mirror of
https://github.com/fafhrd91/actix-web
synced 2024-11-27 17:52:56 +01:00
2e63ff5928
* Fix type confusion in some scenarios When the feature for rustls 0.22 is enabled, and rustls 0.23 is also present in a project, there suddently exist multiple paths for errors when building middleware chains due to the use of two consecutive `?` operators without specifying the intermediate error type. This commit addresses the issue by removing the first `?`, so that the first error type will always be known, and the second `?` always has a well defined implementation. * Add CHANGES entry about type confusion * actix-http: add rustls 0.23 support * actix-http: update ws example, tests for rustls 0.23 * actix-http: add rustls 0.23 to changelog * Update comments to mention 0.23 instead of 0.22 * awc: add rustls 0.23 support This also fixes certificate lookup when native-roots is enabled for rustls 0.22. * awc: update changelog for rustls 0.23 * awc: Add base rustls-0_23 feature without roots to better enable custom config * actix-test: add rustls-0.23 * actix-test: add rustls 0.23 to changelog * awc: update changelog with rustls 0.23 tweaks * actix-web: add rustls 0.23 * Add rustls-0_23 to CI * Update tls_rustls.rs * review nits * review nits part 2 * fix doc test --------- Co-authored-by: Rob Ede <robjtede@icloud.com>
76 lines
2.2 KiB
Rust
76 lines
2.2 KiB
Rust
//! Demonstrates TLS configuration (via Rustls) for HTTP/1.1 and HTTP/2 connections.
|
|
//!
|
|
//! Test using cURL:
|
|
//!
|
|
//! ```console
|
|
//! $ curl --insecure https://127.0.0.1:8443
|
|
//! Hello World!
|
|
//! Protocol: HTTP/2.0
|
|
//!
|
|
//! $ curl --insecure --http1.1 https://127.0.0.1:8443
|
|
//! Hello World!
|
|
//! Protocol: HTTP/1.1
|
|
//! ```
|
|
|
|
extern crate tls_rustls_023 as rustls;
|
|
|
|
use std::io;
|
|
|
|
use actix_http::{Error, HttpService, Request, Response};
|
|
use actix_utils::future::ok;
|
|
|
|
#[actix_rt::main]
|
|
async fn main() -> io::Result<()> {
|
|
env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));
|
|
|
|
tracing::info!("starting HTTP server at https://127.0.0.1:8443");
|
|
|
|
actix_server::Server::build()
|
|
.bind("echo", ("127.0.0.1", 8443), || {
|
|
HttpService::build()
|
|
.finish(|req: Request| {
|
|
let body = format!(
|
|
"Hello World!\n\
|
|
Protocol: {:?}",
|
|
req.head().version
|
|
);
|
|
ok::<_, Error>(Response::ok().set_body(body))
|
|
})
|
|
.rustls_0_23(rustls_config())
|
|
})?
|
|
.run()
|
|
.await
|
|
}
|
|
|
|
fn rustls_config() -> rustls::ServerConfig {
|
|
let cert = rcgen::generate_simple_self_signed(vec!["localhost".to_owned()]).unwrap();
|
|
let cert_file = cert.serialize_pem().unwrap();
|
|
let key_file = cert.serialize_private_key_pem();
|
|
|
|
let cert_file = &mut io::BufReader::new(cert_file.as_bytes());
|
|
let key_file = &mut io::BufReader::new(key_file.as_bytes());
|
|
|
|
let cert_chain = rustls_pemfile::certs(cert_file)
|
|
.collect::<Result<Vec<_>, _>>()
|
|
.unwrap();
|
|
let mut keys = rustls_pemfile::pkcs8_private_keys(key_file)
|
|
.collect::<Result<Vec<_>, _>>()
|
|
.unwrap();
|
|
|
|
let mut config = rustls::ServerConfig::builder()
|
|
.with_no_client_auth()
|
|
.with_single_cert(
|
|
cert_chain,
|
|
rustls::pki_types::PrivateKeyDer::Pkcs8(keys.remove(0)),
|
|
)
|
|
.unwrap();
|
|
|
|
const H1_ALPN: &[u8] = b"http/1.1";
|
|
const H2_ALPN: &[u8] = b"h2";
|
|
|
|
config.alpn_protocols.push(H2_ALPN.to_vec());
|
|
config.alpn_protocols.push(H1_ALPN.to_vec());
|
|
|
|
config
|
|
}
|