0.8.1-beta Try to replace openssl with rustls

2021-08-23 14:08:20 +08:00 · 2021-08-23 14:08:20 +08:00 · d6e64db5c7
parent 1ae50ebca8
commit d6e64db5c7
4 changed files with 131 additions and 85 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -42,8 +42,8 @@ jobs:
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@v2
-      - run: vcpkg integrate install
-      - run: vcpkg install openssl:x64-windows-static-md
+      # - run: vcpkg integrate install
+      # - run: vcpkg install openssl:x64-windows-static-md
      - uses: taiki-e/upload-rust-binary-action@v1
        with:
          bin: web
--- a/Cargo.lock
+++ b/Cargo.lock
@ -33,10 +33,11 @@ dependencies = [
 "futures-util",
 "http",
 "log",
- "openssl",
- "tokio-openssl",
+ "rustls",
+ "tokio-rustls",
 "trust-dns-proto",
 "trust-dns-resolver",
+ "webpki",
 ]

 [[package]]
@ -72,7 +73,7 @@ dependencies = [
 "actix-threadpool",
 "actix-tls",
 "actix-utils",
- "base64",
+ "base64 0.13.0",
 "bitflags",
 "brotli2",
 "bytes 0.5.6",
@ -214,8 +215,10 @@ dependencies = [
 "actix-service",
 "actix-utils",
 "futures-util",
- "openssl",
- "tokio-openssl",
+ "rustls",
+ "tokio-rustls",
+ "webpki",
+ "webpki-roots",
 ]

 [[package]]
@ -266,9 +269,9 @@ dependencies = [
 "fxhash",
 "log",
 "mime",
- "openssl",
 "pin-project 1.0.8",
 "regex",
+ "rustls",
 "serde",
 "serde_json",
 "serde_urlencoded",
@ -296,7 +299,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0c3b11a07a3df3f7970fd8bd38cc66998b5549f507c54cc64c6e843bc82d6358"
 dependencies = [
 "actix-web",
- "base64",
+ "base64 0.13.0",
 "futures-util",
 ]

@ -353,16 +356,16 @@ dependencies = [
 "actix-http",
 "actix-rt",
 "actix-service",
- "base64",
+ "base64 0.13.0",
 "bytes 0.5.6",
 "cfg-if 1.0.0",
 "derive_more",
 "futures-core",
 "log",
 "mime",
- "openssl",
 "percent-encoding",
 "rand 0.7.3",
+ "rustls",
 "serde",
 "serde_json",
 "serde_urlencoded",
@ -374,6 +377,12 @@ version = "0.2.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a4521f3e3d031370679b3b140beb36dfe4801b09ac77e30c61941f97df3ef28b"

+[[package]]
+name = "base64"
+version = "0.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3441f0f7b02788e948e47f457ca01f1d7e6d92c693bc132c22b087d3141c03ff"
+
 [[package]]
 name = "base64"
 version = "0.13.0"
@ -730,21 +739,6 @@ version = "1.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"

-[[package]]
-name = "foreign-types"
-version = "0.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
-dependencies = [
- "foreign-types-shared",
-]
-
-[[package]]
-name = "foreign-types-shared"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
-
 [[package]]
 name = "form_urlencoded"
 version = "1.0.1"
@ -1086,6 +1080,15 @@ version = "0.4.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dd25036021b0de88a0aff6b850051563c6516d0bf53f8638938edbb9de732736"

+[[package]]
+name = "js-sys"
+version = "0.3.53"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e4bf49d50e2961077d9c99f4b7997d770a1114f087c3c2e0069b36c13fc2979d"
+dependencies = [
+ "wasm-bindgen",
+]
+
 [[package]]
 name = "kernel32-sys"
 version = "0.2.2"
@ -1307,33 +1310,6 @@ version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"

-[[package]]
-name = "openssl"
-version = "0.10.36"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8d9facdb76fec0b73c406f125d44d86fdad818d66fef0531eec9233ca425ff4a"
-dependencies = [
- "bitflags",
- "cfg-if 1.0.0",
- "foreign-types",
- "libc",
- "once_cell",
- "openssl-sys",
-]
-
-[[package]]
-name = "openssl-sys"
-version = "0.9.66"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1996d2d305e561b70d1ee0c53f1542833f4e1ac6ce9a6708b6ff2738ca67dc82"
-dependencies = [
- "autocfg",
- "cc",
- "libc",
- "pkg-config",
- "vcpkg",
-]
-
 [[package]]
 name = "os_str_bytes"
 version = "3.1.0"
@ -1481,12 +1457,6 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"

-[[package]]
-name = "pkg-config"
-version = "0.3.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3831453b3449ceb48b6d9c7ad7c96d5ea673e9b470a1dc578c2ce6521230884c"
-
 [[package]]
 name = "ppv-lite86"
 version = "0.2.10"
@ -1670,6 +1640,21 @@ dependencies = [
 "quick-error",
 ]

+[[package]]
+name = "ring"
+version = "0.16.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
+dependencies = [
+ "cc",
+ "libc",
+ "once_cell",
+ "spin",
+ "untrusted",
+ "web-sys",
+ "winapi 0.3.9",
+]
+
 [[package]]
 name = "rustc_version"
 version = "0.2.3"
@ -1688,6 +1673,19 @@ dependencies = [
 "semver 0.11.0",
 ]

+[[package]]
+name = "rustls"
+version = "0.18.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5d1126dcf58e93cee7d098dbda643b5f92ed724f1f6a63007c1116eed6700c81"
+dependencies = [
+ "base64 0.12.3",
+ "log",
+ "ring",
+ "sct",
+ "webpki",
+]
+
 [[package]]
 name = "ryu"
 version = "1.0.5"
@ -1709,6 +1707,16 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"

+[[package]]
+name = "sct"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b362b83898e0e69f38515b82ee15aa80636befe47c3b6d3d89a911e78fc228ce"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "semver"
 version = "0.9.0"
@ -1870,6 +1878,12 @@ dependencies = [
 "winapi 0.3.9",
 ]

+[[package]]
+name = "spin"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
+
 [[package]]
 name = "standback"
 version = "0.2.17"
@ -2119,13 +2133,15 @@ dependencies = [
 ]

 [[package]]
-name = "tokio-openssl"
-version = "0.4.0"
+name = "tokio-rustls"
+version = "0.14.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3c4b08c5f4208e699ede3df2520aca2e82401b2de33f45e96696a074480be594"
+checksum = "e12831b255bcfa39dc0436b01e19fea231a37db570686c06ee72c423479f889a"
 dependencies = [
- "openssl",
+ "futures-core",
+ "rustls",
 "tokio",
+ "webpki",
 ]

 [[package]]
@ -2325,6 +2341,12 @@ version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3"

+[[package]]
+name = "untrusted"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
+
 [[package]]
 name = "url"
 version = "2.2.2"
@ -2369,12 +2391,6 @@ dependencies = [
 "v_escape",
 ]

-[[package]]
-name = "vcpkg"
-version = "0.2.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
-
 [[package]]
 name = "vec_map"
 version = "0.8.2"
@ -2472,7 +2488,7 @@ checksum = "acdb075a845574a1fa5f09fd77e43f7747599301ea3417a9fbffdeedfc1f4a29"

 [[package]]
 name = "web"
-version = "0.8.0-beta"
+version = "0.8.1-beta"
 dependencies = [
 "actix-files",
 "actix-http",
@ -2484,14 +2500,43 @@ dependencies = [
 "lazy_static",
 "log",
 "mime_guess",
- "openssl",
 "regex",
+ "rustls",
 "serde",
 "sha2",
 "tera",
 "toml",
 ]

+[[package]]
+name = "web-sys"
+version = "0.3.53"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "224b2f6b67919060055ef1a67807367c2066ed520c3862cc013d26cf893a783c"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "webpki"
+version = "0.21.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b8e38c0608262c46d4a56202ebabdeb094cef7e560ca7a226c6bf055188aa4ea"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
+[[package]]
+name = "webpki-roots"
+version = "0.20.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0f20dea7535251981a9670857150d571846545088359b28e4951d350bdaf179f"
+dependencies = [
+ "webpki",
+]
+
 [[package]]
 name = "widestring"
 version = "0.4.3"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -3,12 +3,12 @@ authors = ["Tim_Paik <timpaikc@outlook.com>"]
 description = "simple http server written in rust"
 edition = "2018"
 name = "web"
-version = "0.8.0-beta"
+version = "0.8.1-beta"

 [dependencies]
 actix-files = "0.5"
 actix-http = "2.2"
-actix-web = {version = "3.3", features = ["openssl"]}
+actix-web = {version = "3.3", features = ["rustls"]}
 actix-web-httpauth = "0.5"
 chrono = "0.4"
 clap = {version = "3.0.0-beta.4", features = ["wrap_help", "color"]}
@ -16,8 +16,8 @@ env_logger = "0.9"
 lazy_static = "1.4"
 log = "0.4"
 mime_guess = "2"
-openssl = {version = "0.10", features = ["v110"]}
 regex = "1.5"
+rustls = "0.18"
 serde = "1"
 sha2 = "0.9"
 tera = "1"
--- a/src/main.rs
+++ b/src/main.rs
@ -14,7 +14,7 @@ use sha2::Digest;
 use std::{
    env::{set_var, var},
    fs::read_dir,
-    io::{Error, ErrorKind, Read, Write},
+    io::{BufReader, Error, ErrorKind, Read, Write},
    net::IpAddr,
    path::{Path, PathBuf},
    str::FromStr,
@ -737,16 +737,17 @@ async fn main() -> std::io::Result<()> {
        return app.service(files);
    });
    let server = if enable_tls {
-        let cert = Path::new(matches.value_of("cert").unwrap());
-        let key = Path::new(matches.value_of("key").unwrap());
-        let mut builder =
-            openssl::ssl::SslAcceptor::mozilla_intermediate(openssl::ssl::SslMethod::tls())
-                .unwrap();
-        builder
-            .set_private_key_file(key, openssl::ssl::SslFiletype::PEM)
-            .unwrap();
-        builder.set_certificate_chain_file(cert).unwrap();
-        server.bind_openssl(addr, builder)
+        let cert = &mut BufReader::new(
+            std::fs::File::open(Path::new(matches.value_of("cert").unwrap())).unwrap(),
+        );
+        let key = &mut BufReader::new(
+            std::fs::File::open(Path::new(matches.value_of("key").unwrap())).unwrap(),
+        );
+        let mut config = rustls::ServerConfig::new(rustls::NoClientAuth::new());
+        let cert_chain = rustls::internal::pemfile::certs(cert).unwrap();
+        let mut keys = rustls::internal::pemfile::rsa_private_keys(key).unwrap();
+        config.set_single_cert(cert_chain, keys.remove(0)).unwrap();
+        server.bind_rustls(addr, config)
    } else {
        server.bind(addr)
    };