Rustls v0.21 support (#480)

Author: robjtede

.cargo/config.toml

@@ -15,9 +15,11 @@ ci-check-linux = "hack --workspace --feature-powerset check --tests --examples"
 
 # tests avoiding io-uring feature
 ci-test = "hack --feature-powerset --exclude-features=io-uring test --lib --tests --no-fail-fast -- --nocapture"
+ci-test-rustls-020 = "hack --feature-powerset --exclude-features=io-uring,rustls-0_21 test --lib --tests --no-fail-fast -- --nocapture"
+ci-test-rustls-021 = "hack --feature-powerset --exclude-features=io-uring,rustls-0_20 test --lib --tests --no-fail-fast -- --nocapture"
 
 # tests avoiding io-uring feature on Windows
-ci-test-win = "hack --feature-powerset --depth 2 --exclude-features=io-uring test --lib --tests --no-fail-fast -- --nocapture"
+ci-test-win = "hack --feature-powerset --depth=2 --exclude-features=io-uring test --lib --tests --no-fail-fast -- --nocapture"
 
 # test with io-uring feature
-ci-test-linux = "hack --feature-powerset test --lib --tests --no-fail-fast -- --nocapture"
+ci-test-linux = "hack --feature-powerset --exclude-features=rustls-0_20 test --lib --tests --no-fail-fast -- --nocapture"

.github/workflows/ci-post-merge.yml

@@ -16,6 +16,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
+        # prettier-ignore
         target:
           - { name: Linux, os: ubuntu-latest, triple: x86_64-unknown-linux-gnu }
           - { name: macOS, os: macos-latest, triple: x86_64-apple-darwin }
@@ -37,6 +38,10 @@ jobs:
 
       - uses: actions/checkout@v3
 
+      - name: Free Disk Space
+        if: matrix.target.os == 'ubuntu-latest'
+        run: ./scripts/free-disk-space.sh
+
       - name: Install OpenSSL
         if: matrix.target.os == 'windows-latest'
         run: choco install openssl -y --forcex64 --no-progress
@@ -83,8 +88,15 @@ jobs:
         run: cargo ci-test
       - name: tests
         if: matrix.target.os == 'ubuntu-latest'
-        run: |
-          sudo bash -c "ulimit -Sl 512 && ulimit -Hl 512 && PATH=$PATH:/usr/share/rust/.cargo/bin && RUSTUP_TOOLCHAIN=${{ matrix.version }} cargo ci-test && RUSTUP_TOOLCHAIN=${{ matrix.version }} cargo ci-test-linux"
+        run: >-
+          sudo bash -c "
+          ulimit -Sl 512
+          && ulimit -Hl 512
+          && PATH=$PATH:/usr/share/rust/.cargo/bin
+          && RUSTUP_TOOLCHAIN=${{ matrix.version }} cargo ci-test-rustls-020
+          && RUSTUP_TOOLCHAIN=${{ matrix.version }} cargo ci-test-rustls-021
+          && RUSTUP_TOOLCHAIN=${{ matrix.version }} cargo ci-test-linux
+          "
 
       - name: Clear the cargo caches
         run: |

.github/workflows/ci.yml

@@ -1,6 +1,6 @@
 name: CI
 
-on: 
+on:
   pull_request: {}
   push: { branches: [master] }
 
@@ -16,6 +16,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
+        # prettier-ignore
         target:
           - { name: Linux, os: ubuntu-latest, triple: x86_64-unknown-linux-gnu }
           - { name: macOS, os: macos-latest, triple: x86_64-apple-darwin }
@@ -37,7 +38,7 @@ jobs:
         run: sudo ifconfig lo0 alias 127.0.0.3
 
       - uses: actions/checkout@v3
-      
+
       - name: Free Disk Space
         if: matrix.target.os == 'ubuntu-latest'
         run: ./scripts/free-disk-space.sh
@@ -99,8 +100,15 @@ jobs:
         run: cargo ci-test-win
       - name: tests
         if: matrix.target.os == 'ubuntu-latest'
-        run: |
-          sudo bash -c "ulimit -Sl 512 && ulimit -Hl 512 && PATH=$PATH:/usr/share/rust/.cargo/bin && RUSTUP_TOOLCHAIN=${{ matrix.version }} cargo ci-test && RUSTUP_TOOLCHAIN=${{ matrix.version }} cargo ci-test-linux"
+        run: >-
+          sudo bash -c "
+          ulimit -Sl 512
+          && ulimit -Hl 512
+          && PATH=$PATH:/usr/share/rust/.cargo/bin
+          && RUSTUP_TOOLCHAIN=${{ matrix.version }} cargo ci-test-rustls-020
+          && RUSTUP_TOOLCHAIN=${{ matrix.version }} cargo ci-test-rustls-021
+          && RUSTUP_TOOLCHAIN=${{ matrix.version }} cargo ci-test-linux
+          "
 
       - name: Clear the cargo caches
         run: |

Cargo.toml

@@ -15,6 +15,7 @@ members = [
 resolver = "2"
 
 [workspace.package]
+license = "MIT OR Apache-2.0"
 edition = "2021"
 rust-version = "1.65"
 

actix-server/src/worker.rs

@@ -625,6 +625,7 @@ impl Future for ServerWorker {
                     self.poll(cx)
                 }
             },
+
             WorkerState::Restarting(ref mut restart) => {
                 let factory_id = restart.factory_id;
                 let token = restart.token;
@@ -649,6 +650,7 @@ impl Future for ServerWorker {
 
                 self.poll(cx)
             }
+
             WorkerState::Shutdown(ref mut shutdown) => {
                 // drop all pending connections in rx channel.
                 while let Poll::Ready(Some(conn)) = this.conn_rx.poll_recv(cx) {
@@ -682,6 +684,7 @@ impl Future for ServerWorker {
                     shutdown.timer.as_mut().poll(cx)
                 }
             }
+
             // actively poll stream and handle worker command
             WorkerState::Available => loop {
                 match this.check_readiness(cx) {

actix-tls/CHANGES.md

@@ -1,40 +1,43 @@
 # Changes
 
-## Unreleased - 2023-xx-xx
+## Unreleased
 
+- Support Rustls v0.21.
+- Added `{accept, connect}::rustls_0_21` modules.
+- Added `{accept, connect}::rustls_0_20` alias for `{accept, connect}::rustls` modules.
 - Minimum supported Rust version (MSRV) is now 1.65.
 
-## 3.0.4 - 2022-03-15
+## 3.0.4
 
 - Logs emitted now use the `tracing` crate with `log` compatibility. [#451]
 
 [#451]: https://github.com/actix/actix-net/pull/451
 
-## 3.0.3 - 2022-02-15
+## 3.0.3
 
 - No significant changes since `3.0.2`.
 
-## 3.0.2 - 2022-01-28
+## 3.0.2
 
 - Expose `connect::Connection::new`. [#439]
 
 [#439]: https://github.com/actix/actix-net/pull/439
 
-## 3.0.1 - 2022-01-11
+## 3.0.1
 
 - No significant changes since `3.0.0`.
 
-## 3.0.0 - 2021-12-26
+## 3.0.0
 
 - No significant changes since `3.0.0-rc.2`.
 
-## 3.0.0-rc.2 - 2021-12-10
+## 3.0.0-rc.2
 
 - Re-export `openssl::SslConnectorBuilder` in `connect::openssl::reexports`. [#429]
 
 [#429]: https://github.com/actix/actix-net/pull/429
 
-## 3.0.0-rc.1 - 2021-11-29
+## 3.0.0-rc.1
 
 ### Added
 
@@ -72,7 +75,7 @@
 [#422]: https://github.com/actix/actix-net/pull/422
 [#423]: https://github.com/actix/actix-net/pull/423
 
-## 3.0.0-beta.9 - 2021-11-22
+## 3.0.0-beta.9
 
 - Add configurable timeout for accepting TLS connection. [#393]
 - Added `TlsError::Timeout` variant. [#393]
@@ -82,28 +85,28 @@
 [#393]: https://github.com/actix/actix-net/pull/393
 [#420]: https://github.com/actix/actix-net/pull/420
 
-## 3.0.0-beta.8 - 2021-11-15
+## 3.0.0-beta.8
 
 - Add `Connect::request` for getting a reference to the connection request. [#415]
 
 [#415]: https://github.com/actix/actix-net/pull/415
 
-## 3.0.0-beta.7 - 2021-10-20
+## 3.0.0-beta.7
 
 - Add `webpki_roots_cert_store()` to get rustls compatible webpki roots cert store. [#401]
 - Alias `connect::ssl` to `connect::tls`. [#401]
 
 [#401]: https://github.com/actix/actix-net/pull/401
 
-## 3.0.0-beta.6 - 2021-10-19
+## 3.0.0-beta.6
 
 - Update `tokio-rustls` to `0.23` which uses `rustls` `0.20`. [#396]
 - Removed a re-export of `Session` from `rustls` as it no longer exist. [#396]
 - Minimum supported Rust version (MSRV) is now 1.52.
 
 [#396]: https://github.com/actix/actix-net/pull/396
 
-## 3.0.0-beta.5 - 2021-03-29
+## 3.0.0-beta.5
 
 - Changed `connect::ssl::rustls::RustlsConnectorService` to return error when `DNSNameRef` generation failed instead of panic. [#296]
 - Remove `connect::ssl::openssl::OpensslConnectServiceFactory`. [#297]
@@ -117,15 +120,15 @@
 [#297]: https://github.com/actix/actix-net/pull/297
 [#299]: https://github.com/actix/actix-net/pull/299
 
-## 3.0.0-beta.4 - 2021-02-24
+## 3.0.0-beta.4
 
 - Rename `accept::openssl::{SslStream => TlsStream}`.
 - Add `connect::Connect::set_local_addr` to attach local `IpAddr`. [#282]
 - `connector::TcpConnector` service will try to bind to local_addr of `IpAddr` when given. [#282]
 
 [#282]: https://github.com/actix/actix-net/pull/282
 
-## 3.0.0-beta.3 - 2021-02-06
+## 3.0.0-beta.3
 
 - Remove `trust-dns-proto` and `trust-dns-resolver`. [#248]
 - Use `std::net::ToSocketAddrs` as simple and basic default resolver. [#248]
@@ -139,50 +142,50 @@
 [#248]: https://github.com/actix/actix-net/pull/248
 [#273]: https://github.com/actix/actix-net/pull/273
 
-## 3.0.0-beta.2 - 2022-xx-xx
+## 3.0.0-beta.2
 
 - Depend on stable trust-dns packages. [#204]
 
 [#204]: https://github.com/actix/actix-net/pull/204
 
-## 3.0.0-beta.1 - 2020-12-29
+## 3.0.0-beta.1
 
 - Move acceptors under `accept` module. [#238]
 - Merge `actix-connect` crate under `connect` module. [#238]
 - Add feature flags to enable acceptors and/or connectors individually. [#238]
 
 [#238]: https://github.com/actix/actix-net/pull/238
 
-## 2.0.0 - 2020-09-03
+## 2.0.0
 
 - `nativetls::NativeTlsAcceptor` is renamed to `nativetls::Acceptor`.
 - Where possible, "SSL" terminology is replaced with "TLS".
   - `SslError` is renamed to `TlsError`.
   - `TlsError::Ssl` enum variant is renamed to `TlsError::Tls`.
   - `max_concurrent_ssl_connect` is renamed to `max_concurrent_tls_connect`.
 
-## 2.0.0-alpha.2 - 2020-08-17
+## 2.0.0-alpha.2
 
 - Update `rustls` dependency to 0.18
 - Update `tokio-rustls` dependency to 0.14
 - Update `webpki-roots` dependency to 0.20
 
-## [2.0.0-alpha.1] - 2020-03-03
+## [2.0.0-alpha.1]
 
 - Update `rustls` dependency to 0.17
 - Update `tokio-rustls` dependency to 0.13
 - Update `webpki-roots` dependency to 0.19
 
-## [1.0.0] - 2019-12-11
+## [1.0.0]
 
 - 1.0.0 release
 
-## [1.0.0-alpha.3] - 2019-12-07
+## [1.0.0-alpha.3]
 
 - Migrate to tokio 0.2
 - Enable rustls acceptor service
 - Enable native-tls acceptor service
 
-## [1.0.0-alpha.1] - 2019-12-02
+## [1.0.0-alpha.1]
 
 - Split openssl acceptor from actix-server package

actix-tls/Cargo.toml

@@ -9,7 +9,7 @@ description = "TLS acceptor and connector services for Actix ecosystem"
 keywords = ["network", "tls", "ssl", "async", "transport"]
 repository = "https://github.com/actix/actix-net.git"
 categories = ["network-programming", "asynchronous", "cryptography"]
-license = "MIT OR Apache-2.0"
+license.workspace = true
 edition.workspace = true
 rust-version.workspace = true
 
@@ -29,8 +29,14 @@ connect = []
 # use openssl impls
 openssl = ["tls-openssl", "tokio-openssl"]
 
-# use rustls impls
-rustls = ["tokio-rustls", "webpki-roots"]
+# alias for backwards compat
+rustls = ["rustls-0_20"]
+
+# use rustls v0.20 impls
+rustls-0_20 = ["tokio-rustls-023", "webpki-roots-022"]
+
+# use rustls v0.21 impls
+rustls-0_21 = ["tokio-rustls-024", "webpki-roots-025"]
 
 # use native-tls impls
 native-tls = ["tokio-native-tls"]
@@ -57,9 +63,13 @@ http = { version = "0.2.3", optional = true }
 tls-openssl = { package = "openssl", version = "0.10.48", optional = true }
 tokio-openssl = { version = "0.6", optional = true }
 
-# rustls
-tokio-rustls = { version = "0.23", optional = true }
-webpki-roots = { version = "0.22", optional = true }
+# rustls v0.20
+tokio-rustls-023 = { package = "tokio-rustls", version = "0.23", optional = true }
+webpki-roots-022 = { package = "webpki-roots", version = "0.22", optional = true }
+
+# rustls v0.21
+tokio-rustls-024 = { package = "tokio-rustls", version = "0.24", optional = true }
+webpki-roots-025 = { package = "webpki-roots", version = "0.25", optional = true }
 
 # native-tls
 tokio-native-tls = { version = "0.3", optional = true }
@@ -72,11 +82,11 @@ bytes = "1"
 env_logger = "0.10"
 futures-util = { version = "0.3.17", default-features = false, features = ["sink"] }
 log = "0.4"
-rcgen = "0.10"
+rcgen = "0.11"
 rustls-pemfile = "1"
-tokio-rustls = { version = "0.23", features = ["dangerous_configuration"] }
-trust-dns-resolver = "0.22"
+tokio-rustls-024 = { package = "tokio-rustls", version = "0.24", features = ["dangerous_configuration"] }
+trust-dns-resolver = "0.23"
 
 [[example]]
 name = "accept-rustls"
-required-features = ["accept", "rustls"]
+required-features = ["accept", "rustls-0_21"]