berkus
/
actix-web
mirror of https://github.com/fafhrd91/actix-web
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: make sure actix-web uses newest rustls everywhere

This commit is contained in:
Kirill Mironov 2021-10-20 22:24:59 +03:00
parent d6a405a8f8
commit 8e366d99f1
3 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
actix-http/Cargo.toml
View File

@ -27,7 +27,7 @@ default = []
openssl = ["actix-tls/openssl"] openssl = ["actix-tls/openssl"]
# rustls support # rustls support
rustls = ["actix-tls/rustls"] rustls = ["actix-tls/rustls", "tls-rustls"]
# enable compression support # enable compression support
compress-brotli = ["brotli2", "__compress"] compress-brotli = ["brotli2", "__compress"]
@ -81,6 +81,7 @@ flate2 = { version = "1.0.13", optional = true }
zstd = { version = "0.7", optional = true } zstd = { version = "0.7", optional = true }
trust-dns-resolver = { version = "0.20.0", optional = true } trust-dns-resolver = { version = "0.20.0", optional = true }
tls-rustls = { version = "0.20.0", package = "rustls", optional = true }
[dev-dependencies] [dev-dependencies]
actix-server = "2.0.0-beta.3" actix-server = "2.0.0-beta.3"
@ -94,7 +95,7 @@ regex = "1.3"
serde = { version = "1.0", features = ["derive"] } serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0" serde_json = "1.0"
tls-openssl = { version = "0.10", package = "openssl" } tls-openssl = { version = "0.10", package = "openssl" }
tls-rustls = { version = "0.19", package = "rustls" } tls-rustls = { version = "0.20", package = "rustls" }
webpki = { version = "0.21" } webpki = { version = "0.21" }
[[example]] [[example]]

23
actix-http/src/client/connector.rs
View File

@ -100,11 +100,24 @@ impl Connector<()> {
// Build Ssl connector with rustls, based on supplied alpn protocols // Build Ssl connector with rustls, based on supplied alpn protocols
#[cfg(all(not(feature = "openssl"), feature = "rustls"))] #[cfg(all(not(feature = "openssl"), feature = "rustls"))]
fn build_ssl(protocols: Vec<Vec<u8>>) -> SslConnector { fn build_ssl(protocols: Vec<Vec<u8>>) -> SslConnector {
let mut config = ClientConfig::new(); let anchors = &actix_tls::connect::ssl::rustls::TLS_SERVER_ROOTS;
config.set_protocols(&protocols); let mut config = ClientConfig::builder()
config.root_store.add_server_trust_anchors( .with_safe_defaults()
&actix_tls::connect::ssl::rustls::TLS_SERVER_ROOTS, .with_root_certificates(tls_rustls::RootCertStore {
); roots: anchors
.0
.into_iter()
.map(|anchor| {
tls_rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
anchor.subject,
anchor.spki,
anchor.name_constraints,
)
})
.collect(),
})
.with_no_client_auth();
config.alpn_protocols = protocols;
SslConnector::Rustls(std::sync::Arc::new(config)) SslConnector::Rustls(std::sync::Arc::new(config))
} }

2
awc/Cargo.toml
View File

@ -74,7 +74,7 @@ serde = "1.0"
serde_json = "1.0" serde_json = "1.0"
serde_urlencoded = "0.7" serde_urlencoded = "0.7"
tls-openssl = { version = "0.10.9", package = "openssl", optional = true } tls-openssl = { version = "0.10.9", package = "openssl", optional = true }
tls-rustls = { version = "0.19.0", package = "rustls", optional = true, features = ["dangerous_configuration"] } tls-rustls = { version = "0.20.0", package = "rustls", optional = true, features = ["dangerous_configuration"] }
[dev-dependencies] [dev-dependencies]
actix-web = { version = "4.0.0-beta.9", features = ["openssl"] } actix-web = { version = "4.0.0-beta.9", features = ["openssl"] }