mirror of https://github.com/fafhrd91/actix-web
awc: Add base rustls-0_23 feature without roots to better enable custom config
This commit is contained in:
asonix
parent
31a1efecdd
commit
52422f9d5c
|
|
@ -49,10 +49,12 @@ rustls-0_21 = ["tls-rustls-0_21", "actix-tls/rustls-0_21"]
|
|||
rustls-0_22-webpki-roots = ["tls-rustls-0_22", "actix-tls/rustls-0_22-webpki-roots"]
|
||||
# TLS via Rustls v0.22 (Native roots)
|
||||
rustls-0_22-native-roots = ["tls-rustls-0_22", "actix-tls/rustls-0_22-native-roots"]
|
||||
# TLS via Rustls v0.22 (WebPKI roots)
|
||||
rustls-0_23-webpki-roots = ["tls-rustls-0_23", "actix-tls/rustls-0_23-webpki-roots"]
|
||||
# TLS via Rustls v0.22 (Native roots)
|
||||
rustls-0_23-native-roots = ["tls-rustls-0_23", "actix-tls/rustls-0_23-native-roots"]
|
||||
# TLS via Rustls v0.23
|
||||
rustls-0_23 = ["tls-rustls-0_23", "actix-tls/rustls-0_23"]
|
||||
# TLS via Rustls v0.23 (WebPKI roots)
|
||||
rustls-0_23-webpki-roots = ["rustls-0_23", "actix-tls/rustls-0_23-webpki-roots"]
|
||||
# TLS via Rustls v0.23 (Native roots)
|
||||
rustls-0_23-native-roots = ["rustls-0_23", "actix-tls/rustls-0_23-native-roots"]
|
||||
|
||||
# Brotli algorithm content-encoding support
|
||||
compress-brotli = ["actix-http/compress-brotli", "__compress"]
|
||||
|
|
@ -117,8 +119,8 @@ trust-dns-resolver = { version = "0.23", optional = true }
|
|||
actix-http = { version = "3.6", features = ["openssl"] }
|
||||
actix-http-test = { version = "3", features = ["openssl"] }
|
||||
actix-server = "2"
|
||||
actix-test = { version = "0.1", features = ["openssl", "rustls-0_22"] }
|
||||
actix-tls = { version = "3.3", features = ["openssl", "rustls-0_22"] }
|
||||
actix-test = { version = "0.1", features = ["openssl", "rustls-0_23"] }
|
||||
actix-tls = { version = "3.3", features = ["openssl", "rustls-0_23"] }
|
||||
actix-utils = "3"
|
||||
actix-web = { version = "4", features = ["openssl"] }
|
||||
|
||||
|
|
@ -132,7 +134,8 @@ rcgen = "0.12"
|
|||
rustls-pemfile = "2"
|
||||
tokio = { version = "1.24.2", features = ["rt-multi-thread", "macros"] }
|
||||
zstd = "0.13"
|
||||
tls-rustls-0_23 = { package = "rustls", version = "0.23" } # add rustls 0.23 with default features to make aws_lc_rs work in tests
|
||||
|
||||
[[example]]
|
||||
name = "client"
|
||||
required-features = ["rustls-0_22-webpki-roots"]
|
||||
required-features = ["rustls-0_23-webpki-roots"]
|
||||
|
|
|
|||
|
|
@ -37,6 +37,12 @@ pub struct ClientBuilder<S = (), M = ()> {
|
|||
}
|
||||
|
||||
impl ClientBuilder {
|
||||
/// Create a new ClientBuilder with default settings
|
||||
///
|
||||
/// Note: If the `rustls-0_23` feature is enabled and neither `rustls-0_23-native-roots` nor
|
||||
/// `rustls-0_23-webpki-roots` are enabled, this ClientBuilder will build without TLS. In order
|
||||
/// to enable TLS in this scenario, a custom `Connector` _must_ be added to the builder before
|
||||
/// finishing constrution.
|
||||
#[allow(clippy::new_ret_no_self)]
|
||||
pub fn new() -> ClientBuilder<
|
||||
impl Service<
|
||||
|
|
|
|||
|
|
@ -58,10 +58,7 @@ enum OurTlsConnector {
|
|||
#[allow(dead_code)] // false positive; used in build_tls
|
||||
Rustls022(std::sync::Arc<actix_tls::connect::rustls_0_22::reexports::ClientConfig>),
|
||||
|
||||
#[cfg(any(
|
||||
feature = "rustls-0_23-webpki-roots",
|
||||
feature = "rustls-0_23-native-roots",
|
||||
))]
|
||||
#[cfg(feature = "rustls-0_23")]
|
||||
#[allow(dead_code)] // false positive; used in build_tls
|
||||
Rustls023(std::sync::Arc<actix_tls::connect::rustls_0_23::reexports::ClientConfig>),
|
||||
}
|
||||
|
|
@ -87,6 +84,13 @@ pub struct Connector<T> {
|
|||
}
|
||||
|
||||
impl Connector<()> {
|
||||
/// Create a new connector with default TLS settings
|
||||
///
|
||||
/// Panicking:
|
||||
/// - When the `rustls-0_23-webpki-roots` or `rustls-0_23-native-roots` features are enabled
|
||||
/// and no default cyrpto provider has been loaded, this method will panic.
|
||||
/// - When the `rustls-0_23-native-roots` or `rustls-0_22-native-roots` features are enabled
|
||||
/// and the runtime system has no native root certificates, this method will panic.
|
||||
#[allow(clippy::new_ret_no_self, clippy::let_unit_value)]
|
||||
pub fn new() -> Connector<
|
||||
impl Service<
|
||||
|
|
@ -196,7 +200,8 @@ impl Connector<()> {
|
|||
OurTlsConnector::OpensslBuilder(ssl)
|
||||
}
|
||||
} else {
|
||||
/// Provides an empty TLS connector when no TLS feature is enabled.
|
||||
/// Provides an empty TLS connector when no TLS feature is enabled, or when
|
||||
/// rustls-0_23 is enabled.
|
||||
fn build_tls(_: Vec<Vec<u8>>) -> OurTlsConnector {
|
||||
OurTlsConnector::None
|
||||
}
|
||||
|
|
@ -308,10 +313,13 @@ where
|
|||
}
|
||||
|
||||
/// Sets custom Rustls v0.23 `ClientConfig` instance.
|
||||
#[cfg(any(
|
||||
feature = "rustls-0_23-webpki-roots",
|
||||
feature = "rustls-0_23-native-roots",
|
||||
))]
|
||||
///
|
||||
/// In order to enable ALPN, set the `.alpn_protocols` field on the ClientConfig to the
|
||||
/// following:
|
||||
/// ```rust,ignore
|
||||
/// vec![b"h2".to_vec(), b"http/1.1".to_vec()]
|
||||
/// ```
|
||||
#[cfg(feature = "rustls-0_23")]
|
||||
pub fn rustls_0_23(
|
||||
mut self,
|
||||
connector: std::sync::Arc<actix_tls::connect::rustls_0_23::reexports::ClientConfig>,
|
||||
|
|
@ -631,10 +639,7 @@ where
|
|||
Some(actix_service::boxed::rc_service(tls_service))
|
||||
}
|
||||
|
||||
#[cfg(any(
|
||||
feature = "rustls-0_23-webpki-roots",
|
||||
feature = "rustls-0_23-native-roots",
|
||||
))]
|
||||
#[cfg(feature = "rustls-0_23")]
|
||||
OurTlsConnector::Rustls023(tls) => {
|
||||
const H2: &[u8] = b"h2";
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#![cfg(feature = "rustls-0_22-webpki-roots")]
|
||||
#![cfg(feature = "rustls-0_23-webpki-roots")]
|
||||
|
||||
extern crate tls_rustls_0_22 as rustls;
|
||||
extern crate tls_rustls_0_23 as rustls;
|
||||
|
||||
use std::{
|
||||
io::BufReader,
|
||||
|
|
@ -13,7 +13,7 @@ use std::{
|
|||
use actix_http::HttpService;
|
||||
use actix_http_test::test_server;
|
||||
use actix_service::{fn_service, map_config, ServiceFactoryExt};
|
||||
use actix_tls::connect::rustls_0_22::webpki_roots_cert_store;
|
||||
use actix_tls::connect::rustls_0_23::webpki_roots_cert_store;
|
||||
use actix_utils::future::ok;
|
||||
use actix_web::{dev::AppConfig, http::Version, web, App, HttpResponse};
|
||||
use rustls::{
|
||||
|
|
@ -83,7 +83,7 @@ mod danger {
|
|||
}
|
||||
|
||||
fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
|
||||
rustls::crypto::ring::default_provider()
|
||||
rustls::crypto::aws_lc_rs::default_provider()
|
||||
.signature_verification_algorithms
|
||||
.supported_schemes()
|
||||
}
|
||||
|
|
@ -107,7 +107,7 @@ async fn test_connection_reuse_h2() {
|
|||
App::new().service(web::resource("/").route(web::to(HttpResponse::Ok))),
|
||||
|_| AppConfig::default(),
|
||||
))
|
||||
.rustls_0_22(tls_config())
|
||||
.rustls_0_23(tls_config())
|
||||
.map_err(|_| ()),
|
||||
)
|
||||
})
|
||||
|
|
@ -126,7 +126,7 @@ async fn test_connection_reuse_h2() {
|
|||
.set_certificate_verifier(Arc::new(danger::NoCertificateVerification));
|
||||
|
||||
let client = awc::Client::builder()
|
||||
.connector(awc::Connector::new().rustls_0_22(Arc::new(config)))
|
||||
.connector(awc::Connector::new().rustls_0_23(Arc::new(config)))
|
||||
.finish();
|
||||
|
||||
// req 1
|
||||
|
|
|
|||
Loading…
Reference in New Issue