	2024-02-04 00:33:42 +00:00
Rob Ede	17ed73b33e	chore(actix-web-actors): prepare release 4.3.0	2024-02-04 00:33:38 +00:00
Rob Ede	73fa1184f1	chore(awc): prepare release 3.4.0	2024-02-04 00:32:57 +00:00
Rob Ede	8e9e9fbcdd	chore(actix-web): prepare release 4.5.0	2024-02-04 00:32:28 +00:00
Rob Ede	8db3de6ede	chore(actix-http): prepare release 3.6.0	2024-02-04 00:31:14 +00:00
Rob Ede	2125aca2c5	Rustls v0.22 support (#3275 )	2024-02-03 23:55:01 +00:00
Dylan DPC	b1eb57ac4f	Update Cargo.toml (#3276 )	2024-02-03 16:20:07 +00:00
SleeplessOne1917	ae7736f134	Implement `From<&HeaderMap>` for `http::HeaderMap` (#3230 ) * Add From impl for header map references * Add From impl for header map references * Remove Into<HeaderMap> via http::HeaderMap * fix changelog --------- Co-authored-by: SleeplessOne1917 <insomnia-void@protonmail.com> Co-authored-by: Rob Ede <robjtede@icloud.com>	2024-02-01 12:52:35 +00:00
dependabot[bot]	c1f88f718b	build(deps): bump codecov/codecov-action from 3.1.4 to 4.0.0 (#3272 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Rob Ede <robjtede@icloud.com>	2024-02-01 07:34:23 +00:00
dependabot[bot]	7a76ba7340	build(deps): bump taiki-e/install-action from 2.24.1 to 2.26.8 (#3271 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-02-01 07:34:11 +00:00
Rob Ede	8e458b34b7	chore: remove set -e	2024-02-01 06:33:58 +00:00
Rob Ede	e89c881624	ci: use cargo-ci-cache-clean	2024-02-01 06:27:22 +00:00
Rob Ede	5246d24aba	ci: force openssl version 3.2.1	2024-02-01 06:01:28 +00:00
Rob Ede	643a80bff2	ci: workaround half crate msrv	2024-02-01 05:41:28 +00:00
Bruno Paulino	891ab083c6	actix-http: Bump h2 to fix a resource exhaustion vulnerability (#3262 ) Co-authored-by: Rob Ede <robjtede@icloud.com>	2024-01-24 14:17:42 +00:00
Rob Ede	a7375b6876	ci: faster cargo-public-api install (#3255 )	2024-01-22 02:19:19 +00:00
dependabot[bot]	ea8cd6e976	build(deps): bump taiki-e/install-action from 2.25.1 to 2.25.9 (#3252 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-22 01:06:55 +00:00
Vojtech Kral	d453b15ddd	docs: mention result is wrapped in Data in data_factory() docs (#3251 )	2024-01-18 12:32:27 +00:00
John Vandenberg	2915bb7d90	chore: fix typos (#3248 )	2024-01-16 11:29:06 +00:00
dependabot[bot]	e442b00c8c	build(deps): bump taiki-e/install-action from 2.24.1 to 2.25.1 (#3246 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-15 01:24:48 +00:00
dependabot[bot]	ba53c4f875	build(deps): bump actions-rust-lang/setup-rust-toolchain from 1.6.0 to 1.8.0 (#3247 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-15 01:24:21 +00:00
Rob Ede	08a9c66568	docs(files: update readme from crate docs	2024-01-10 04:03:29 +00:00
Rob Ede	83be07d77d	chore(actix-files): prepare release 0.6.5	2024-01-10 04:01:14 +00:00
Rob Ede	33da480709	format project	2024-01-10 04:00:20 +00:00
Dialga	fcfc727295	actix-files: fix handling linebreaks in filenames (#3237 ) Co-authored-by: Rob Ede <robjtede@icloud.com>	2024-01-10 03:56:15 +00:00
Rob Ede	ac04d80d8e	docs: better docs for peer_addr methods	2024-01-08 15:17:40 +00:00
dependabot[bot]	d2bd549eec	build(deps): bump taiki-e/install-action from 2.23.7 to 2.24.1 (#3239 ) Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.23.7 to 2.24.1. - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/taiki-e/install-action/compare/v2.23.7...v2.24.1) --- updated-dependencies: - dependency-name: taiki-e/install-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-08 01:25:54 +00:00