From dd286fbf6fe4d6523492571b495dc4e13774758e Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 20 Dec 2024 09:11:01 +0100 Subject: [PATCH 1/7] Re-order verifier options --- src/connector.rs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/connector.rs b/src/connector.rs index f4eeea2..28bcd21 100644 --- a/src/connector.rs +++ b/src/connector.rs @@ -220,6 +220,11 @@ mod tests { use crate::{ConfigBuilderExt, HttpsConnectorBuilder}; fn tls_config() -> rustls::ClientConfig { + #[cfg(feature = "rustls-platform-verifier")] + return rustls::ClientConfig::builder() + .with_platform_verifier() + .with_no_client_auth(); + #[cfg(feature = "rustls-native-certs")] return rustls::ClientConfig::builder() .with_native_roots() @@ -230,11 +235,6 @@ mod tests { return rustls::ClientConfig::builder() .with_webpki_roots() .with_no_client_auth(); - - #[cfg(feature = "rustls-platform-verifier")] - return rustls::ClientConfig::builder() - .with_platform_verifier() - .with_no_client_auth(); } fn https_or_http_connector() -> HttpsConnector { From fe0749ee87cf91a5d93e73482cf6ffb5f0c1978f Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 20 Dec 2024 09:14:12 +0100 Subject: [PATCH 2/7] Re-order test module items --- src/connector.rs | 90 ++++++++++++++++++++++++------------------------ 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/src/connector.rs b/src/connector.rs index 28bcd21..cac175b 100644 --- a/src/connector.rs +++ b/src/connector.rs @@ -219,22 +219,35 @@ mod tests { use super::HttpsConnector; use crate::{ConfigBuilderExt, HttpsConnectorBuilder}; - fn tls_config() -> rustls::ClientConfig { - #[cfg(feature = "rustls-platform-verifier")] - return rustls::ClientConfig::builder() - .with_platform_verifier() - .with_no_client_auth(); + #[tokio::test] + async fn connects_https() { + oneshot(https_or_http_connector(), https_uri()) + .await + .unwrap(); + } - #[cfg(feature = "rustls-native-certs")] - return rustls::ClientConfig::builder() - .with_native_roots() - .unwrap() - .with_no_client_auth(); + #[tokio::test] + async fn connects_http() { + oneshot(https_or_http_connector(), http_uri()) + .await + .unwrap(); + } - #[cfg(feature = "webpki-roots")] - return rustls::ClientConfig::builder() - .with_webpki_roots() - .with_no_client_auth(); + #[tokio::test] + async fn connects_https_only() { + oneshot(https_only_connector(), https_uri()) + .await + .unwrap(); + } + + #[tokio::test] + async fn enforces_https_only() { + let message = oneshot(https_only_connector(), http_uri()) + .await + .unwrap_err() + .to_string(); + + assert_eq!(message, "unsupported scheme http"); } fn https_or_http_connector() -> HttpsConnector { @@ -253,6 +266,24 @@ mod tests { .build() } + fn tls_config() -> rustls::ClientConfig { + #[cfg(feature = "rustls-platform-verifier")] + return rustls::ClientConfig::builder() + .with_platform_verifier() + .with_no_client_auth(); + + #[cfg(feature = "rustls-native-certs")] + return rustls::ClientConfig::builder() + .with_native_roots() + .unwrap() + .with_no_client_auth(); + + #[cfg(feature = "webpki-roots")] + return rustls::ClientConfig::builder() + .with_webpki_roots() + .with_no_client_auth(); + } + async fn oneshot(mut service: S, req: Req) -> Result where S: Service, @@ -268,35 +299,4 @@ mod tests { fn http_uri() -> Uri { Uri::from_static("http://google.com") } - - #[tokio::test] - async fn connects_https() { - oneshot(https_or_http_connector(), https_uri()) - .await - .unwrap(); - } - - #[tokio::test] - async fn connects_http() { - oneshot(https_or_http_connector(), http_uri()) - .await - .unwrap(); - } - - #[tokio::test] - async fn connects_https_only() { - oneshot(https_only_connector(), https_uri()) - .await - .unwrap(); - } - - #[tokio::test] - async fn enforces_https_only() { - let message = oneshot(https_only_connector(), http_uri()) - .await - .unwrap_err() - .to_string(); - - assert_eq!(message, "unsupported scheme http"); - } } From ae34da7c046f16076c2ec1a2ef04ee5b3b056afb Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 20 Dec 2024 09:19:45 +0100 Subject: [PATCH 3/7] tests: use concrete type for helper function --- src/connector.rs | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/connector.rs b/src/connector.rs index cac175b..bbb8919 100644 --- a/src/connector.rs +++ b/src/connector.rs @@ -284,10 +284,7 @@ mod tests { .with_no_client_auth(); } - async fn oneshot(mut service: S, req: Req) -> Result - where - S: Service, - { + async fn oneshot>(mut service: S, req: Uri) -> Result { poll_fn(|cx| service.poll_ready(cx)).await?; service.call(req).await } From 793634901f5c37b80f5c08734748ec965fd3a397 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 20 Dec 2024 09:15:15 +0100 Subject: [PATCH 4/7] tests: inline trivial helper functions --- src/connector.rs | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/src/connector.rs b/src/connector.rs index bbb8919..b023214 100644 --- a/src/connector.rs +++ b/src/connector.rs @@ -221,28 +221,28 @@ mod tests { #[tokio::test] async fn connects_https() { - oneshot(https_or_http_connector(), https_uri()) + oneshot(https_or_http_connector(), Scheme::Https) .await .unwrap(); } #[tokio::test] async fn connects_http() { - oneshot(https_or_http_connector(), http_uri()) + oneshot(https_or_http_connector(), Scheme::Http) .await .unwrap(); } #[tokio::test] async fn connects_https_only() { - oneshot(https_only_connector(), https_uri()) + oneshot(https_only_connector(), Scheme::Https) .await .unwrap(); } #[tokio::test] async fn enforces_https_only() { - let message = oneshot(https_only_connector(), http_uri()) + let message = oneshot(https_only_connector(), Scheme::Http) .await .unwrap_err() .to_string(); @@ -284,16 +284,21 @@ mod tests { .with_no_client_auth(); } - async fn oneshot>(mut service: S, req: Uri) -> Result { + async fn oneshot>( + mut service: S, + scheme: Scheme, + ) -> Result { poll_fn(|cx| service.poll_ready(cx)).await?; - service.call(req).await - } - - fn https_uri() -> Uri { - Uri::from_static("https://google.com") + service + .call(Uri::from_static(match scheme { + Scheme::Https => "https://google.com", + Scheme::Http => "http://google.com", + })) + .await } - fn http_uri() -> Uri { - Uri::from_static("http://google.com") + enum Scheme { + Https, + Http, } } From b8f0bd3d7a5c6021feb1ddb85749cf6dca4cb333 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 20 Dec 2024 09:29:58 +0100 Subject: [PATCH 5/7] tests: inline connector setup --- src/connector.rs | 50 +++++++++++++++++++++++------------------------- 1 file changed, 24 insertions(+), 26 deletions(-) diff --git a/src/connector.rs b/src/connector.rs index b023214..96369d8 100644 --- a/src/connector.rs +++ b/src/connector.rs @@ -213,36 +213,37 @@ mod tests { use std::future::poll_fn; use http::Uri; - use hyper_util::client::legacy::connect::HttpConnector; + use hyper_util::rt::TokioIo; + use tokio::net::TcpStream; use tower_service::Service; - use super::HttpsConnector; - use crate::{ConfigBuilderExt, HttpsConnectorBuilder}; + use super::*; + use crate::{ConfigBuilderExt, HttpsConnectorBuilder, MaybeHttpsStream}; #[tokio::test] async fn connects_https() { - oneshot(https_or_http_connector(), Scheme::Https) + connect(Allow::Any, Scheme::Https) .await .unwrap(); } #[tokio::test] async fn connects_http() { - oneshot(https_or_http_connector(), Scheme::Http) + connect(Allow::Any, Scheme::Http) .await .unwrap(); } #[tokio::test] async fn connects_https_only() { - oneshot(https_only_connector(), Scheme::Https) + connect(Allow::Https, Scheme::Https) .await .unwrap(); } #[tokio::test] async fn enforces_https_only() { - let message = oneshot(https_only_connector(), Scheme::Http) + let message = connect(Allow::Https, Scheme::Http) .await .unwrap_err() .to_string(); @@ -250,22 +251,6 @@ mod tests { assert_eq!(message, "unsupported scheme http"); } - fn https_or_http_connector() -> HttpsConnector { - HttpsConnectorBuilder::new() - .with_tls_config(tls_config()) - .https_or_http() - .enable_http1() - .build() - } - - fn https_only_connector() -> HttpsConnector { - HttpsConnectorBuilder::new() - .with_tls_config(tls_config()) - .https_only() - .enable_http1() - .build() - } - fn tls_config() -> rustls::ClientConfig { #[cfg(feature = "rustls-platform-verifier")] return rustls::ClientConfig::builder() @@ -284,10 +269,18 @@ mod tests { .with_no_client_auth(); } - async fn oneshot>( - mut service: S, + async fn connect( + allow: Allow, scheme: Scheme, - ) -> Result { + ) -> Result>, BoxError> { + let builder = HttpsConnectorBuilder::new().with_tls_config(tls_config()); + let mut service = match allow { + Allow::Https => builder.https_only(), + Allow::Any => builder.https_or_http(), + } + .enable_http1() + .build(); + poll_fn(|cx| service.poll_ready(cx)).await?; service .call(Uri::from_static(match scheme { @@ -297,6 +290,11 @@ mod tests { .await } + enum Allow { + Https, + Any, + } + enum Scheme { Https, Http, From 1183ca4d1e0172934c9e5e00bf9ef23f473231c5 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 20 Dec 2024 09:32:42 +0100 Subject: [PATCH 6/7] tests: inline tls_config() helper And avoid unused code warnings for redundant verifier configs. --- Cargo.toml | 1 + src/connector.rs | 32 +++++++++++++------------------- 2 files changed, 14 insertions(+), 19 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index a1829a3..c971434 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -38,6 +38,7 @@ webpki-roots = { version = "0.26", optional = true } futures-util = { version = "0.3", default-features = false } [dev-dependencies] +cfg-if = "1" http-body-util = "0.1" hyper-util = { version = "0.1", default-features = false, features = ["server-auto"] } rustls = { version = "0.23", default-features = false, features = ["tls12"] } diff --git a/src/connector.rs b/src/connector.rs index 96369d8..0ca5c5e 100644 --- a/src/connector.rs +++ b/src/connector.rs @@ -251,29 +251,23 @@ mod tests { assert_eq!(message, "unsupported scheme http"); } - fn tls_config() -> rustls::ClientConfig { - #[cfg(feature = "rustls-platform-verifier")] - return rustls::ClientConfig::builder() - .with_platform_verifier() - .with_no_client_auth(); - - #[cfg(feature = "rustls-native-certs")] - return rustls::ClientConfig::builder() - .with_native_roots() - .unwrap() - .with_no_client_auth(); - - #[cfg(feature = "webpki-roots")] - return rustls::ClientConfig::builder() - .with_webpki_roots() - .with_no_client_auth(); - } - async fn connect( allow: Allow, scheme: Scheme, ) -> Result>, BoxError> { - let builder = HttpsConnectorBuilder::new().with_tls_config(tls_config()); + let config_builder = rustls::ClientConfig::builder(); + cfg_if::cfg_if! { + if #[cfg(feature = "rustls-platform-verifier")] { + let config_builder = config_builder.with_platform_verifier(); + } else if #[cfg(feature = "rustls-native-certs")] { + let config_builder = config_builder.with_native_roots().unwrap(); + } else if #[cfg(feature = "webpki-roots")] { + let config_builder = config_builder.with_webpki_roots(); + } + } + let config = config_builder.with_no_client_auth(); + + let builder = HttpsConnectorBuilder::new().with_tls_config(config); let mut service = match allow { Allow::Https => builder.https_only(), Allow::Any => builder.https_or_http(), From d137bf25dae97efa768d3e5d9f4145d340a61c91 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Fri, 20 Dec 2024 09:33:43 +0100 Subject: [PATCH 7/7] Bump version to 0.27.5 --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index c971434..1003d82 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "hyper-rustls" -version = "0.27.4" +version = "0.27.5" edition = "2021" rust-version = "1.71" license = "Apache-2.0 OR ISC OR MIT"