berkus
/
actix-web
mirror of https://github.com/fafhrd91/actix-web
1
0
Fork 0
Code Issues Releases Wiki Activity

fix rustls client tests

This commit is contained in:
Rob Ede 2021-01-17 04:16:10 +00:00
parent d7cef210b3
commit bcdc1e3cba
No known key found for this signature in database
GPG Key ID: C2A3B36E841A91E6
2 changed files with 40 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
awc/Cargo.toml
View File

@ -67,8 +67,10 @@ actix-http-test = { version = "3.0.0-beta.1", features = ["openssl"] }
actix-utils = "3.0.0-beta.1" actix-utils = "3.0.0-beta.1"
actix-server = "2.0.0-beta.2" actix-server = "2.0.0-beta.2"
actix-tls = { version = "3.0.0-beta.2", features = ["openssl", "rustls"] } actix-tls = { version = "3.0.0-beta.2", features = ["openssl", "rustls"] }
brotli2 = "0.3.2" brotli2 = "0.3.2"
flate2 = "1.0.13" flate2 = "1.0.13"
futures-util = { version = "0.3.7", default-features = false } futures-util = { version = "0.3.7", default-features = false }
env_logger = "0.7" env_logger = "0.7"
rcgen = "0.8"
webpki = "0.21" webpki = "0.21"

77
awc/tests/test_rustls_client.rs
View File

@ -1,58 +1,57 @@
#![cfg(feature = "rustls")] #![cfg(feature = "rustls")]
use std::sync::atomic::{AtomicUsize, Ordering};
use std::sync::Arc; extern crate rust_tls as rustls;
use std::{
io::BufReader,
sync::{
atomic::{AtomicUsize, Ordering},
Arc,
},
};
use actix_http::HttpService; use actix_http::HttpService;
use actix_http_test::test_server; use actix_http_test::test_server;
use actix_service::{map_config, pipeline_factory, ServiceFactoryExt}; use actix_service::{map_config, pipeline_factory, ServiceFactoryExt};
use actix_web::http::Version; use actix_web::{dev::AppConfig, http::Version, web, App, HttpResponse};
use actix_web::{dev::AppConfig, web, App, HttpResponse};
use futures_util::future::ok; use futures_util::future::ok;
use open_ssl::ssl::{SslAcceptor, SslFiletype, SslMethod, SslVerifyMode}; use rustls::internal::pemfile::{certs, pkcs8_private_keys};
use rust_tls::ClientConfig; use rustls::{ClientConfig, NoClientAuth, ServerConfig};
#[allow(unused)] fn tls_config() -> ServerConfig {
fn ssl_acceptor() -> SslAcceptor { let cert = rcgen::generate_simple_self_signed(vec!["localhost".to_owned()]).unwrap();
// load ssl keys let cert_file = cert.serialize_pem().unwrap();
let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap(); let key_file = cert.serialize_private_key_pem();
builder.set_verify_callback(SslVerifyMode::NONE, |_, _| true);
builder let mut config = ServerConfig::new(NoClientAuth::new());
.set_private_key_file("../tests/key.pem", SslFiletype::PEM) let cert_file = &mut BufReader::new(cert_file.as_bytes());
.unwrap(); let key_file = &mut BufReader::new(key_file.as_bytes());
builder
.set_certificate_chain_file("../tests/cert.pem") let cert_chain = certs(cert_file).unwrap();
.unwrap(); let mut keys = pkcs8_private_keys(key_file).unwrap();
builder.set_alpn_select_callback(|_, protos| { config.set_single_cert(cert_chain, keys.remove(0)).unwrap();
const H2: &[u8] = b"\x02h2";
if protos.windows(3).any(|window| window == H2) { config
Ok(b"h2")
} else {
Err(open_ssl::ssl::AlpnError::NOACK)
}
});
builder.set_alpn_protos(b"\x02h2").unwrap();
builder.build()
} }
mod danger { mod danger {
pub struct NoCertificateVerification {} pub struct NoCertificateVerification;
impl rust_tls::ServerCertVerifier for NoCertificateVerification { impl rustls::ServerCertVerifier for NoCertificateVerification {
fn verify_server_cert( fn verify_server_cert(
&self, &self,
_roots: &rust_tls::RootCertStore, _roots: &rustls::RootCertStore,
_presented_certs: &[rust_tls::Certificate], _presented_certs: &[rustls::Certificate],
_dns_name: webpki::DNSNameRef<'_>, _dns_name: webpki::DNSNameRef<'_>,
_ocsp: &[u8], _ocsp: &[u8],
) -> Result<rust_tls::ServerCertVerified, rust_tls::TLSError> { ) -> Result<rustls::ServerCertVerified, rustls::TLSError> {
Ok(rust_tls::ServerCertVerified::assertion()) Ok(rustls::ServerCertVerified::assertion())
} }
} }
} }
// TODO: why is test ignored #[actix_rt::test]
// #[actix_rt::test] async fn test_connection_reuse_h2() {
async fn _test_connection_reuse_h2() {
let num = Arc::new(AtomicUsize::new(0)); let num = Arc::new(AtomicUsize::new(0));
let num2 = num.clone(); let num2 = num.clone();
@ -69,19 +68,19 @@ async fn _test_connection_reuse_h2() {
.service(web::resource("/").route(web::to(HttpResponse::Ok))), .service(web::resource("/").route(web::to(HttpResponse::Ok))),
|_| AppConfig::default(), |_| AppConfig::default(),
)) ))
.openssl(ssl_acceptor()) .rustls(tls_config())
.map_err(|_| ()), .map_err(|_| ()),
) )
}) })
.await; .await;
// disable ssl verification // disable TLS verification
let mut config = ClientConfig::new(); let mut config = ClientConfig::new();
let protos = vec![b"h2".to_vec(), b"http/1.1".to_vec()]; let protos = vec![b"h2".to_vec(), b"http/1.1".to_vec()];
config.set_protocols(&protos); config.set_protocols(&protos);
config config
.dangerous() .dangerous()
.set_certificate_verifier(Arc::new(danger::NoCertificateVerification {})); .set_certificate_verifier(Arc::new(danger::NoCertificateVerification));
let client = awc::Client::builder() let client = awc::Client::builder()
.connector(awc::Connector::new().rustls(Arc::new(config)).finish()) .connector(awc::Connector::new().rustls(Arc::new(config)).finish())