mirror of
https://github.com/actix/actix-web.git
synced 2024-05-28 21:28:10 +00:00
Merge 07ad115185
into fff45b28f4
This commit is contained in:
commit
f54d1bd5e9
|
@ -2,6 +2,11 @@
|
|||
|
||||
## Unreleased
|
||||
|
||||
### Added
|
||||
|
||||
- Add `rustls-0_23` crate feature
|
||||
- Add `{h1::H1Service, h2::H2Service, HttpService}::rustls_0_23()` and `HttpService::rustls_0_23_with_config()` service constructors.
|
||||
|
||||
### Changed
|
||||
|
||||
- Update `brotli` dependency to `6`.
|
||||
|
|
|
@ -28,6 +28,7 @@ features = [
|
|||
"rustls-0_20",
|
||||
"rustls-0_21",
|
||||
"rustls-0_22",
|
||||
"rustls-0_23",
|
||||
"compress-brotli",
|
||||
"compress-gzip",
|
||||
"compress-zstd",
|
||||
|
@ -66,6 +67,9 @@ rustls-0_21 = ["actix-tls/accept", "actix-tls/rustls-0_21"]
|
|||
# TLS via Rustls v0.22
|
||||
rustls-0_22 = ["actix-tls/accept", "actix-tls/rustls-0_22"]
|
||||
|
||||
# TLS via Rustls v0.23
|
||||
rustls-0_23 = ["actix-tls/accept", "actix-tls/rustls-0_23"]
|
||||
|
||||
# Compression codecs
|
||||
compress-brotli = ["__compress", "brotli"]
|
||||
compress-gzip = ["__compress", "flate2"]
|
||||
|
@ -121,7 +125,7 @@ zstd = { version = "0.13", optional = true }
|
|||
[dev-dependencies]
|
||||
actix-http-test = { version = "3", features = ["openssl"] }
|
||||
actix-server = "2"
|
||||
actix-tls = { version = "3.3", features = ["openssl", "rustls-0_22-webpki-roots"] }
|
||||
actix-tls = { version = "3.3", features = ["openssl", "rustls-0_23-webpki-roots"] }
|
||||
actix-web = "4"
|
||||
|
||||
async-stream = "0.3"
|
||||
|
@ -139,16 +143,16 @@ serde = { version = "1.0", features = ["derive"] }
|
|||
serde_json = "1.0"
|
||||
static_assertions = "1"
|
||||
tls-openssl = { package = "openssl", version = "0.10.55" }
|
||||
tls-rustls_022 = { package = "rustls", version = "0.22" }
|
||||
tls-rustls_023 = { package = "rustls", version = "0.23" }
|
||||
tokio = { version = "1.24.2", features = ["net", "rt", "macros"] }
|
||||
|
||||
[[example]]
|
||||
name = "ws"
|
||||
required-features = ["ws", "rustls-0_22"]
|
||||
required-features = ["ws", "rustls-0_23"]
|
||||
|
||||
[[example]]
|
||||
name = "tls_rustls"
|
||||
required-features = ["http2", "rustls-0_22"]
|
||||
required-features = ["http2", "rustls-0_23"]
|
||||
|
||||
[[bench]]
|
||||
name = "response-body-compression"
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
//! Protocol: HTTP/1.1
|
||||
//! ```
|
||||
|
||||
extern crate tls_rustls_022 as rustls;
|
||||
use tls_rustls_023 as rustls;
|
||||
|
||||
use std::io;
|
||||
|
||||
|
@ -36,7 +36,7 @@ async fn main() -> io::Result<()> {
|
|||
);
|
||||
ok::<_, Error>(Response::ok().set_body(body))
|
||||
})
|
||||
.rustls_0_22(rustls_config())
|
||||
.rustls_0_23(rustls_config())
|
||||
})?
|
||||
.run()
|
||||
.await
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
//! Sets up a WebSocket server over TCP and TLS.
|
||||
//! Sends a heartbeat message every 4 seconds but does not respond to any incoming frames.
|
||||
|
||||
extern crate tls_rustls_022 as rustls;
|
||||
extern crate tls_rustls_023 as rustls;
|
||||
|
||||
use std::{
|
||||
io,
|
||||
|
@ -30,7 +30,7 @@ async fn main() -> io::Result<()> {
|
|||
.bind("tls", ("127.0.0.1", 8443), || {
|
||||
HttpService::build()
|
||||
.finish(handler)
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
})?
|
||||
.run()
|
||||
.await
|
||||
|
|
|
@ -335,6 +335,67 @@ mod rustls_0_22 {
|
|||
}
|
||||
}
|
||||
|
||||
#[cfg(feature = "rustls-0_23")]
|
||||
mod rustls_0_23 {
|
||||
use std::io;
|
||||
|
||||
use actix_service::ServiceFactoryExt as _;
|
||||
use actix_tls::accept::{
|
||||
rustls_0_23::{reexports::ServerConfig, Acceptor, TlsStream},
|
||||
TlsError,
|
||||
};
|
||||
|
||||
use super::*;
|
||||
|
||||
impl<S, B, X, U> H1Service<TlsStream<TcpStream>, S, B, X, U>
|
||||
where
|
||||
S: ServiceFactory<Request, Config = ()>,
|
||||
S::Future: 'static,
|
||||
S::Error: Into<Response<BoxBody>>,
|
||||
S::InitError: fmt::Debug,
|
||||
S::Response: Into<Response<B>>,
|
||||
|
||||
B: MessageBody,
|
||||
|
||||
X: ServiceFactory<Request, Config = (), Response = Request>,
|
||||
X::Future: 'static,
|
||||
X::Error: Into<Response<BoxBody>>,
|
||||
X::InitError: fmt::Debug,
|
||||
|
||||
U: ServiceFactory<
|
||||
(Request, Framed<TlsStream<TcpStream>, Codec>),
|
||||
Config = (),
|
||||
Response = (),
|
||||
>,
|
||||
U::Future: 'static,
|
||||
U::Error: fmt::Display + Into<Response<BoxBody>>,
|
||||
U::InitError: fmt::Debug,
|
||||
{
|
||||
/// Create Rustls v0.23 based service.
|
||||
pub fn rustls_0_23(
|
||||
self,
|
||||
config: ServerConfig,
|
||||
) -> impl ServiceFactory<
|
||||
TcpStream,
|
||||
Config = (),
|
||||
Response = (),
|
||||
Error = TlsError<io::Error, DispatchError>,
|
||||
InitError = (),
|
||||
> {
|
||||
Acceptor::new(config)
|
||||
.map_init_err(|_| {
|
||||
unreachable!("TLS acceptor service factory does not error on init")
|
||||
})
|
||||
.map_err(TlsError::into_service_error)
|
||||
.map(|io: TlsStream<TcpStream>| {
|
||||
let peer_addr = io.get_ref().0.peer_addr().ok();
|
||||
(io, peer_addr)
|
||||
})
|
||||
.and_then(self.map_err(TlsError::Service))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl<T, S, B, X, U> H1Service<T, S, B, X, U>
|
||||
where
|
||||
S: ServiceFactory<Request, Config = ()>,
|
||||
|
|
|
@ -293,6 +293,57 @@ mod rustls_0_22 {
|
|||
}
|
||||
}
|
||||
|
||||
#[cfg(feature = "rustls-0_23")]
|
||||
mod rustls_0_23 {
|
||||
use std::io;
|
||||
|
||||
use actix_service::ServiceFactoryExt as _;
|
||||
use actix_tls::accept::{
|
||||
rustls_0_23::{reexports::ServerConfig, Acceptor, TlsStream},
|
||||
TlsError,
|
||||
};
|
||||
|
||||
use super::*;
|
||||
|
||||
impl<S, B> H2Service<TlsStream<TcpStream>, S, B>
|
||||
where
|
||||
S: ServiceFactory<Request, Config = ()>,
|
||||
S::Future: 'static,
|
||||
S::Error: Into<Response<BoxBody>> + 'static,
|
||||
S::Response: Into<Response<B>> + 'static,
|
||||
<S::Service as Service<Request>>::Future: 'static,
|
||||
|
||||
B: MessageBody + 'static,
|
||||
{
|
||||
/// Create Rustls v0.23 based service.
|
||||
pub fn rustls_0_23(
|
||||
self,
|
||||
mut config: ServerConfig,
|
||||
) -> impl ServiceFactory<
|
||||
TcpStream,
|
||||
Config = (),
|
||||
Response = (),
|
||||
Error = TlsError<io::Error, DispatchError>,
|
||||
InitError = S::InitError,
|
||||
> {
|
||||
let mut protos = vec![b"h2".to_vec()];
|
||||
protos.extend_from_slice(&config.alpn_protocols);
|
||||
config.alpn_protocols = protos;
|
||||
|
||||
Acceptor::new(config)
|
||||
.map_init_err(|_| {
|
||||
unreachable!("TLS acceptor service factory does not error on init")
|
||||
})
|
||||
.map_err(TlsError::into_service_error)
|
||||
.map(|io: TlsStream<TcpStream>| {
|
||||
let peer_addr = io.get_ref().0.peer_addr().ok();
|
||||
(io, peer_addr)
|
||||
})
|
||||
.and_then(self.map_err(TlsError::Service))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl<T, S, B> ServiceFactory<(T, Option<net::SocketAddr>)> for H2Service<T, S, B>
|
||||
where
|
||||
T: AsyncRead + AsyncWrite + Unpin + 'static,
|
||||
|
|
|
@ -6,7 +6,10 @@
|
|||
//! | ------------------- | ------------------------------------------- |
|
||||
//! | `http2` | HTTP/2 support via [h2]. |
|
||||
//! | `openssl` | TLS support via [OpenSSL]. |
|
||||
//! | `rustls` | TLS support via [rustls]. |
|
||||
//! | `rustls` | TLS support via [rustls] 0.20. |
|
||||
//! | `rustls-0_21` | TLS support via [rustls] 0.21. |
|
||||
//! | `rustls-0_22` | TLS support via [rustls] 0.22. |
|
||||
//! | `rustls-0_23` | TLS support via [rustls] 0.23. |
|
||||
//! | `compress-brotli` | Payload compression support: Brotli. |
|
||||
//! | `compress-gzip` | Payload compression support: Deflate, Gzip. |
|
||||
//! | `compress-zstd` | Payload compression support: Zstd. |
|
||||
|
@ -28,7 +31,7 @@
|
|||
#![doc(html_favicon_url = "https://actix.rs/favicon.ico")]
|
||||
#![cfg_attr(docsrs, feature(doc_auto_cfg))]
|
||||
|
||||
pub use ::http::{uri, uri::Uri, Method, StatusCode, Version};
|
||||
pub use http::{uri, uri::Uri, Method, StatusCode, Version};
|
||||
|
||||
pub mod body;
|
||||
mod builder;
|
||||
|
@ -63,6 +66,7 @@ pub use self::payload::PayloadStream;
|
|||
feature = "rustls-0_20",
|
||||
feature = "rustls-0_21",
|
||||
feature = "rustls-0_22",
|
||||
feature = "rustls-0_23",
|
||||
))]
|
||||
pub use self::service::TlsAcceptorConfig;
|
||||
pub use self::{
|
||||
|
|
|
@ -246,6 +246,7 @@ where
|
|||
feature = "rustls-0_20",
|
||||
feature = "rustls-0_21",
|
||||
feature = "rustls-0_22",
|
||||
feature = "rustls-0_23",
|
||||
))]
|
||||
#[derive(Debug, Default)]
|
||||
pub struct TlsAcceptorConfig {
|
||||
|
@ -257,6 +258,7 @@ pub struct TlsAcceptorConfig {
|
|||
feature = "rustls-0_20",
|
||||
feature = "rustls-0_21",
|
||||
feature = "rustls-0_22",
|
||||
feature = "rustls-0_23",
|
||||
))]
|
||||
impl TlsAcceptorConfig {
|
||||
/// Set TLS handshake timeout duration.
|
||||
|
@ -650,6 +652,102 @@ mod rustls_0_22 {
|
|||
}
|
||||
}
|
||||
|
||||
#[cfg(feature = "rustls-0_23")]
|
||||
mod rustls_0_23 {
|
||||
use std::io;
|
||||
|
||||
use actix_service::ServiceFactoryExt as _;
|
||||
use actix_tls::accept::{
|
||||
rustls_0_23::{reexports::ServerConfig, Acceptor, TlsStream},
|
||||
TlsError,
|
||||
};
|
||||
|
||||
use super::*;
|
||||
|
||||
impl<S, B, X, U> HttpService<TlsStream<TcpStream>, S, B, X, U>
|
||||
where
|
||||
S: ServiceFactory<Request, Config = ()>,
|
||||
S::Future: 'static,
|
||||
S::Error: Into<Response<BoxBody>> + 'static,
|
||||
S::InitError: fmt::Debug,
|
||||
S::Response: Into<Response<B>> + 'static,
|
||||
<S::Service as Service<Request>>::Future: 'static,
|
||||
|
||||
B: MessageBody + 'static,
|
||||
|
||||
X: ServiceFactory<Request, Config = (), Response = Request>,
|
||||
X::Future: 'static,
|
||||
X::Error: Into<Response<BoxBody>>,
|
||||
X::InitError: fmt::Debug,
|
||||
|
||||
U: ServiceFactory<
|
||||
(Request, Framed<TlsStream<TcpStream>, h1::Codec>),
|
||||
Config = (),
|
||||
Response = (),
|
||||
>,
|
||||
U::Future: 'static,
|
||||
U::Error: fmt::Display + Into<Response<BoxBody>>,
|
||||
U::InitError: fmt::Debug,
|
||||
{
|
||||
/// Create Rustls v0.23 based service.
|
||||
pub fn rustls_0_23(
|
||||
self,
|
||||
config: ServerConfig,
|
||||
) -> impl ServiceFactory<
|
||||
TcpStream,
|
||||
Config = (),
|
||||
Response = (),
|
||||
Error = TlsError<io::Error, DispatchError>,
|
||||
InitError = (),
|
||||
> {
|
||||
self.rustls_0_23_with_config(config, TlsAcceptorConfig::default())
|
||||
}
|
||||
|
||||
/// Create Rustls v0.23 based service with custom TLS acceptor configuration.
|
||||
pub fn rustls_0_23_with_config(
|
||||
self,
|
||||
mut config: ServerConfig,
|
||||
tls_acceptor_config: TlsAcceptorConfig,
|
||||
) -> impl ServiceFactory<
|
||||
TcpStream,
|
||||
Config = (),
|
||||
Response = (),
|
||||
Error = TlsError<io::Error, DispatchError>,
|
||||
InitError = (),
|
||||
> {
|
||||
let mut protos = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
|
||||
protos.extend_from_slice(&config.alpn_protocols);
|
||||
config.alpn_protocols = protos;
|
||||
|
||||
let mut acceptor = Acceptor::new(config);
|
||||
|
||||
if let Some(handshake_timeout) = tls_acceptor_config.handshake_timeout {
|
||||
acceptor.set_handshake_timeout(handshake_timeout);
|
||||
}
|
||||
|
||||
acceptor
|
||||
.map_init_err(|_| {
|
||||
unreachable!("TLS acceptor service factory does not error on init")
|
||||
})
|
||||
.map_err(TlsError::into_service_error)
|
||||
.and_then(|io: TlsStream<TcpStream>| async {
|
||||
let proto = if let Some(protos) = io.get_ref().1.alpn_protocol() {
|
||||
if protos.windows(2).any(|window| window == b"h2") {
|
||||
Protocol::Http2
|
||||
} else {
|
||||
Protocol::Http1
|
||||
}
|
||||
} else {
|
||||
Protocol::Http1
|
||||
};
|
||||
let peer_addr = io.get_ref().0.peer_addr().ok();
|
||||
Ok((io, proto, peer_addr))
|
||||
})
|
||||
.and_then(self.map_err(TlsError::Service))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl<T, S, B, X, U> ServiceFactory<(T, Protocol, Option<net::SocketAddr>)>
|
||||
for HttpService<T, S, B, X, U>
|
||||
where
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#![cfg(feature = "rustls-0_22")]
|
||||
#![cfg(feature = "rustls-0_23")]
|
||||
|
||||
extern crate tls_rustls_022 as rustls;
|
||||
extern crate tls_rustls_023 as rustls;
|
||||
|
||||
use std::{
|
||||
convert::Infallible,
|
||||
|
@ -20,7 +20,7 @@ use actix_http::{
|
|||
use actix_http_test::test_server;
|
||||
use actix_rt::pin;
|
||||
use actix_service::{fn_factory_with_config, fn_service};
|
||||
use actix_tls::connect::rustls_0_22::webpki_roots_cert_store;
|
||||
use actix_tls::connect::rustls_0_23::webpki_roots_cert_store;
|
||||
use actix_utils::future::{err, ok, poll_fn};
|
||||
use bytes::{Bytes, BytesMut};
|
||||
use derive_more::{Display, Error};
|
||||
|
@ -108,7 +108,7 @@ async fn h1() -> io::Result<()> {
|
|||
let srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h1(|_| ok::<_, Error>(Response::ok()))
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -122,7 +122,7 @@ async fn h2() -> io::Result<()> {
|
|||
let srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h2(|_| ok::<_, Error>(Response::ok()))
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -140,7 +140,7 @@ async fn h1_1() -> io::Result<()> {
|
|||
assert_eq!(req.version(), Version::HTTP_11);
|
||||
ok::<_, Error>(Response::ok())
|
||||
})
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -158,7 +158,7 @@ async fn h2_1() -> io::Result<()> {
|
|||
assert_eq!(req.version(), Version::HTTP_2);
|
||||
ok::<_, Error>(Response::ok())
|
||||
})
|
||||
.rustls_0_22_with_config(
|
||||
.rustls_0_23_with_config(
|
||||
tls_config(),
|
||||
TlsAcceptorConfig::default().handshake_timeout(Duration::from_secs(5)),
|
||||
)
|
||||
|
@ -179,7 +179,7 @@ async fn h2_body1() -> io::Result<()> {
|
|||
let body = load_body(req.take_payload()).await?;
|
||||
Ok::<_, Error>(Response::ok().set_body(body))
|
||||
})
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -205,7 +205,7 @@ async fn h2_content_length() {
|
|||
];
|
||||
ok::<_, Infallible>(Response::new(statuses[indx]))
|
||||
})
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -277,7 +277,7 @@ async fn h2_headers() {
|
|||
}
|
||||
ok::<_, Infallible>(config.body(data.clone()))
|
||||
})
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -316,7 +316,7 @@ async fn h2_body2() {
|
|||
let mut srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h2(|_| ok::<_, Infallible>(Response::ok().set_body(STR)))
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -333,7 +333,7 @@ async fn h2_head_empty() {
|
|||
let mut srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.finish(|_| ok::<_, Infallible>(Response::ok().set_body(STR)))
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -359,7 +359,7 @@ async fn h2_head_binary() {
|
|||
let mut srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h2(|_| ok::<_, Infallible>(Response::ok().set_body(STR)))
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -384,7 +384,7 @@ async fn h2_head_binary2() {
|
|||
let srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h2(|_| ok::<_, Infallible>(Response::ok().set_body(STR)))
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -410,7 +410,7 @@ async fn h2_body_length() {
|
|||
Response::ok().set_body(SizedStream::new(STR.len() as u64, body)),
|
||||
)
|
||||
})
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -434,7 +434,7 @@ async fn h2_body_chunked_explicit() {
|
|||
.body(BodyStream::new(body)),
|
||||
)
|
||||
})
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -463,7 +463,7 @@ async fn h2_response_http_error_handling() {
|
|||
)
|
||||
}))
|
||||
}))
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -493,7 +493,7 @@ async fn h2_service_error() {
|
|||
let mut srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h2(|_| err::<Response<BoxBody>, _>(BadRequest))
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -510,7 +510,7 @@ async fn h1_service_error() {
|
|||
let mut srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h1(|_| err::<Response<BoxBody>, _>(BadRequest))
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -533,7 +533,7 @@ async fn alpn_h1() -> io::Result<()> {
|
|||
config.alpn_protocols.push(CUSTOM_ALPN_PROTOCOL.to_vec());
|
||||
HttpService::build()
|
||||
.h1(|_| ok::<_, Error>(Response::ok()))
|
||||
.rustls_0_22(config)
|
||||
.rustls_0_23(config)
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -555,7 +555,7 @@ async fn alpn_h2() -> io::Result<()> {
|
|||
config.alpn_protocols.push(CUSTOM_ALPN_PROTOCOL.to_vec());
|
||||
HttpService::build()
|
||||
.h2(|_| ok::<_, Error>(Response::ok()))
|
||||
.rustls_0_22(config)
|
||||
.rustls_0_23(config)
|
||||
})
|
||||
.await;
|
||||
|
||||
|
@ -581,7 +581,7 @@ async fn alpn_h2_1() -> io::Result<()> {
|
|||
config.alpn_protocols.push(CUSTOM_ALPN_PROTOCOL.to_vec());
|
||||
HttpService::build()
|
||||
.finish(|_| ok::<_, Error>(Response::ok()))
|
||||
.rustls_0_22(config)
|
||||
.rustls_0_23(config)
|
||||
})
|
||||
.await;
|
||||
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
## Unreleased
|
||||
|
||||
- Minimum supported Rust version (MSRV) is now 1.72.
|
||||
- Add `TestServerConfig::rustls_0_23()` method for Rustls v0.23 support behind new `rustls-0_23` crate feature.
|
||||
|
||||
## 0.1.3
|
||||
|
||||
|
|
|
@ -29,6 +29,8 @@ rustls-0_20 = ["tls-rustls-0_20", "actix-http/rustls-0_20", "awc/rustls-0_20"]
|
|||
rustls-0_21 = ["tls-rustls-0_21", "actix-http/rustls-0_21", "awc/rustls-0_21"]
|
||||
# TLS via Rustls v0.22
|
||||
rustls-0_22 = ["tls-rustls-0_22", "actix-http/rustls-0_22", "awc/rustls-0_22-webpki-roots"]
|
||||
# TLS via Rustls v0.22
|
||||
rustls-0_23 = ["tls-rustls-0_23", "actix-http/rustls-0_23", "awc/rustls-0_23-webpki-roots"]
|
||||
|
||||
# TLS via OpenSSL
|
||||
openssl = ["tls-openssl", "actix-http/openssl", "awc/openssl"]
|
||||
|
@ -53,4 +55,5 @@ tls-openssl = { package = "openssl", version = "0.10.55", optional = true }
|
|||
tls-rustls-0_20 = { package = "rustls", version = "0.20", optional = true }
|
||||
tls-rustls-0_21 = { package = "rustls", version = "0.21", optional = true }
|
||||
tls-rustls-0_22 = { package = "rustls", version = "0.22", optional = true }
|
||||
tls-rustls-0_23 = { package = "rustls", version = "0.23", default-features = false, optional = true }
|
||||
tokio = { version = "1.24.2", features = ["sync"] }
|
||||
|
|
|
@ -145,6 +145,8 @@ where
|
|||
StreamType::Rustls021(_) => true,
|
||||
#[cfg(feature = "rustls-0_22")]
|
||||
StreamType::Rustls022(_) => true,
|
||||
#[cfg(feature = "rustls-0_23")]
|
||||
StreamType::Rustls023(_) => true,
|
||||
};
|
||||
|
||||
// run server in separate orphaned thread
|
||||
|
@ -371,6 +373,48 @@ where
|
|||
.rustls_0_22(config.clone())
|
||||
}),
|
||||
},
|
||||
#[cfg(feature = "rustls-0_23")]
|
||||
StreamType::Rustls023(config) => match cfg.tp {
|
||||
HttpVer::Http1 => builder.listen("test", tcp, move || {
|
||||
let app_cfg =
|
||||
AppConfig::__priv_test_new(false, local_addr.to_string(), local_addr);
|
||||
|
||||
let fac = factory()
|
||||
.into_factory()
|
||||
.map_err(|err| err.into().error_response());
|
||||
|
||||
HttpService::build()
|
||||
.client_request_timeout(timeout)
|
||||
.h1(map_config(fac, move |_| app_cfg.clone()))
|
||||
.rustls_0_23(config.clone())
|
||||
}),
|
||||
HttpVer::Http2 => builder.listen("test", tcp, move || {
|
||||
let app_cfg =
|
||||
AppConfig::__priv_test_new(false, local_addr.to_string(), local_addr);
|
||||
|
||||
let fac = factory()
|
||||
.into_factory()
|
||||
.map_err(|err| err.into().error_response());
|
||||
|
||||
HttpService::build()
|
||||
.client_request_timeout(timeout)
|
||||
.h2(map_config(fac, move |_| app_cfg.clone()))
|
||||
.rustls_0_23(config.clone())
|
||||
}),
|
||||
HttpVer::Both => builder.listen("test", tcp, move || {
|
||||
let app_cfg =
|
||||
AppConfig::__priv_test_new(false, local_addr.to_string(), local_addr);
|
||||
|
||||
let fac = factory()
|
||||
.into_factory()
|
||||
.map_err(|err| err.into().error_response());
|
||||
|
||||
HttpService::build()
|
||||
.client_request_timeout(timeout)
|
||||
.finish(map_config(fac, move |_| app_cfg.clone()))
|
||||
.rustls_0_23(config.clone())
|
||||
}),
|
||||
},
|
||||
}
|
||||
.expect("test server could not be created");
|
||||
|
||||
|
@ -447,6 +491,8 @@ enum StreamType {
|
|||
Rustls021(tls_rustls_0_21::ServerConfig),
|
||||
#[cfg(feature = "rustls-0_22")]
|
||||
Rustls022(tls_rustls_0_22::ServerConfig),
|
||||
#[cfg(feature = "rustls-0_23")]
|
||||
Rustls023(tls_rustls_0_23::ServerConfig),
|
||||
}
|
||||
|
||||
/// Create default test server config.
|
||||
|
@ -537,6 +583,13 @@ impl TestServerConfig {
|
|||
self
|
||||
}
|
||||
|
||||
/// Accepts secure connections via Rustls v0.22.
|
||||
#[cfg(feature = "rustls-0_23")]
|
||||
pub fn rustls_0_23(mut self, config: tls_rustls_0_23::ServerConfig) -> Self {
|
||||
self.stream = StreamType::Rustls023(config);
|
||||
self
|
||||
}
|
||||
|
||||
/// Sets client timeout for first request.
|
||||
pub fn client_request_timeout(mut self, dur: Duration) -> Self {
|
||||
self.client_request_timeout = dur;
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
|
||||
- Update `brotli` dependency to `6`.
|
||||
- Minimum supported Rust version (MSRV) is now 1.72.
|
||||
- Avoid type confusion in rare circumstances
|
||||
|
||||
### Fixed
|
||||
|
||||
|
|
|
@ -4,6 +4,9 @@
|
|||
|
||||
- Update `brotli` dependency to `6`.
|
||||
- Minimum supported Rust version (MSRV) is now 1.72.
|
||||
- Add `rustls-0_23`, `rustls-0_23-webpki-roots`, and `rustls-0_23-native-roots` crate features.
|
||||
- Add `awc::Connector::rustls_0_23()` method.
|
||||
- Fix `rustls-0_22-native-roots` root store lookup
|
||||
|
||||
## 3.4.0
|
||||
|
||||
|
|
|
@ -27,6 +27,7 @@ features = [
|
|||
"rustls-0_20",
|
||||
"rustls-0_21",
|
||||
"rustls-0_22-webpki-roots",
|
||||
"rustls-0_23-webpki-roots",
|
||||
"compress-brotli",
|
||||
"compress-gzip",
|
||||
"compress-zstd",
|
||||
|
@ -48,6 +49,12 @@ rustls-0_21 = ["tls-rustls-0_21", "actix-tls/rustls-0_21"]
|
|||
rustls-0_22-webpki-roots = ["tls-rustls-0_22", "actix-tls/rustls-0_22-webpki-roots"]
|
||||
# TLS via Rustls v0.22 (Native roots)
|
||||
rustls-0_22-native-roots = ["tls-rustls-0_22", "actix-tls/rustls-0_22-native-roots"]
|
||||
# TLS via Rustls v0.23
|
||||
rustls-0_23 = ["tls-rustls-0_23", "actix-tls/rustls-0_23"]
|
||||
# TLS via Rustls v0.23 (WebPKI roots)
|
||||
rustls-0_23-webpki-roots = ["rustls-0_23", "actix-tls/rustls-0_23-webpki-roots"]
|
||||
# TLS via Rustls v0.23 (Native roots)
|
||||
rustls-0_23-native-roots = ["rustls-0_23", "actix-tls/rustls-0_23-native-roots"]
|
||||
|
||||
# Brotli algorithm content-encoding support
|
||||
compress-brotli = ["actix-http/compress-brotli", "__compress"]
|
||||
|
@ -104,6 +111,7 @@ tls-openssl = { package = "openssl", version = "0.10.55", optional = true }
|
|||
tls-rustls-0_20 = { package = "rustls", version = "0.20", optional = true, features = ["dangerous_configuration"] }
|
||||
tls-rustls-0_21 = { package = "rustls", version = "0.21", optional = true, features = ["dangerous_configuration"] }
|
||||
tls-rustls-0_22 = { package = "rustls", version = "0.22", optional = true }
|
||||
tls-rustls-0_23 = { package = "rustls", version = "0.23", optional = true, default-features = false }
|
||||
|
||||
trust-dns-resolver = { version = "0.23", optional = true }
|
||||
|
||||
|
@ -111,8 +119,8 @@ trust-dns-resolver = { version = "0.23", optional = true }
|
|||
actix-http = { version = "3.6", features = ["openssl"] }
|
||||
actix-http-test = { version = "3", features = ["openssl"] }
|
||||
actix-server = "2"
|
||||
actix-test = { version = "0.1", features = ["openssl", "rustls-0_22"] }
|
||||
actix-tls = { version = "3.3", features = ["openssl", "rustls-0_22"] }
|
||||
actix-test = { version = "0.1", features = ["openssl", "rustls-0_23"] }
|
||||
actix-tls = { version = "3.3", features = ["openssl", "rustls-0_23"] }
|
||||
actix-utils = "3"
|
||||
actix-web = { version = "4", features = ["openssl"] }
|
||||
|
||||
|
@ -126,7 +134,8 @@ rcgen = "0.12"
|
|||
rustls-pemfile = "2"
|
||||
tokio = { version = "1.24.2", features = ["rt-multi-thread", "macros"] }
|
||||
zstd = "0.13"
|
||||
tls-rustls-0_23 = { package = "rustls", version = "0.23" } # add rustls 0.23 with default features to make aws_lc_rs work in tests
|
||||
|
||||
[[example]]
|
||||
name = "client"
|
||||
required-features = ["rustls-0_22-webpki-roots"]
|
||||
required-features = ["rustls-0_23-webpki-roots"]
|
||||
|
|
|
@ -37,6 +37,12 @@ pub struct ClientBuilder<S = (), M = ()> {
|
|||
}
|
||||
|
||||
impl ClientBuilder {
|
||||
/// Create a new ClientBuilder with default settings
|
||||
///
|
||||
/// Note: If the `rustls-0_23` feature is enabled and neither `rustls-0_23-native-roots` nor
|
||||
/// `rustls-0_23-webpki-roots` are enabled, this ClientBuilder will build without TLS. In order
|
||||
/// to enable TLS in this scenario, a custom `Connector` _must_ be added to the builder before
|
||||
/// finishing constrution.
|
||||
#[allow(clippy::new_ret_no_self)]
|
||||
pub fn new() -> ClientBuilder<
|
||||
impl Service<
|
||||
|
|
|
@ -57,6 +57,10 @@ enum OurTlsConnector {
|
|||
))]
|
||||
#[allow(dead_code)] // false positive; used in build_tls
|
||||
Rustls022(std::sync::Arc<actix_tls::connect::rustls_0_22::reexports::ClientConfig>),
|
||||
|
||||
#[cfg(feature = "rustls-0_23")]
|
||||
#[allow(dead_code)] // false positive; used in build_tls
|
||||
Rustls023(std::sync::Arc<actix_tls::connect::rustls_0_23::reexports::ClientConfig>),
|
||||
}
|
||||
|
||||
/// Manages HTTP client network connectivity.
|
||||
|
@ -80,6 +84,13 @@ pub struct Connector<T> {
|
|||
}
|
||||
|
||||
impl Connector<()> {
|
||||
/// Create a new connector with default TLS settings
|
||||
///
|
||||
/// Panicking:
|
||||
/// - When the `rustls-0_23-webpki-roots` or `rustls-0_23-native-roots` features are enabled
|
||||
/// and no default cyrpto provider has been loaded, this method will panic.
|
||||
/// - When the `rustls-0_23-native-roots` or `rustls-0_22-native-roots` features are enabled
|
||||
/// and the runtime system has no native root certificates, this method will panic.
|
||||
#[allow(clippy::new_ret_no_self, clippy::let_unit_value)]
|
||||
pub fn new() -> Connector<
|
||||
impl Service<
|
||||
|
@ -96,10 +107,32 @@ impl Connector<()> {
|
|||
}
|
||||
|
||||
cfg_if::cfg_if! {
|
||||
if #[cfg(any(feature = "rustls-0_22-webpki-roots", feature = "rustls-0_22-webpki-roots"))] {
|
||||
/// Build TLS connector with Rustls v0.22, based on supplied ALPN protocols.
|
||||
if #[cfg(any(feature = "rustls-0_23-webpki-roots", feature = "rustls-0_23-native-roots"))] {
|
||||
/// Build TLS connector with Rustls v0.23, based on supplied ALPN protocols.
|
||||
///
|
||||
/// Note that if other TLS crate features are enabled, Rustls v0.22 will be used.
|
||||
/// Note that if other TLS crate features are enabled, Rustls v0.23 will be used.
|
||||
fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
|
||||
use actix_tls::connect::rustls_0_23::{self, reexports::ClientConfig};
|
||||
|
||||
cfg_if::cfg_if! {
|
||||
if #[cfg(feature = "rustls-0_23-webpki-roots")] {
|
||||
let certs = rustls_0_23::webpki_roots_cert_store();
|
||||
} else if #[cfg(feature = "rustls-0_23-native-roots")] {
|
||||
let certs = rustls_0_23::native_roots_cert_store().expect("Failed to find native root certificates");
|
||||
}
|
||||
}
|
||||
|
||||
let mut config = ClientConfig::builder()
|
||||
.with_root_certificates(certs)
|
||||
.with_no_client_auth();
|
||||
|
||||
config.alpn_protocols = protocols;
|
||||
|
||||
OurTlsConnector::Rustls023(std::sync::Arc::new(config))
|
||||
}
|
||||
|
||||
} else if #[cfg(any(feature = "rustls-0_22-webpki-roots", feature = "rustls-0_22-native-roots"))] {
|
||||
/// Build TLS connector with Rustls v0.22, based on supplied ALPN protocols.
|
||||
fn build_tls(protocols: Vec<Vec<u8>>) -> OurTlsConnector {
|
||||
use actix_tls::connect::rustls_0_22::{self, reexports::ClientConfig};
|
||||
|
||||
|
@ -107,7 +140,7 @@ impl Connector<()> {
|
|||
if #[cfg(feature = "rustls-0_22-webpki-roots")] {
|
||||
let certs = rustls_0_22::webpki_roots_cert_store();
|
||||
} else if #[cfg(feature = "rustls-0_22-native-roots")] {
|
||||
let certs = rustls_0_22::native_roots_cert_store();
|
||||
let certs = rustls_0_22::native_roots_cert_store().expect("Failed to find native root certificates");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -167,7 +200,8 @@ impl Connector<()> {
|
|||
OurTlsConnector::OpensslBuilder(ssl)
|
||||
}
|
||||
} else {
|
||||
/// Provides an empty TLS connector when no TLS feature is enabled.
|
||||
/// Provides an empty TLS connector when no TLS feature is enabled, or when
|
||||
/// rustls-0_23 is enabled.
|
||||
fn build_tls(_: Vec<Vec<u8>>) -> OurTlsConnector {
|
||||
OurTlsConnector::None
|
||||
}
|
||||
|
@ -278,6 +312,22 @@ where
|
|||
self
|
||||
}
|
||||
|
||||
/// Sets custom Rustls v0.23 `ClientConfig` instance.
|
||||
///
|
||||
/// In order to enable ALPN, set the `.alpn_protocols` field on the ClientConfig to the
|
||||
/// following:
|
||||
/// ```rust,ignore
|
||||
/// vec![b"h2".to_vec(), b"http/1.1".to_vec()]
|
||||
/// ```
|
||||
#[cfg(feature = "rustls-0_23")]
|
||||
pub fn rustls_0_23(
|
||||
mut self,
|
||||
connector: std::sync::Arc<actix_tls::connect::rustls_0_23::reexports::ClientConfig>,
|
||||
) -> Self {
|
||||
self.tls = OurTlsConnector::Rustls023(connector);
|
||||
self
|
||||
}
|
||||
|
||||
/// Sets maximum supported HTTP major version.
|
||||
///
|
||||
/// Supported versions are HTTP/1.1 and HTTP/2.
|
||||
|
@ -588,6 +638,40 @@ where
|
|||
|
||||
Some(actix_service::boxed::rc_service(tls_service))
|
||||
}
|
||||
|
||||
#[cfg(feature = "rustls-0_23")]
|
||||
OurTlsConnector::Rustls023(tls) => {
|
||||
const H2: &[u8] = b"h2";
|
||||
|
||||
use actix_tls::connect::rustls_0_23::{reexports::AsyncTlsStream, TlsConnector};
|
||||
|
||||
#[allow(non_local_definitions)]
|
||||
impl<Io: ConnectionIo> IntoConnectionIo for TcpConnection<Uri, AsyncTlsStream<Io>> {
|
||||
fn into_connection_io(self) -> (Box<dyn ConnectionIo>, Protocol) {
|
||||
let sock = self.into_parts().0;
|
||||
let h2 = sock
|
||||
.get_ref()
|
||||
.1
|
||||
.alpn_protocol()
|
||||
.map_or(false, |protos| protos.windows(2).any(|w| w == H2));
|
||||
if h2 {
|
||||
(Box::new(sock), Protocol::Http2)
|
||||
} else {
|
||||
(Box::new(sock), Protocol::Http1)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
let handshake_timeout = self.config.handshake_timeout;
|
||||
|
||||
let tls_service = TlsConnectorService {
|
||||
tcp_service: tcp_service_inner,
|
||||
tls_service: TlsConnector::service(tls),
|
||||
timeout: handshake_timeout,
|
||||
};
|
||||
|
||||
Some(actix_service::boxed::rc_service(tls_service))
|
||||
}
|
||||
};
|
||||
|
||||
let tcp_config = self.config.no_disconnect_timeout();
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#![cfg(feature = "rustls-0_22-webpki-roots")]
|
||||
#![cfg(feature = "rustls-0_23-webpki-roots")]
|
||||
|
||||
extern crate tls_rustls_0_22 as rustls;
|
||||
extern crate tls_rustls_0_23 as rustls;
|
||||
|
||||
use std::{
|
||||
io::BufReader,
|
||||
|
@ -13,7 +13,7 @@ use std::{
|
|||
use actix_http::HttpService;
|
||||
use actix_http_test::test_server;
|
||||
use actix_service::{fn_service, map_config, ServiceFactoryExt};
|
||||
use actix_tls::connect::rustls_0_22::webpki_roots_cert_store;
|
||||
use actix_tls::connect::rustls_0_23::webpki_roots_cert_store;
|
||||
use actix_utils::future::ok;
|
||||
use actix_web::{dev::AppConfig, http::Version, web, App, HttpResponse};
|
||||
use rustls::{
|
||||
|
@ -83,7 +83,7 @@ mod danger {
|
|||
}
|
||||
|
||||
fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
|
||||
rustls::crypto::ring::default_provider()
|
||||
rustls::crypto::aws_lc_rs::default_provider()
|
||||
.signature_verification_algorithms
|
||||
.supported_schemes()
|
||||
}
|
||||
|
@ -107,7 +107,7 @@ async fn test_connection_reuse_h2() {
|
|||
App::new().service(web::resource("/").route(web::to(HttpResponse::Ok))),
|
||||
|_| AppConfig::default(),
|
||||
))
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
.map_err(|_| ()),
|
||||
)
|
||||
})
|
||||
|
@ -126,7 +126,7 @@ async fn test_connection_reuse_h2() {
|
|||
.set_certificate_verifier(Arc::new(danger::NoCertificateVerification));
|
||||
|
||||
let client = awc::Client::builder()
|
||||
.connector(awc::Connector::new().rustls_0_22(Arc::new(config)))
|
||||
.connector(awc::Connector::new().rustls_0_23(Arc::new(config)))
|
||||
.finish();
|
||||
|
||||
// req 1
|
||||
|
|
Loading…
Reference in a new issue