Use tokio-rustls 0.23 (#396)

Co-authored-by: Rob Ede <[email protected]>

Author: edward-shen

actix-tls/CHANGES.md

@@ -1,17 +1,21 @@
 # Changes
 
 ## Unreleased - 2021-xx-xx
+* Update `tokio-rustls` to `0.23` which uses `rustls` `0.20`. [#396]
+* Removed a re-export of `Session` from `rustls` as it no longer exist. [#396]
 * Minimum supported Rust version (MSRV) is now 1.52.
 
+[#396]: https://github.com/actix/actix-net/pull/396
+
 
 ## 3.0.0-beta.5 - 2021-03-29
-* Changed `connect::ssl::rustls::RustlsConnectorService` to return error when `DNSNameRef` 
+* Changed `connect::ssl::rustls::RustlsConnectorService` to return error when `DNSNameRef`
   generation failed instead of panic. [#296]
 * Remove `connect::ssl::openssl::OpensslConnectServiceFactory`. [#297]
 * Remove `connect::ssl::openssl::OpensslConnectService`. [#297]
 * Add `connect::ssl::native_tls` module for native tls support. [#295]
 * Rename `accept::{nativetls => native_tls}`. [#295]
-* Remove `connect::TcpConnectService` type. service caller expect a `TcpStream` should use 
+* Remove `connect::TcpConnectService` type. service caller expect a `TcpStream` should use
   `connect::ConnectService` instead and call `Connection<T, TcpStream>::into_parts`. [#299]
 
 [#295]: https://github.com/actix/actix-net/pull/295

actix-tls/Cargo.toml

@@ -54,7 +54,7 @@ tls-openssl = { package = "openssl", version = "0.10.9", optional = true }
 tokio-openssl = { version = "0.6", optional = true }
 
 # rustls
-tokio-rustls = { version = "0.22", optional = true }
+tokio-rustls = { version = "0.23", optional = true }
 webpki-roots = { version = "0.21", optional = true }
 
 # native-tls
@@ -67,6 +67,7 @@ bytes = "1"
 env_logger = "0.8"
 futures-util = { version = "0.3.7", default-features = false, features = ["sink"] }
 log = "0.4"
+rustls-pemfile = "0.2.1"
 trust-dns-resolver = "0.20.0"
 
 [[example]]

actix-tls/examples/tcp-rustls.rs

@@ -35,25 +35,29 @@ use actix_service::ServiceFactoryExt as _;
 use actix_tls::accept::rustls::{Acceptor as RustlsAcceptor, TlsStream};
 use futures_util::future::ok;
 use log::info;
-use rustls::{
-    internal::pemfile::certs, internal::pemfile::rsa_private_keys, NoClientAuth, ServerConfig,
-};
+use rustls::{server::ServerConfig, Certificate, PrivateKey};
+use rustls_pemfile::{certs, rsa_private_keys};
 
 #[actix_rt::main]
 async fn main() -> io::Result<()> {
     env::set_var("RUST_LOG", "info");
     env_logger::init();
 
-    let mut tls_config = ServerConfig::new(NoClientAuth::new());
-
     // Load TLS key and cert files
     let cert_file = &mut BufReader::new(File::open("./examples/cert.pem").unwrap());
     let key_file = &mut BufReader::new(File::open("./examples/key.pem").unwrap());
 
-    let cert_chain = certs(cert_file).unwrap();
+    let cert_chain = certs(cert_file)
+        .unwrap()
+        .into_iter()
+        .map(Certificate)
+        .collect();
     let mut keys = rsa_private_keys(key_file).unwrap();
-    tls_config
-        .set_single_cert(cert_chain, keys.remove(0))
+
+    let tls_config = ServerConfig::builder()
+        .with_safe_defaults()
+        .with_no_client_auth()
+        .with_single_cert(cert_chain, PrivateKey(keys.remove(0)))
         .unwrap();
 
     let tls_acceptor = RustlsAcceptor::new(tls_config);

actix-tls/src/accept/rustls.rs

@@ -14,7 +14,7 @@ use actix_utils::counter::{Counter, CounterGuard};
 use futures_core::future::LocalBoxFuture;
 use tokio_rustls::{Accept, TlsAcceptor};
 
-pub use tokio_rustls::rustls::{ServerConfig, Session};
+pub use tokio_rustls::rustls::ServerConfig;
 
 use super::MAX_CONN_COUNTER;
 

actix-tls/src/connect/ssl/rustls.rs

@@ -1,20 +1,20 @@
 use std::{
+    convert::TryFrom,
     future::Future,
     io,
     pin::Pin,
     sync::Arc,
     task::{Context, Poll},
 };
 
-pub use tokio_rustls::rustls::Session;
 pub use tokio_rustls::{client::TlsStream, rustls::ClientConfig};
 pub use webpki_roots::TLS_SERVER_ROOTS;
 
 use actix_rt::net::ActixStream;
 use actix_service::{Service, ServiceFactory};
 use futures_core::{future::LocalBoxFuture, ready};
 use log::trace;
-use tokio_rustls::webpki::DNSNameRef;
+use tokio_rustls::rustls::client::ServerName;
 use tokio_rustls::{Connect, TlsConnector};
 
 use crate::connect::{Address, Connection};
@@ -89,7 +89,7 @@ where
         trace!("SSL Handshake start for: {:?}", connection.host());
         let (stream, connection) = connection.replace_io(());
 
-        match DNSNameRef::try_from_ascii_str(connection.host()) {
+        match ServerName::try_from(connection.host()) {
             Ok(host) => RustlsConnectorServiceFuture::Future {
                 connect: TlsConnector::from(self.connector.clone()).connect(host, stream),
                 connection: Some(connection),