From 87941f683f8b82f62dcac6fc6f9e4dc817d72f5d Mon Sep 17 00:00:00 2001 From: Nikolay Kim Date: Mon, 23 Mar 2020 10:53:34 +0600 Subject: [PATCH] drop actix-tls dependency --- Cargo.toml | 1 - actix-net/actix-tls/CHANGES.md | 19 --- actix-net/actix-tls/Cargo.toml | 59 --------- actix-net/actix-tls/LICENSE-APACHE | 1 - actix-net/actix-tls/LICENSE-MIT | 1 - actix-net/actix-tls/src/lib.rs | 39 ------ actix-net/actix-tls/src/nativetls.rs | 114 ------------------ ntex/Cargo.toml | 14 ++- ntex/src/http/h1/service.rs | 8 +- ntex/src/http/h2/service.rs | 8 +- ntex/src/http/service.rs | 8 +- ntex/src/server/mod.rs | 32 +++++ .../src => ntex/src/server}/openssl.rs | 7 +- .../src => ntex/src/server}/rustls.rs | 7 +- ntex/src/web/error_default.rs | 2 +- ntex/src/web/server.rs | 6 +- 16 files changed, 66 insertions(+), 260 deletions(-) delete mode 100644 actix-net/actix-tls/CHANGES.md delete mode 100644 actix-net/actix-tls/Cargo.toml delete mode 120000 actix-net/actix-tls/LICENSE-APACHE delete mode 120000 actix-net/actix-tls/LICENSE-MIT delete mode 100644 actix-net/actix-tls/src/lib.rs delete mode 100644 actix-net/actix-tls/src/nativetls.rs rename {actix-net/actix-tls/src => ntex/src/server}/openssl.rs (95%) rename {actix-net/actix-tls/src => ntex/src/server}/rustls.rs (95%) diff --git a/Cargo.toml b/Cargo.toml index bfb949fa..23dd3719 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -21,5 +21,4 @@ actix-codec = { path = "actix-net/actix-codec" } actix-connect = { path = "actix-net/actix-connect" } actix-rt = { path = "actix-net/actix-rt" } actix-macros = { path = "actix-net/actix-macros" } -actix-tls = { path = "actix-net/actix-tls" } bytestring = { path = "actix-net/string" } diff --git a/actix-net/actix-tls/CHANGES.md b/actix-net/actix-tls/CHANGES.md deleted file mode 100644 index 15c0bf76..00000000 --- a/actix-net/actix-tls/CHANGES.md +++ /dev/null @@ -1,19 +0,0 @@ -# Changes - -## [1.0.0] - 2019-12-11 - -* 1.0.0 release - -## [1.0.0-alpha.3] - 2019-12-07 - -### Changed - -* Migrate to tokio 0.2 - -* Enable rustls acceptor service - -* Enable native-tls acceptor service - -## [1.0.0-alpha.1] - 2019-12-02 - -* Split openssl accetor from actix-server package diff --git a/actix-net/actix-tls/Cargo.toml b/actix-net/actix-tls/Cargo.toml deleted file mode 100644 index 47d8078f..00000000 --- a/actix-net/actix-tls/Cargo.toml +++ /dev/null @@ -1,59 +0,0 @@ -[package] -name = "actix-tls" -version = "1.0.0" -authors = ["Nikolay Kim "] -description = "Actix tls services" -keywords = ["network", "framework", "async", "futures"] -homepage = "https://actix.rs" -repository = "https://github.com/actix/actix-net.git" -documentation = "https://docs.rs/actix-tls/" -categories = ["network-programming", "asynchronous"] -license = "MIT/Apache-2.0" -edition = "2018" - -[package.metadata.docs.rs] -features = ["openssl", "rustls", "nativetls"] - -[lib] -name = "actix_tls" -path = "src/lib.rs" - -[features] -default = [] - -# openssl -openssl = ["open-ssl", "tokio-openssl"] - -# rustls -rustls = ["rust-tls", "webpki", "webpki-roots", "tokio-rustls"] - -# nativetls -nativetls = ["native-tls", "tokio-tls"] - -[dependencies] -actix-service = "1.0.0" -actix-codec = "0.2.0" -actix-utils = "1.0.0" -actix-rt = "1.0.0" -derive_more = "0.99.2" -either = "1.5.2" -futures = "0.3.1" -log = "0.4" - -# openssl -open-ssl = { version="0.10", package = "openssl", optional = true } -tokio-openssl = { version = "0.4.0", optional = true } - -# rustls -rust-tls = { version = "0.16.0", package = "rustls", optional = true } -webpki = { version = "0.21", optional = true } -webpki-roots = { version = "0.17", optional = true } -tokio-rustls = { version = "0.12.0", optional = true } - -# native-tls -native-tls = { version="0.2", optional = true } -tokio-tls = { version="0.3", optional = true } - -[dev-dependencies] -bytes = "0.5" -actix-testing = { version="1.0.0" } diff --git a/actix-net/actix-tls/LICENSE-APACHE b/actix-net/actix-tls/LICENSE-APACHE deleted file mode 120000 index 965b606f..00000000 --- a/actix-net/actix-tls/LICENSE-APACHE +++ /dev/null @@ -1 +0,0 @@ -../LICENSE-APACHE \ No newline at end of file diff --git a/actix-net/actix-tls/LICENSE-MIT b/actix-net/actix-tls/LICENSE-MIT deleted file mode 120000 index 76219eb7..00000000 --- a/actix-net/actix-tls/LICENSE-MIT +++ /dev/null @@ -1 +0,0 @@ -../LICENSE-MIT \ No newline at end of file diff --git a/actix-net/actix-tls/src/lib.rs b/actix-net/actix-tls/src/lib.rs deleted file mode 100644 index a6a50fa1..00000000 --- a/actix-net/actix-tls/src/lib.rs +++ /dev/null @@ -1,39 +0,0 @@ -//! SSL Services -#![deny(rust_2018_idioms, warnings)] -#![allow(clippy::type_complexity)] - -use std::sync::atomic::{AtomicUsize, Ordering}; - -use actix_utils::counter::Counter; - -#[cfg(feature = "openssl")] -pub mod openssl; - -#[cfg(feature = "rustls")] -pub mod rustls; - -#[cfg(feature = "nativetls")] -pub mod nativetls; - -/// Sets the maximum per-worker concurrent ssl connection establish process. -/// -/// All listeners will stop accepting connections when this limit is -/// reached. It can be used to limit the global SSL CPU usage. -/// -/// By default max connections is set to a 256. -pub fn max_concurrent_ssl_connect(num: usize) { - MAX_CONN.store(num, Ordering::Relaxed); -} - -pub(crate) static MAX_CONN: AtomicUsize = AtomicUsize::new(256); - -thread_local! { - static MAX_CONN_COUNTER: Counter = Counter::new(MAX_CONN.load(Ordering::Relaxed)); -} - -/// Ssl error combinded with service error. -#[derive(Debug)] -pub enum SslError { - Ssl(E1), - Service(E2), -} diff --git a/actix-net/actix-tls/src/nativetls.rs b/actix-net/actix-tls/src/nativetls.rs deleted file mode 100644 index 8b2c7cee..00000000 --- a/actix-net/actix-tls/src/nativetls.rs +++ /dev/null @@ -1,114 +0,0 @@ -use std::marker::PhantomData; -use std::task::{Context, Poll}; - -use actix_codec::{AsyncRead, AsyncWrite}; -use actix_service::{Service, ServiceFactory}; -use actix_utils::counter::Counter; -use futures::future::{self, FutureExt, LocalBoxFuture, TryFutureExt}; -pub use native_tls::Error; -pub use tokio_tls::{TlsAcceptor, TlsStream}; - -use crate::MAX_CONN_COUNTER; - -/// Support `SSL` connections via native-tls package -/// -/// `tls` feature enables `NativeTlsAcceptor` type -pub struct NativeTlsAcceptor { - acceptor: TlsAcceptor, - io: PhantomData, -} - -impl NativeTlsAcceptor -where - T: AsyncRead + AsyncWrite + Unpin, -{ - /// Create `NativeTlsAcceptor` instance - #[inline] - pub fn new(acceptor: TlsAcceptor) -> Self { - NativeTlsAcceptor { - acceptor, - io: PhantomData, - } - } -} - -impl Clone for NativeTlsAcceptor { - #[inline] - fn clone(&self) -> Self { - Self { - acceptor: self.acceptor.clone(), - io: PhantomData, - } - } -} - -impl ServiceFactory for NativeTlsAcceptor -where - T: AsyncRead + AsyncWrite + Unpin + 'static, -{ - type Request = T; - type Response = TlsStream; - type Error = Error; - type Service = NativeTlsAcceptorService; - - type Config = (); - type InitError = (); - type Future = future::Ready>; - - fn new_service(&self, _: ()) -> Self::Future { - MAX_CONN_COUNTER.with(|conns| { - future::ok(NativeTlsAcceptorService { - acceptor: self.acceptor.clone(), - conns: conns.clone(), - io: PhantomData, - }) - }) - } -} - -pub struct NativeTlsAcceptorService { - acceptor: TlsAcceptor, - io: PhantomData, - conns: Counter, -} - -impl Clone for NativeTlsAcceptorService { - fn clone(&self) -> Self { - Self { - acceptor: self.acceptor.clone(), - io: PhantomData, - conns: self.conns.clone(), - } - } -} - -impl Service for NativeTlsAcceptorService -where - T: AsyncRead + AsyncWrite + Unpin + 'static, -{ - type Request = T; - type Response = TlsStream; - type Error = Error; - type Future = LocalBoxFuture<'static, Result, Error>>; - - fn poll_ready(&mut self, cx: &mut Context<'_>) -> Poll> { - if self.conns.available(cx) { - Poll::Ready(Ok(())) - } else { - Poll::Pending - } - } - - fn call(&mut self, req: Self::Request) -> Self::Future { - let guard = self.conns.get(); - let this = self.clone(); - async move { this.acceptor.accept(req).await } - .map_ok(move |io| { - // Required to preserve `CounterGuard` until `Self::Future` - // is completely resolved. - let _ = guard; - io - }) - .boxed_local() - } -} diff --git a/ntex/Cargo.toml b/ntex/Cargo.toml index 2687a867..4cc02496 100644 --- a/ntex/Cargo.toml +++ b/ntex/Cargo.toml @@ -24,10 +24,10 @@ path = "src/lib.rs" default = [] # openssl -openssl = ["actix-tls/openssl", "actix-connect/openssl", "open-ssl"] +openssl = ["actix-connect/openssl", "open-ssl", "tokio-openssl"] # rustls support -rustls = ["actix-tls/rustls", "actix-connect/rustls", "rust-tls"] +rustls = ["actix-connect/rustls", "rust-tls", "webpki", "webpki-roots", "tokio-rustls"] # enable compressison support compress = ["flate2", "brotli2"] @@ -45,7 +45,6 @@ actix-connect = "1.0.1" actix-macros = "0.1.0" actix-rt = "1.0.0" actix-threadpool = "0.3.1" -actix-tls = { version = "1.0.0" } base64 = "0.11" bitflags = "1.2" @@ -78,8 +77,16 @@ serde_urlencoded = "0.6.1" url = "2.1" time = { version = "0.2.5", default-features = false, features = ["std"] } coo-kie = { version = "0.13.3", package = "cookie", optional = true } + +# openssl open-ssl = { version="0.10", package = "openssl", optional = true } +tokio-openssl = { version = "0.4.0", optional = true } + +# rustls rust-tls = { version = "0.16.0", package = "rustls", optional = true } +webpki = { version = "0.21", optional = true } +webpki-roots = { version = "0.17", optional = true } +tokio-rustls = { version = "0.12.0", optional = true } # FIXME: Remove it and use mio own uds feature once mio 0.7 is released mio-uds = { version = "0.6.7" } @@ -92,7 +99,6 @@ tokio = "0.2.4" [dev-dependencies] actix-connect = { version = "1.0.0", features=["openssl"] } -actix-tls = { version = "1.0.0", features=["openssl"] } futures = "0.3.1" env_logger = "0.7" serde_derive = "1.0" diff --git a/ntex/src/http/h1/service.rs b/ntex/src/http/h1/service.rs index 89c0a005..ca9923a5 100644 --- a/ntex/src/http/h1/service.rs +++ b/ntex/src/http/h1/service.rs @@ -97,8 +97,8 @@ where mod openssl { use super::*; - use actix_tls::openssl::{Acceptor, SslAcceptor, SslStream}; - use actix_tls::{openssl::HandshakeError, SslError}; + use crate::server::openssl::{Acceptor, SslAcceptor, SslStream}; + use crate::server::{openssl::HandshakeError, SslError}; impl H1Service, S, B, X, U> where @@ -146,8 +146,8 @@ mod openssl { #[cfg(feature = "rustls")] mod rustls { use super::*; - use actix_tls::rustls::{Acceptor, ServerConfig, TlsStream}; - use actix_tls::SslError; + use crate::server::rustls::{Acceptor, ServerConfig, TlsStream}; + use crate::server::SslError; use std::{fmt, io}; impl H1Service, S, B, X, U> diff --git a/ntex/src/http/h2/service.rs b/ntex/src/http/h2/service.rs index 1802e784..8b4879db 100644 --- a/ntex/src/http/h2/service.rs +++ b/ntex/src/http/h2/service.rs @@ -95,8 +95,8 @@ where #[cfg(feature = "openssl")] mod openssl { - use actix_tls::openssl::{Acceptor, SslAcceptor, SslStream}; - use actix_tls::{openssl::HandshakeError, SslError}; + use crate::server::openssl::{Acceptor, SslAcceptor, SslStream}; + use crate::server::{openssl::HandshakeError, SslError}; use super::*; use crate::{fn_factory, fn_service}; @@ -139,8 +139,8 @@ mod openssl { #[cfg(feature = "rustls")] mod rustls { use super::*; - use actix_tls::rustls::{Acceptor, ServerConfig, TlsStream}; - use actix_tls::SslError; + use crate::server::rustls::{Acceptor, ServerConfig, TlsStream}; + use crate::server::SslError; use std::io; impl H2Service, S, B> diff --git a/ntex/src/http/service.rs b/ntex/src/http/service.rs index d803de4f..6a2da7c6 100644 --- a/ntex/src/http/service.rs +++ b/ntex/src/http/service.rs @@ -195,8 +195,8 @@ where #[cfg(feature = "openssl")] mod openssl { use super::*; - use actix_tls::openssl::{Acceptor, SslAcceptor, SslStream}; - use actix_tls::{openssl::HandshakeError, SslError}; + use crate::server::openssl::{Acceptor, SslAcceptor, SslStream}; + use crate::server::{openssl::HandshakeError, SslError}; impl HttpService, S, B, X, U> where @@ -256,8 +256,8 @@ mod openssl { #[cfg(feature = "rustls")] mod rustls { use super::*; - use actix_tls::rustls::{Acceptor, ServerConfig, Session, TlsStream}; - use actix_tls::SslError; + use crate::server::rustls::{Acceptor, ServerConfig, Session, TlsStream}; + use crate::server::SslError; use std::io; impl HttpService, S, B, X, U> diff --git a/ntex/src/server/mod.rs b/ntex/src/server/mod.rs index 09409fef..55df783d 100644 --- a/ntex/src/server/mod.rs +++ b/ntex/src/server/mod.rs @@ -1,5 +1,8 @@ //! General purpose tcp server #![allow(clippy::type_complexity)] +use std::sync::atomic::{AtomicUsize, Ordering}; + +use crate::util::counter::Counter; mod accept; mod builder; @@ -11,6 +14,12 @@ mod socket; mod test; mod worker; +#[cfg(feature = "openssl")] +pub mod openssl; + +#[cfg(feature = "rustls")] +pub mod rustls; + pub use self::builder::ServerBuilder; pub use self::config::{ServiceConfig, ServiceRuntime}; pub use self::server::Server; @@ -36,3 +45,26 @@ impl Token { pub fn new() -> ServerBuilder { ServerBuilder::default() } + +/// Sets the maximum per-worker concurrent ssl connection establish process. +/// +/// All listeners will stop accepting connections when this limit is +/// reached. It can be used to limit the global SSL CPU usage. +/// +/// By default max connections is set to a 256. +pub fn max_concurrent_ssl_accept(num: usize) { + MAX_CONN.store(num, Ordering::Relaxed); +} + +pub(crate) static MAX_CONN: AtomicUsize = AtomicUsize::new(256); + +thread_local! { + static MAX_CONN_COUNTER: Counter = Counter::new(MAX_CONN.load(Ordering::Relaxed)); +} + +/// Ssl error combinded with service error. +#[derive(Debug)] +pub enum SslError { + Ssl(E1), + Service(E2), +} diff --git a/actix-net/actix-tls/src/openssl.rs b/ntex/src/server/openssl.rs similarity index 95% rename from actix-net/actix-tls/src/openssl.rs rename to ntex/src/server/openssl.rs index 3da8bfc6..253098ce 100644 --- a/actix-net/actix-tls/src/openssl.rs +++ b/ntex/src/server/openssl.rs @@ -7,11 +7,12 @@ pub use open_ssl::ssl::{AlpnError, SslAcceptor, SslAcceptorBuilder}; pub use tokio_openssl::{HandshakeError, SslStream}; use actix_codec::{AsyncRead, AsyncWrite}; -use actix_service::{Service, ServiceFactory}; -use actix_utils::counter::{Counter, CounterGuard}; use futures::future::{ok, FutureExt, LocalBoxFuture, Ready}; -use crate::MAX_CONN_COUNTER; +use crate::service::{Service, ServiceFactory}; +use crate::util::counter::{Counter, CounterGuard}; + +use super::MAX_CONN_COUNTER; /// Support `TLS` server connections via openssl package /// diff --git a/actix-net/actix-tls/src/rustls.rs b/ntex/src/server/rustls.rs similarity index 95% rename from actix-net/actix-tls/src/rustls.rs rename to ntex/src/server/rustls.rs index b71e22a1..06602788 100644 --- a/actix-net/actix-tls/src/rustls.rs +++ b/ntex/src/server/rustls.rs @@ -6,8 +6,6 @@ use std::sync::Arc; use std::task::{Context, Poll}; use actix_codec::{AsyncRead, AsyncWrite}; -use actix_service::{Service, ServiceFactory}; -use actix_utils::counter::{Counter, CounterGuard}; use futures::future::{ok, Ready}; use tokio_rustls::{Accept, TlsAcceptor}; @@ -15,7 +13,10 @@ pub use rust_tls::{ServerConfig, Session}; pub use tokio_rustls::server::TlsStream; pub use webpki_roots::TLS_SERVER_ROOTS; -use crate::MAX_CONN_COUNTER; +use crate::service::{Service, ServiceFactory}; +use crate::util::counter::{Counter, CounterGuard}; + +use super::MAX_CONN_COUNTER; /// Support `SSL` connections via rustls package /// diff --git a/ntex/src/web/error_default.rs b/ntex/src/web/error_default.rs index ecd37744..bd0bdc6c 100644 --- a/ntex/src/web/error_default.rs +++ b/ntex/src/web/error_default.rs @@ -98,7 +98,7 @@ impl WebResponseError for actix_connect::ssl::openssl::SslError {} #[cfg(feature = "openssl")] /// `InternalServerError` for `openssl::ssl::HandshakeError` impl WebResponseError - for actix_tls::openssl::HandshakeError + for crate::server::openssl::HandshakeError { } diff --git a/ntex/src/web/server.rs b/ntex/src/web/server.rs index f62f0f6d..751e8c24 100644 --- a/ntex/src/web/server.rs +++ b/ntex/src/web/server.rs @@ -3,9 +3,9 @@ use std::sync::{Arc, Mutex}; use std::{fmt, io, net}; #[cfg(feature = "openssl")] -use actix_tls::openssl::{AlpnError, SslAcceptor, SslAcceptorBuilder}; +use crate::server::openssl::{AlpnError, SslAcceptor, SslAcceptorBuilder}; #[cfg(feature = "rustls")] -use actix_tls::rustls::ServerConfig as RustlsServerConfig; +use crate::server::rustls::ServerConfig as RustlsServerConfig; #[cfg(unix)] use futures::future::ok; @@ -141,7 +141,7 @@ where /// /// By default max connections is set to a 256. pub fn maxconnrate(self, num: usize) -> Self { - actix_tls::max_concurrent_ssl_connect(num); + crate::server::max_concurrent_ssl_accept(num); self }