chore: upgrade to rustls v0.23

2025-06-26 17:17:42 +02:00 · 2024-05-25 05:36:36 +01:00
parent d066747672
commit f36601babb
16 changed files with 263 additions and 199 deletions
--- a/middleware/http-to-https/Cargo.toml
+++ b/middleware/http-to-https/Cargo.toml
@ -5,9 +5,9 @@ publish.workspace = true
 edition.workspace = true

 [dependencies]
-actix-web = { workspace = true, features = ["rustls-0_21"] }
+actix-web = { workspace = true, features = ["rustls-0_23"] }
 env_logger.workspace = true
 futures-util.workspace = true
 log.workspace = true
 rustls.workspace = true
-rustls-pemfile = "1"
+rustls-pemfile.workspace = true
--- a/middleware/http-to-https/README.md
+++ b/middleware/http-to-https/README.md
@ -2,7 +2,7 @@

 ## Alternatives

-A pre-built solution is soon to be built-in. For now, see [`RedirectHttps`](https://docs.rs/actix-web-lab/0.18/actix_web_lab/middleware/struct.RedirectHttps.html) from [`actix-web-lab`](https://crates.io/crates/actix-web-lab).
+A pre-built solution is soon to be built-in. For now, see [`RedirectHttps`](https://docs.rs/actix-web-lab/0.20/actix_web_lab/middleware/struct.RedirectHttps.html) from [`actix-web-lab`](https://crates.io/crates/actix-web-lab).

 ## This Example

--- a/middleware/http-to-https/src/main.rs
+++ b/middleware/http-to-https/src/main.rs
@ -2,7 +2,7 @@ use std::{fs::File, io::BufReader};

 use actix_web::{dev::Service, get, http, App, HttpResponse, HttpServer};
 use futures_util::future::{self, Either, FutureExt};
-use rustls::{Certificate, PrivateKey, ServerConfig};
+use rustls::{pki_types::PrivateKeyDer, ServerConfig};
 use rustls_pemfile::{certs, pkcs8_private_keys};

 #[get("/")]
@ -14,27 +14,27 @@ async fn index() -> String {
 async fn main() -> std::io::Result<()> {
    env_logger::init_from_env(env_logger::Env::new().default_filter_or("info"));

+    rustls::crypto::aws_lc_rs::default_provider()
+        .install_default()
+        .unwrap();
+
    let cert_file = &mut BufReader::new(File::open("cert.pem").unwrap());
    let key_file = &mut BufReader::new(File::open("key.pem").unwrap());

-    let cert_chain: Vec<Certificate> = certs(cert_file)
-        .unwrap()
-        .into_iter()
-        .map(Certificate)
-        .collect();
-    let mut keys: Vec<PrivateKey> = pkcs8_private_keys(key_file)
-        .unwrap()
-        .into_iter()
-        .map(PrivateKey)
-        .collect();
+    let cert_chain = certs(cert_file).collect::<Result<Vec<_>, _>>().unwrap();
+    let mut keys = pkcs8_private_keys(key_file)
+        .map(|key| key.map(PrivateKeyDer::Pkcs8))
+        .collect::<Result<Vec<_>, _>>()
+        .unwrap();

    let config = ServerConfig::builder()
-        .with_safe_defaults()
        .with_no_client_auth()
        .with_single_cert(cert_chain, keys.remove(0))
        .unwrap();

-    log::info!("starting HTTP server at http://localhost:8080");
+    log::info!(
+        "starting HTTP server at http://localhost:80 and HTTPS server on http://localhost:443"
+    );

    HttpServer::new(|| {
        App::new()
@ -62,7 +62,7 @@ async fn main() -> std::io::Result<()> {
            .service(index)
    })
    .bind(("127.0.0.1", 80))? // HTTP port
-    .bind_rustls_021(("127.0.0.1", 443), config)? // HTTPS port
+    .bind_rustls_0_23(("127.0.0.1", 443), config)? // HTTPS port
    .run()
    .await
 }