From 9d0534999d91bb512581021e85da552cf91badc0 Mon Sep 17 00:00:00 2001 From: Rob Ede Date: Wed, 9 Sep 2020 09:20:54 +0100 Subject: [PATCH] bump connect and tls versions (#1655) --- CHANGES.md | 4 ++++ Cargo.toml | 2 +- MIGRATION.md | 4 ++++ actix-http/Cargo.toml | 8 ++++---- actix-http/src/h1/service.rs | 16 ++++++++-------- actix-http/src/h2/service.rs | 16 ++++++++-------- actix-http/src/service.rs | 16 ++++++++-------- awc/Cargo.toml | 4 ++-- docs/graphs/net-only.dot | 2 +- docs/graphs/web-focus.dot | 2 +- src/server.rs | 29 ++++++++++++++++------------- test-server/Cargo.toml | 2 +- tests/test_httpserver.rs | 4 ++-- 13 files changed, 60 insertions(+), 49 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 82c562f5c..291aa8227 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -9,10 +9,14 @@ * Update actix-codec and actix-utils dependencies. [#1634] * `FormConfig` and `JsonConfig` configurations are now also considered when set using `App::data`. [#1641] +* `HttpServer::maxconn` is renamed to the more expressive `HttpServer::max_connections`. [#1655] +* `HttpServer::maxconnrate` is renamed to the more expressive + `HttpServer::max_connection_rate`. [#1655] [#1639]: https://github.com/actix/actix-web/pull/1639 [#1641]: https://github.com/actix/actix-web/pull/1641 [#1634]: https://github.com/actix/actix-web/pull/1634 +[#1655]: https://github.com/actix/actix-web/pull/1655 ## 3.0.0-beta.3 - 2020-08-17 ### Changed diff --git a/Cargo.toml b/Cargo.toml index dbdab5937..6a02b30f9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -74,7 +74,7 @@ actix-server = "1.0.0" actix-testing = "1.0.0" actix-macros = "0.1.0" actix-threadpool = "0.3.1" -actix-tls = "2.0.0-alpha.2" +actix-tls = "2.0.0" actix-web-codegen = "0.3.0-beta.1" actix-http = "2.0.0-beta.3" diff --git a/MIGRATION.md b/MIGRATION.md index 0e73b7d47..15045ed69 100644 --- a/MIGRATION.md +++ b/MIGRATION.md @@ -36,6 +36,10 @@ It will need `middleware::normalize::TrailingSlash` when being constructed with `NormalizePath::new(...)`, or for an easier migration you can replace `wrap(middleware::NormalizePath)` with `wrap(middleware::NormalizePath::default())`. +* `HttpServer::maxconn` is renamed to the more expressive `HttpServer::max_connections`. + +* `HttpServer::maxconnrate` is renamed to the more expressive `HttpServer::max_connection_rate`. + ## 2.0.0 * `HttpServer::start()` renamed to `HttpServer::run()`. It also possible to diff --git a/actix-http/Cargo.toml b/actix-http/Cargo.toml index 750d1e0af..3c8fb2e21 100644 --- a/actix-http/Cargo.toml +++ b/actix-http/Cargo.toml @@ -42,11 +42,11 @@ actors = ["actix"] [dependencies] actix-service = "1.0.5" actix-codec = "0.3.0" -actix-connect = "2.0.0-alpha.4" +actix-connect = "2.0.0" actix-utils = "2.0.0" actix-rt = "1.0.0" actix-threadpool = "0.3.1" -actix-tls = { version = "2.0.0-alpha.2", optional = true } +actix-tls = { version = "2.0.0", optional = true } actix = { version = "0.10.0-alpha.1", optional = true } base64 = "0.12" @@ -87,9 +87,9 @@ flate2 = { version = "1.0.13", optional = true } [dev-dependencies] actix-server = "1.0.1" -actix-connect = { version = "2.0.0-alpha.4", features = ["openssl"] } +actix-connect = { version = "2.0.0", features = ["openssl"] } actix-http-test = { version = "2.0.0-alpha.1", features = ["openssl"] } -actix-tls = { version = "2.0.0-alpha.2", features = ["openssl"] } +actix-tls = { version = "2.0.0", features = ["openssl"] } criterion = "0.3" env_logger = "0.7" serde_derive = "1.0" diff --git a/actix-http/src/h1/service.rs b/actix-http/src/h1/service.rs index 339a0f538..6aafd4089 100644 --- a/actix-http/src/h1/service.rs +++ b/actix-http/src/h1/service.rs @@ -98,7 +98,7 @@ mod openssl { use super::*; use actix_tls::openssl::{Acceptor, SslAcceptor, SslStream}; - use actix_tls::{openssl::HandshakeError, SslError}; + use actix_tls::{openssl::HandshakeError, TlsError}; impl H1Service, S, B, X, U> where @@ -126,19 +126,19 @@ mod openssl { Config = (), Request = TcpStream, Response = (), - Error = SslError, DispatchError>, + Error = TlsError, DispatchError>, InitError = (), > { pipeline_factory( Acceptor::new(acceptor) - .map_err(SslError::Ssl) + .map_err(TlsError::Tls) .map_init_err(|_| panic!()), ) .and_then(|io: SslStream| { let peer_addr = io.get_ref().peer_addr().ok(); ok((io, peer_addr)) }) - .and_then(self.map_err(SslError::Service)) + .and_then(self.map_err(TlsError::Service)) } } } @@ -147,7 +147,7 @@ mod openssl { mod rustls { use super::*; use actix_tls::rustls::{Acceptor, ServerConfig, TlsStream}; - use actix_tls::SslError; + use actix_tls::TlsError; use std::{fmt, io}; impl H1Service, S, B, X, U> @@ -176,19 +176,19 @@ mod rustls { Config = (), Request = TcpStream, Response = (), - Error = SslError, + Error = TlsError, InitError = (), > { pipeline_factory( Acceptor::new(config) - .map_err(SslError::Ssl) + .map_err(TlsError::Tls) .map_init_err(|_| panic!()), ) .and_then(|io: TlsStream| { let peer_addr = io.get_ref().0.peer_addr().ok(); ok((io, peer_addr)) }) - .and_then(self.map_err(SslError::Service)) + .and_then(self.map_err(TlsError::Service)) } } } diff --git a/actix-http/src/h2/service.rs b/actix-http/src/h2/service.rs index eef5dd02c..6b5620e02 100644 --- a/actix-http/src/h2/service.rs +++ b/actix-http/src/h2/service.rs @@ -97,7 +97,7 @@ where mod openssl { use actix_service::{fn_factory, fn_service}; use actix_tls::openssl::{Acceptor, SslAcceptor, SslStream}; - use actix_tls::{openssl::HandshakeError, SslError}; + use actix_tls::{openssl::HandshakeError, TlsError}; use super::*; @@ -117,12 +117,12 @@ mod openssl { Config = (), Request = TcpStream, Response = (), - Error = SslError, DispatchError>, + Error = TlsError, DispatchError>, InitError = S::InitError, > { pipeline_factory( Acceptor::new(acceptor) - .map_err(SslError::Ssl) + .map_err(TlsError::Tls) .map_init_err(|_| panic!()), ) .and_then(fn_factory(|| { @@ -131,7 +131,7 @@ mod openssl { ok((io, peer_addr)) })) })) - .and_then(self.map_err(SslError::Service)) + .and_then(self.map_err(TlsError::Service)) } } } @@ -140,7 +140,7 @@ mod openssl { mod rustls { use super::*; use actix_tls::rustls::{Acceptor, ServerConfig, TlsStream}; - use actix_tls::SslError; + use actix_tls::TlsError; use std::io; impl H2Service, S, B> @@ -159,7 +159,7 @@ mod rustls { Config = (), Request = TcpStream, Response = (), - Error = SslError, + Error = TlsError, InitError = S::InitError, > { let protos = vec!["h2".to_string().into()]; @@ -167,7 +167,7 @@ mod rustls { pipeline_factory( Acceptor::new(config) - .map_err(SslError::Ssl) + .map_err(TlsError::Tls) .map_init_err(|_| panic!()), ) .and_then(fn_factory(|| { @@ -176,7 +176,7 @@ mod rustls { ok((io, peer_addr)) })) })) - .and_then(self.map_err(SslError::Service)) + .and_then(self.map_err(TlsError::Service)) } } } diff --git a/actix-http/src/service.rs b/actix-http/src/service.rs index 94cdbc828..9ee579702 100644 --- a/actix-http/src/service.rs +++ b/actix-http/src/service.rs @@ -195,7 +195,7 @@ where mod openssl { use super::*; use actix_tls::openssl::{Acceptor, SslAcceptor, SslStream}; - use actix_tls::{openssl::HandshakeError, SslError}; + use actix_tls::{openssl::HandshakeError, TlsError}; impl HttpService, S, B, X, U> where @@ -226,12 +226,12 @@ mod openssl { Config = (), Request = TcpStream, Response = (), - Error = SslError, DispatchError>, + Error = TlsError, DispatchError>, InitError = (), > { pipeline_factory( Acceptor::new(acceptor) - .map_err(SslError::Ssl) + .map_err(TlsError::Tls) .map_init_err(|_| panic!()), ) .and_then(|io: SslStream| { @@ -247,7 +247,7 @@ mod openssl { let peer_addr = io.get_ref().peer_addr().ok(); ok((io, proto, peer_addr)) }) - .and_then(self.map_err(SslError::Service)) + .and_then(self.map_err(TlsError::Service)) } } } @@ -256,7 +256,7 @@ mod openssl { mod rustls { use super::*; use actix_tls::rustls::{Acceptor, ServerConfig, Session, TlsStream}; - use actix_tls::SslError; + use actix_tls::TlsError; use std::io; impl HttpService, S, B, X, U> @@ -288,7 +288,7 @@ mod rustls { Config = (), Request = TcpStream, Response = (), - Error = SslError, + Error = TlsError, InitError = (), > { let protos = vec!["h2".to_string().into(), "http/1.1".to_string().into()]; @@ -296,7 +296,7 @@ mod rustls { pipeline_factory( Acceptor::new(config) - .map_err(SslError::Ssl) + .map_err(TlsError::Tls) .map_init_err(|_| panic!()), ) .and_then(|io: TlsStream| { @@ -312,7 +312,7 @@ mod rustls { let peer_addr = io.get_ref().0.peer_addr().ok(); ok((io, proto, peer_addr)) }) - .and_then(self.map_err(SslError::Service)) + .and_then(self.map_err(TlsError::Service)) } } } diff --git a/awc/Cargo.toml b/awc/Cargo.toml index ff0afaa1c..054f465c0 100644 --- a/awc/Cargo.toml +++ b/awc/Cargo.toml @@ -57,13 +57,13 @@ open-ssl = { version = "0.10", package = "openssl", optional = true } rust-tls = { version = "0.18.0", package = "rustls", optional = true, features = ["dangerous_configuration"] } [dev-dependencies] -actix-connect = { version = "2.0.0-alpha.4", features = ["openssl"] } +actix-connect = { version = "2.0.0", features = ["openssl"] } actix-web = { version = "3.0.0-beta.2", features = ["openssl"] } actix-http = { version = "2.0.0-beta.3", features = ["openssl"] } actix-http-test = { version = "2.0.0-alpha.1", features = ["openssl"] } actix-utils = "2.0.0" actix-server = "1.0.0" -actix-tls = { version = "2.0.0-alpha.2", features = ["openssl", "rustls"] } +actix-tls = { version = "2.0.0", features = ["openssl", "rustls"] } brotli2 = "0.3.2" flate2 = "1.0.13" futures-util = { version = "0.3.5", default-features = false } diff --git a/docs/graphs/net-only.dot b/docs/graphs/net-only.dot index d9f2317a1..0eebf2a6f 100644 --- a/docs/graphs/net-only.dot +++ b/docs/graphs/net-only.dot @@ -17,7 +17,7 @@ digraph { "actix-utils" -> { "actix-service" "actix-rt" "actix-codec" } "actix-tracing" -> { "actix-service" } - "actix-tls" -> { "actix-service" "actix-codec" "actix-utils" "actix-rt" } + "actix-tls" -> { "actix-service" "actix-codec" "actix-utils" } "actix-testing" -> { "actix-rt" "actix-macros" "actix-server" "actix-service" } "actix-server" -> { "actix-service" "actix-rt" "actix-codec" "actix-utils" } "actix-rt" -> { "actix-macros" "actix-threadpool" } diff --git a/docs/graphs/web-focus.dot b/docs/graphs/web-focus.dot index b0ce18d02..7abd51268 100644 --- a/docs/graphs/web-focus.dot +++ b/docs/graphs/web-focus.dot @@ -22,7 +22,7 @@ digraph { "actix-utils" -> { "actix-service" "actix-rt" "actix-codec" } "actix-tracing" -> { "actix-service" } - "actix-tls" -> { "actix-service" "actix-codec" "actix-utils" "actix-rt" } + "actix-tls" -> { "actix-service" "actix-codec" "actix-utils" } "actix-testing" -> { "actix-rt" "actix-macros" "actix-server" "actix-service" } "actix-server" -> { "actix-service" "actix-rt" "actix-codec" "actix-utils" } "actix-rt" -> { "actix-macros" "actix-threadpool" } diff --git a/src/server.rs b/src/server.rs index b2695b004..2b86f7416 100644 --- a/src/server.rs +++ b/src/server.rs @@ -122,23 +122,23 @@ where /// Sets the maximum per-worker number of concurrent connections. /// - /// All socket listeners will stop accepting connections when this limit is reached - /// for each worker. + /// All socket listeners will stop accepting connections when this limit is reached for + /// each worker. /// /// By default max connections is set to a 25k. - pub fn maxconn(mut self, num: usize) -> Self { + pub fn max_connections(mut self, num: usize) -> Self { self.builder = self.builder.maxconn(num); self } /// Sets the maximum per-worker concurrent connection establish process. /// - /// All listeners will stop accepting connections when this limit is reached. It - /// can be used to limit the global SSL CPU usage. + /// All listeners will stop accepting connections when this limit is reached. It can be used to + /// limit the global TLS CPU usage. /// /// By default max connections is set to a 256. - pub fn maxconnrate(self, num: usize) -> Self { - actix_tls::max_concurrent_ssl_connect(num); + pub fn max_connection_rate(self, num: usize) -> Self { + actix_tls::max_concurrent_tls_connect(num); self } @@ -375,19 +375,20 @@ where addr: A, ) -> io::Result> { let mut err = None; - let mut succ = false; + let mut success = false; let mut sockets = Vec::new(); + for addr in addr.to_socket_addrs()? { match create_tcp_listener(addr, self.backlog) { Ok(lst) => { - succ = true; + success = true; sockets.push(lst); } Err(e) => err = Some(e), } } - if !succ { + if !success { if let Some(e) = err.take() { Err(e) } else { @@ -575,17 +576,19 @@ fn create_tcp_listener( #[cfg(feature = "openssl")] /// Configure `SslAcceptorBuilder` with custom server flags. fn openssl_acceptor(mut builder: SslAcceptorBuilder) -> io::Result { - builder.set_alpn_select_callback(|_, protos| { + builder.set_alpn_select_callback(|_, protocols| { const H2: &[u8] = b"\x02h2"; const H11: &[u8] = b"\x08http/1.1"; - if protos.windows(3).any(|window| window == H2) { + + if protocols.windows(3).any(|window| window == H2) { Ok(b"h2") - } else if protos.windows(9).any(|window| window == H11) { + } else if protocols.windows(9).any(|window| window == H11) { Ok(b"http/1.1") } else { Err(AlpnError::NOACK) } }); + builder.set_alpn_protos(b"\x08http/1.1\x02h2")?; Ok(builder.build()) diff --git a/test-server/Cargo.toml b/test-server/Cargo.toml index 13f27ab59..b82dc5432 100644 --- a/test-server/Cargo.toml +++ b/test-server/Cargo.toml @@ -31,7 +31,7 @@ openssl = ["open-ssl", "awc/openssl"] [dependencies] actix-service = "1.0.1" actix-codec = "0.3.0" -actix-connect = "2.0.0-alpha.4" +actix-connect = "2.0.0" actix-utils = "2.0.0" actix-rt = "1.0.0" actix-server = "1.0.0" diff --git a/tests/test_httpserver.rs b/tests/test_httpserver.rs index 750084fdc..50c0a7649 100644 --- a/tests/test_httpserver.rs +++ b/tests/test_httpserver.rs @@ -22,8 +22,8 @@ async fn test_start() { }) .workers(1) .backlog(1) - .maxconn(10) - .maxconnrate(10) + .max_connections(10) + .max_connection_rate(10) .keep_alive(10) .client_timeout(5000) .client_shutdown(0)