add rustls v0.21 feature

Cargo.toml

@@ -15,6 +15,7 @@ members = [
 resolver = "2"
 
 [workspace.package]
+license = "MIT OR Apache-2.0"
 edition = "2021"
 rust-version = "1.65"
 

actix-server/src/worker.rs

@@ -621,6 +621,7 @@ impl Future for ServerWorker {
                     self.poll(cx)
                 }
             },
+
             WorkerState::Restarting(ref mut restart) => {
                 let factory_id = restart.factory_id;
                 let token = restart.token;
@@ -645,6 +646,7 @@ impl Future for ServerWorker {
 
                 self.poll(cx)
             }
+
             WorkerState::Shutdown(ref mut shutdown) => {
                 // drop all pending connections in rx channel.
                 while let Poll::Ready(Some(conn)) = this.conn_rx.poll_recv(cx) {
@@ -678,6 +680,7 @@ impl Future for ServerWorker {
                     shutdown.timer.as_mut().poll(cx)
                 }
             }
+
             // actively poll stream and handle worker command
             WorkerState::Available => loop {
                 match this.check_readiness(cx) {

actix-tls/CHANGES.md

@@ -1,40 +1,43 @@
 # Changes
 
-## Unreleased - 2023-xx-xx
+## Unreleased
 
+- Support Rustls v0.21.
+- Added `{accept, connect}::rustls_0_21` modules.
+- Added `{accept, connect}::rustls_0_20` alias for `{accept, connect}::rustls` modules.
 - Minimum supported Rust version (MSRV) is now 1.65.
 
-## 3.0.4 - 2022-03-15
+## 3.0.4
 
 - Logs emitted now use the `tracing` crate with `log` compatibility. [#451]
 
 [#451]: https://github.com/actix/actix-net/pull/451
 
-## 3.0.3 - 2022-02-15
+## 3.0.3
 
 - No significant changes since `3.0.2`.
 
-## 3.0.2 - 2022-01-28
+## 3.0.2
 
 - Expose `connect::Connection::new`. [#439]
 
 [#439]: https://github.com/actix/actix-net/pull/439
 
-## 3.0.1 - 2022-01-11
+## 3.0.1
 
 - No significant changes since `3.0.0`.
 
-## 3.0.0 - 2021-12-26
+## 3.0.0
 
 - No significant changes since `3.0.0-rc.2`.
 
-## 3.0.0-rc.2 - 2021-12-10
+## 3.0.0-rc.2
 
 - Re-export `openssl::SslConnectorBuilder` in `connect::openssl::reexports`. [#429]
 
 [#429]: https://github.com/actix/actix-net/pull/429
 
-## 3.0.0-rc.1 - 2021-11-29
+## 3.0.0-rc.1
 
 ### Added
 
@@ -72,7 +75,7 @@
 [#422]: https://github.com/actix/actix-net/pull/422
 [#423]: https://github.com/actix/actix-net/pull/423
 
-## 3.0.0-beta.9 - 2021-11-22
+## 3.0.0-beta.9
 
 - Add configurable timeout for accepting TLS connection. [#393]
 - Added `TlsError::Timeout` variant. [#393]
@@ -82,28 +85,28 @@
 [#393]: https://github.com/actix/actix-net/pull/393
 [#420]: https://github.com/actix/actix-net/pull/420
 
-## 3.0.0-beta.8 - 2021-11-15
+## 3.0.0-beta.8
 
 - Add `Connect::request` for getting a reference to the connection request. [#415]
 
 [#415]: https://github.com/actix/actix-net/pull/415
 
-## 3.0.0-beta.7 - 2021-10-20
+## 3.0.0-beta.7
 
 - Add `webpki_roots_cert_store()` to get rustls compatible webpki roots cert store. [#401]
 - Alias `connect::ssl` to `connect::tls`. [#401]
 
 [#401]: https://github.com/actix/actix-net/pull/401
 
-## 3.0.0-beta.6 - 2021-10-19
+## 3.0.0-beta.6
 
 - Update `tokio-rustls` to `0.23` which uses `rustls` `0.20`. [#396]
 - Removed a re-export of `Session` from `rustls` as it no longer exist. [#396]
 - Minimum supported Rust version (MSRV) is now 1.52.
 
 [#396]: https://github.com/actix/actix-net/pull/396
 
-## 3.0.0-beta.5 - 2021-03-29
+## 3.0.0-beta.5
 
 - Changed `connect::ssl::rustls::RustlsConnectorService` to return error when `DNSNameRef` generation failed instead of panic. [#296]
 - Remove `connect::ssl::openssl::OpensslConnectServiceFactory`. [#297]
@@ -117,15 +120,15 @@
 [#297]: https://github.com/actix/actix-net/pull/297
 [#299]: https://github.com/actix/actix-net/pull/299
 
-## 3.0.0-beta.4 - 2021-02-24
+## 3.0.0-beta.4
 
 - Rename `accept::openssl::{SslStream => TlsStream}`.
 - Add `connect::Connect::set_local_addr` to attach local `IpAddr`. [#282]
 - `connector::TcpConnector` service will try to bind to local_addr of `IpAddr` when given. [#282]
 
 [#282]: https://github.com/actix/actix-net/pull/282
 
-## 3.0.0-beta.3 - 2021-02-06
+## 3.0.0-beta.3
 
 - Remove `trust-dns-proto` and `trust-dns-resolver`. [#248]
 - Use `std::net::ToSocketAddrs` as simple and basic default resolver. [#248]
@@ -139,50 +142,50 @@
 [#248]: https://github.com/actix/actix-net/pull/248
 [#273]: https://github.com/actix/actix-net/pull/273
 
-## 3.0.0-beta.2 - 2022-xx-xx
+## 3.0.0-beta.2
 
 - Depend on stable trust-dns packages. [#204]
 
 [#204]: https://github.com/actix/actix-net/pull/204
 
-## 3.0.0-beta.1 - 2020-12-29
+## 3.0.0-beta.1
 
 - Move acceptors under `accept` module. [#238]
 - Merge `actix-connect` crate under `connect` module. [#238]
 - Add feature flags to enable acceptors and/or connectors individually. [#238]
 
 [#238]: https://github.com/actix/actix-net/pull/238
 
-## 2.0.0 - 2020-09-03
+## 2.0.0
 
 - `nativetls::NativeTlsAcceptor` is renamed to `nativetls::Acceptor`.
 - Where possible, "SSL" terminology is replaced with "TLS".
   - `SslError` is renamed to `TlsError`.
   - `TlsError::Ssl` enum variant is renamed to `TlsError::Tls`.
   - `max_concurrent_ssl_connect` is renamed to `max_concurrent_tls_connect`.
 
-## 2.0.0-alpha.2 - 2020-08-17
+## 2.0.0-alpha.2
 
 - Update `rustls` dependency to 0.18
 - Update `tokio-rustls` dependency to 0.14
 - Update `webpki-roots` dependency to 0.20
 
-## [2.0.0-alpha.1] - 2020-03-03
+## [2.0.0-alpha.1]
 
 - Update `rustls` dependency to 0.17
 - Update `tokio-rustls` dependency to 0.13
 - Update `webpki-roots` dependency to 0.19
 
-## [1.0.0] - 2019-12-11
+## [1.0.0]
 
 - 1.0.0 release
 
-## [1.0.0-alpha.3] - 2019-12-07
+## [1.0.0-alpha.3]
 
 - Migrate to tokio 0.2
 - Enable rustls acceptor service
 - Enable native-tls acceptor service
 
-## [1.0.0-alpha.1] - 2019-12-02
+## [1.0.0-alpha.1]
 
 - Split openssl acceptor from actix-server package

actix-tls/Cargo.toml

@@ -9,7 +9,7 @@ description = "TLS acceptor and connector services for Actix ecosystem"
 keywords = ["network", "tls", "ssl", "async", "transport"]
 repository = "https://github.com/actix/actix-net.git"
 categories = ["network-programming", "asynchronous", "cryptography"]
-license = "MIT OR Apache-2.0"
+license.workspace = true
 edition.workspace = true
 rust-version.workspace = true
 
@@ -29,8 +29,14 @@ connect = []
 # use openssl impls
 openssl = ["tls-openssl", "tokio-openssl"]
 
-# use rustls impls
-rustls = ["tokio-rustls", "webpki-roots"]
+# alias for backwards compat
+rustls = ["rustls-0_20"]
+
+# use rustls v0.20 impls
+rustls-0_20 = ["tokio-rustls-023", "webpki-roots-022"]
+
+# use rustls v0.21 impls
+rustls-0_21 = ["tokio-rustls-024", "webpki-roots-025"]
 
 # use native-tls impls
 native-tls = ["tokio-native-tls"]
@@ -57,9 +63,13 @@ http = { version = "0.2.3", optional = true }
 tls-openssl = { package = "openssl", version = "0.10.48", optional = true }
 tokio-openssl = { version = "0.6", optional = true }
 
-# rustls
-tokio-rustls = { version = "0.23", optional = true }
-webpki-roots = { version = "0.22", optional = true }
+# rustls v0.20
+tokio-rustls-023 = { package = "tokio-rustls", version = "0.23", optional = true }
+webpki-roots-022 = { package = "webpki-roots", version = "0.22", optional = true }
+
+# rustls v0.21
+tokio-rustls-024 = { package = "tokio-rustls", version = "0.24", optional = true }
+webpki-roots-025 = { package = "webpki-roots", version = "0.25", optional = true }
 
 # native-tls
 tokio-native-tls = { version = "0.3", optional = true }
@@ -72,11 +82,11 @@ bytes = "1"
 env_logger = "0.10"
 futures-util = { version = "0.3.17", default-features = false, features = ["sink"] }
 log = "0.4"
-rcgen = "0.10"
+rcgen = "0.11"
 rustls-pemfile = "1"
-tokio-rustls = { version = "0.23", features = ["dangerous_configuration"] }
-trust-dns-resolver = "0.22"
+tokio-rustls-024 = { package = "tokio-rustls", version = "0.24", features = ["dangerous_configuration"] }
+trust-dns-resolver = "0.23"
 
 [[example]]
 name = "accept-rustls"
-required-features = ["accept", "rustls"]
+required-features = ["accept", "rustls-0_21"]

actix-tls/examples/accept-rustls.rs

@@ -17,12 +17,13 @@
 
 #[rustfmt::skip]
 // this `use` is only exists because of how we have organised the crate
-// it is not necessary for your actual code; you should import from `rustls` directly
-use tokio_rustls::rustls;
+// it is not necessary for your actual code; you should import from `rustls` normally
+use tokio_rustls_024::rustls;
 
 use std::{
     fs::File,
     io::{self, BufReader},
+    path::PathBuf,
     sync::{
         atomic::{AtomicUsize, Ordering},
         Arc,
@@ -32,7 +33,7 @@ use std::{
 use actix_rt::net::TcpStream;
 use actix_server::Server;
 use actix_service::ServiceFactoryExt as _;
-use actix_tls::accept::rustls::{Acceptor as RustlsAcceptor, TlsStream};
+use actix_tls::accept::rustls_0_21::{Acceptor as RustlsAcceptor, TlsStream};
 use futures_util::future::ok;
 use rustls::{server::ServerConfig, Certificate, PrivateKey};
 use rustls_pemfile::{certs, rsa_private_keys};
@@ -42,9 +43,16 @@ use tracing::info;
 async fn main() -> io::Result<()> {
     env_logger::init_from_env(env_logger::Env::default().default_filter_or("info"));
 
+    let root_path = env!("CARGO_MANIFEST_DIR")
+        .parse::<PathBuf>()
+        .unwrap()
+        .join("examples");
+    let cert_path = root_path.clone().join("cert.pem");
+    let key_path = root_path.clone().join("key.pem");
+
     // Load TLS key and cert files
-    let cert_file = &mut BufReader::new(File::open("./examples/cert.pem").unwrap());
-    let key_file = &mut BufReader::new(File::open("./examples/key.pem").unwrap());
+    let cert_file = &mut BufReader::new(File::open(cert_path).unwrap());
+    let key_file = &mut BufReader::new(File::open(key_path).unwrap());
 
     let cert_chain = certs(cert_file)
         .unwrap()
@@ -64,7 +72,7 @@ async fn main() -> io::Result<()> {
     let count = Arc::new(AtomicUsize::new(0));
 
     let addr = ("127.0.0.1", 8443);
-    info!("starting server on port: {}", &addr.0);
+    info!("starting server at: {addr:?}");
 
     Server::build()
         .bind("tls-example", addr, move || {

actix-tls/src/accept/mod.rs

@@ -12,15 +12,27 @@ use actix_utils::counter::Counter;
 #[cfg(feature = "openssl")]
 pub mod openssl;
 
-#[cfg(feature = "rustls")]
-pub mod rustls;
+#[cfg(feature = "rustls-0_20")]
+pub mod rustls_0_20;
+
+#[doc(hidden)]
+#[cfg(feature = "rustls-0_20")]
+pub use rustls_0_20 as rustls;
+
+#[cfg(feature = "rustls-0_21")]
+pub mod rustls_0_21;
 
 #[cfg(feature = "native-tls")]
 pub mod native_tls;
 
 pub(crate) static MAX_CONN: AtomicUsize = AtomicUsize::new(256);
 
-#[cfg(any(feature = "openssl", feature = "rustls", feature = "native-tls"))]
+#[cfg(any(
+    feature = "openssl",
+    feature = "rustls-0_20",
+    feature = "rustls-0_21",
+    feature = "native-tls",
+))]
 pub(crate) const DEFAULT_TLS_HANDSHAKE_TIMEOUT: std::time::Duration =
     std::time::Duration::from_secs(3);
 

actix-tls/src/accept/rustls.rs → actix-tls/src/accept/rustls_0_20.rs

@@ -1,4 +1,4 @@
-//! `rustls` based TLS connection acceptor service.
+//! `rustls` v0.20 based TLS connection acceptor service.
 //!
 //! See [`Acceptor`] for main service factory docs.
 
@@ -24,13 +24,14 @@ use actix_utils::{
 use pin_project_lite::pin_project;
 use tokio::io::{AsyncRead, AsyncWrite, ReadBuf};
 use tokio_rustls::{rustls::ServerConfig, Accept, TlsAcceptor};
+use tokio_rustls_023 as tokio_rustls;
 
 use super::{TlsError, DEFAULT_TLS_HANDSHAKE_TIMEOUT, MAX_CONN_COUNTER};
 
 pub mod reexports {
     //! Re-exports from `rustls` that are useful for acceptors.
 
-    pub use tokio_rustls::rustls::ServerConfig;
+    pub use tokio_rustls_023::rustls::ServerConfig;
 }
 
 /// Wraps a `rustls` based async TLS stream in order to implement [`ActixStream`].