From bcdc1e3cba20eba9338e0578e567e860aad0e838 Mon Sep 17 00:00:00 2001
From: Rob Ede <robjtede@icloud.com>
Date: Sun, 17 Jan 2021 04:16:10 +0000
Subject: [PATCH] fix rustls client tests

---
 awc/Cargo.toml                  |  2 +
 awc/tests/test_rustls_client.rs | 77 ++++++++++++++++-----------------
 2 files changed, 40 insertions(+), 39 deletions(-)

diff --git a/awc/Cargo.toml b/awc/Cargo.toml
index 0dbf80d33..90f33c9ba 100644
--- a/awc/Cargo.toml
+++ b/awc/Cargo.toml
@@ -67,8 +67,10 @@ actix-http-test = { version = "3.0.0-beta.1", features = ["openssl"] }
 actix-utils = "3.0.0-beta.1"
 actix-server = "2.0.0-beta.2"
 actix-tls = { version = "3.0.0-beta.2", features = ["openssl", "rustls"] }
+
 brotli2 = "0.3.2"
 flate2 = "1.0.13"
 futures-util = { version = "0.3.7", default-features = false }
 env_logger = "0.7"
+rcgen = "0.8"
 webpki = "0.21"
diff --git a/awc/tests/test_rustls_client.rs b/awc/tests/test_rustls_client.rs
index 2f5ffeca2..2da3d9696 100644
--- a/awc/tests/test_rustls_client.rs
+++ b/awc/tests/test_rustls_client.rs
@@ -1,58 +1,57 @@
 #![cfg(feature = "rustls")]
-use std::sync::atomic::{AtomicUsize, Ordering};
-use std::sync::Arc;
+
+extern crate rust_tls as rustls;
+
+use std::{
+    io::BufReader,
+    sync::{
+        atomic::{AtomicUsize, Ordering},
+        Arc,
+    },
+};
 
 use actix_http::HttpService;
 use actix_http_test::test_server;
 use actix_service::{map_config, pipeline_factory, ServiceFactoryExt};
-use actix_web::http::Version;
-use actix_web::{dev::AppConfig, web, App, HttpResponse};
+use actix_web::{dev::AppConfig, http::Version, web, App, HttpResponse};
 use futures_util::future::ok;
-use open_ssl::ssl::{SslAcceptor, SslFiletype, SslMethod, SslVerifyMode};
-use rust_tls::ClientConfig;
+use rustls::internal::pemfile::{certs, pkcs8_private_keys};
+use rustls::{ClientConfig, NoClientAuth, ServerConfig};
 
-#[allow(unused)]
-fn ssl_acceptor() -> SslAcceptor {
-    // load ssl keys
-    let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
-    builder.set_verify_callback(SslVerifyMode::NONE, |_, _| true);
-    builder
-        .set_private_key_file("../tests/key.pem", SslFiletype::PEM)
-        .unwrap();
-    builder
-        .set_certificate_chain_file("../tests/cert.pem")
-        .unwrap();
-    builder.set_alpn_select_callback(|_, protos| {
-        const H2: &[u8] = b"\x02h2";
-        if protos.windows(3).any(|window| window == H2) {
-            Ok(b"h2")
-        } else {
-            Err(open_ssl::ssl::AlpnError::NOACK)
-        }
-    });
-    builder.set_alpn_protos(b"\x02h2").unwrap();
-    builder.build()
+fn tls_config() -> ServerConfig {
+    let cert = rcgen::generate_simple_self_signed(vec!["localhost".to_owned()]).unwrap();
+    let cert_file = cert.serialize_pem().unwrap();
+    let key_file = cert.serialize_private_key_pem();
+
+    let mut config = ServerConfig::new(NoClientAuth::new());
+    let cert_file = &mut BufReader::new(cert_file.as_bytes());
+    let key_file = &mut BufReader::new(key_file.as_bytes());
+
+    let cert_chain = certs(cert_file).unwrap();
+    let mut keys = pkcs8_private_keys(key_file).unwrap();
+    config.set_single_cert(cert_chain, keys.remove(0)).unwrap();
+
+    config
 }
 
 mod danger {
-    pub struct NoCertificateVerification {}
+    pub struct NoCertificateVerification;
 
-    impl rust_tls::ServerCertVerifier for NoCertificateVerification {
+    impl rustls::ServerCertVerifier for NoCertificateVerification {
         fn verify_server_cert(
             &self,
-            _roots: &rust_tls::RootCertStore,
-            _presented_certs: &[rust_tls::Certificate],
+            _roots: &rustls::RootCertStore,
+            _presented_certs: &[rustls::Certificate],
             _dns_name: webpki::DNSNameRef<'_>,
             _ocsp: &[u8],
-        ) -> Result<rust_tls::ServerCertVerified, rust_tls::TLSError> {
-            Ok(rust_tls::ServerCertVerified::assertion())
+        ) -> Result<rustls::ServerCertVerified, rustls::TLSError> {
+            Ok(rustls::ServerCertVerified::assertion())
         }
     }
 }
 
-// TODO: why is test ignored
-// #[actix_rt::test]
-async fn _test_connection_reuse_h2() {
+#[actix_rt::test]
+async fn test_connection_reuse_h2() {
     let num = Arc::new(AtomicUsize::new(0));
     let num2 = num.clone();
 
@@ -69,19 +68,19 @@ async fn _test_connection_reuse_h2() {
                         .service(web::resource("/").route(web::to(HttpResponse::Ok))),
                     |_| AppConfig::default(),
                 ))
-                .openssl(ssl_acceptor())
+                .rustls(tls_config())
                 .map_err(|_| ()),
         )
     })
     .await;
 
-    // disable ssl verification
+    // disable TLS verification
     let mut config = ClientConfig::new();
     let protos = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
     config.set_protocols(&protos);
     config
         .dangerous()
-        .set_certificate_verifier(Arc::new(danger::NoCertificateVerification {}));
+        .set_certificate_verifier(Arc::new(danger::NoCertificateVerification));
 
     let client = awc::Client::builder()
         .connector(awc::Connector::new().rustls(Arc::new(config)).finish())