mirror of https://github.com/fafhrd91/actix-net
Update tokio-rustls and webpki-roots
This commit is contained in:
Jeron Lau
parent
9cb8a1fadc
commit
ab7cd16dbc
|
|
@ -58,8 +58,8 @@ tls-openssl = { package = "openssl", version = "0.10.48", optional = true }
|
||||||
tokio-openssl = { version = "0.6", optional = true }
|
tokio-openssl = { version = "0.6", optional = true }
|
||||||
|
|
||||||
# rustls
|
# rustls
|
||||||
tokio-rustls = { version = "0.23", optional = true }
|
tokio-rustls = { version = "0.24", optional = true }
|
||||||
webpki-roots = { version = "0.22", optional = true }
|
webpki-roots = { version = "0.25", optional = true }
|
||||||
|
|
||||||
# native-tls
|
# native-tls
|
||||||
tokio-native-tls = { version = "0.3", optional = true }
|
tokio-native-tls = { version = "0.3", optional = true }
|
||||||
|
|
@ -74,7 +74,7 @@ futures-util = { version = "0.3.17", default-features = false, features = ["sink
|
||||||
log = "0.4"
|
log = "0.4"
|
||||||
rcgen = "0.10"
|
rcgen = "0.10"
|
||||||
rustls-pemfile = "1"
|
rustls-pemfile = "1"
|
||||||
tokio-rustls = { version = "0.23", features = ["dangerous_configuration"] }
|
tokio-rustls = { version = "0.24", features = ["dangerous_configuration"] }
|
||||||
trust-dns-resolver = "0.22"
|
trust-dns-resolver = "0.22"
|
||||||
|
|
||||||
[[example]]
|
[[example]]
|
||||||
|
|
|
||||||
|
|
@ -35,14 +35,14 @@ pub mod reexports {
|
||||||
/// Returns standard root certificates from `webpki-roots` crate as a rustls certificate store.
|
/// Returns standard root certificates from `webpki-roots` crate as a rustls certificate store.
|
||||||
pub fn webpki_roots_cert_store() -> RootCertStore {
|
pub fn webpki_roots_cert_store() -> RootCertStore {
|
||||||
let mut root_certs = RootCertStore::empty();
|
let mut root_certs = RootCertStore::empty();
|
||||||
for cert in TLS_SERVER_ROOTS.0 {
|
for cert in TLS_SERVER_ROOTS {
|
||||||
let cert = OwnedTrustAnchor::from_subject_spki_name_constraints(
|
let cert = OwnedTrustAnchor::from_subject_spki_name_constraints(
|
||||||
cert.subject,
|
cert.subject,
|
||||||
cert.spki,
|
cert.spki,
|
||||||
cert.name_constraints,
|
cert.name_constraints,
|
||||||
);
|
);
|
||||||
let certs = vec![cert].into_iter();
|
let certs = vec![cert].into_iter();
|
||||||
root_certs.add_server_trust_anchors(certs);
|
root_certs.add_trust_anchors(certs);
|
||||||
}
|
}
|
||||||
root_certs
|
root_certs
|
||||||
}
|
}
|
||||||
|
|
@ -106,24 +106,25 @@ where
|
||||||
let (stream, connection) = connection.replace_io(());
|
let (stream, connection) = connection.replace_io(());
|
||||||
|
|
||||||
match ServerName::try_from(connection.hostname()) {
|
match ServerName::try_from(connection.hostname()) {
|
||||||
Ok(host) => ConnectFut::Future {
|
Ok(host) => ConnectFut {
|
||||||
connect: RustlsTlsConnector::from(self.connector.clone()).connect(host, stream),
|
connect: Some(
|
||||||
|
RustlsTlsConnector::from(self.connector.clone()).connect(host, stream),
|
||||||
|
),
|
||||||
connection: Some(connection),
|
connection: Some(connection),
|
||||||
},
|
},
|
||||||
Err(_) => ConnectFut::InvalidDns,
|
Err(_) => ConnectFut {
|
||||||
|
connect: None,
|
||||||
|
connection: None,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Connect future for Rustls service.
|
/// Connect future for Rustls service.
|
||||||
#[doc(hidden)]
|
#[doc(hidden)]
|
||||||
pub enum ConnectFut<R, IO> {
|
pub struct ConnectFut<R, IO> {
|
||||||
/// See issue <https://github.com/briansmith/webpki/issues/54>
|
connect: Option<RustlsConnect<IO>>,
|
||||||
InvalidDns,
|
connection: Option<Connection<R, ()>>,
|
||||||
Future {
|
|
||||||
connect: RustlsConnect<IO>,
|
|
||||||
connection: Option<Connection<R, ()>>,
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<R, IO> Future for ConnectFut<R, IO>
|
impl<R, IO> Future for ConnectFut<R, IO>
|
||||||
|
|
@ -131,19 +132,19 @@ where
|
||||||
R: Host,
|
R: Host,
|
||||||
IO: ActixStream,
|
IO: ActixStream,
|
||||||
{
|
{
|
||||||
type Output = Result<Connection<R, AsyncTlsStream<IO>>, io::Error>;
|
type Output = io::Result<Connection<R, AsyncTlsStream<IO>>>;
|
||||||
|
|
||||||
fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
|
fn poll(self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
|
||||||
match self.get_mut() {
|
let Self {
|
||||||
Self::InvalidDns => Poll::Ready(Err(
|
connect,
|
||||||
io::Error::new(io::ErrorKind::Other, "rustls currently only handles hostname-based connections. See https://github.com/briansmith/webpki/issues/54")
|
connection,
|
||||||
)),
|
} = self.get_mut();
|
||||||
Self::Future { connect, connection } => {
|
let Some(connect) = connect else {
|
||||||
let stream = ready!(Pin::new(connect).poll(cx))?;
|
return Poll::Ready(Err(io::Error::new(io::ErrorKind::InvalidInput, "actix-tls currently only handles hostname-based connections")));
|
||||||
let connection = connection.take().unwrap();
|
};
|
||||||
trace!("TLS handshake success: {:?}", connection.hostname());
|
let stream = ready!(Pin::new(connect).poll(cx))?;
|
||||||
Poll::Ready(Ok(connection.replace_io(stream).1))
|
let connection = connection.take().unwrap();
|
||||||
}
|
trace!("TLS handshake success: {:?}", connection.hostname());
|
||||||
}
|
Poll::Ready(Ok(connection.replace_io(stream).1))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue