1
0
Fork 0
mirror of https://github.com/actix/actix-web.git synced 2024-11-26 11:31:09 +00:00

only build SslConnectorBuilder once (#2503)

This commit is contained in:
Rob Ede 2021-12-18 16:44:30 +00:00 committed by GitHub
parent d2b9724010
commit fb036264cc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 61 additions and 24 deletions

View file

@ -107,7 +107,7 @@ pub async fn test_server_with_addr<F: ServiceFactory<TcpStream>>(
Connector::new() Connector::new()
.conn_lifetime(Duration::from_secs(0)) .conn_lifetime(Duration::from_secs(0))
.timeout(Duration::from_millis(30000)) .timeout(Duration::from_millis(30000))
.ssl(builder.build()) .openssl(builder.build())
}; };
#[cfg(not(feature = "openssl"))] #[cfg(not(feature = "openssl"))]

View file

@ -340,7 +340,7 @@ where
Connector::new() Connector::new()
.conn_lifetime(Duration::from_secs(0)) .conn_lifetime(Duration::from_secs(0))
.timeout(Duration::from_millis(30000)) .timeout(Duration::from_millis(30000))
.ssl(builder.build()) .openssl(builder.build())
} }
#[cfg(not(feature = "openssl"))] #[cfg(not(feature = "openssl"))]
{ {

View file

@ -1,6 +1,10 @@
# Changes # Changes
## Unreleased - 2021-xx-xx ## Unreleased - 2021-xx-xx
* Rename `Connector::{ssl => openssl}`. [#2503]
* Improve `Client` instantiation efficiency when using `openssl` by only building connectors once. [#2503]
[#2503]: https://github.com/actix/actix-web/pull/2503
## 3.0.0-beta.14 - 2021-12-17 ## 3.0.0-beta.14 - 2021-12-17

View file

@ -62,7 +62,7 @@ actix-codec = "0.4.1"
actix-service = "2.0.0" actix-service = "2.0.0"
actix-http = "3.0.0-beta.16" actix-http = "3.0.0-beta.16"
actix-rt = { version = "2.1", default-features = false } actix-rt = { version = "2.1", default-features = false }
actix-tls = { version = "3.0.0-rc.1", features = ["connect", "uri"] } actix-tls = { version = "3.0.0-rc.2", features = ["connect", "uri"] }
actix-utils = "3.0.0" actix-utils = "3.0.0"
ahash = "0.7" ahash = "0.7"

View file

@ -22,11 +22,13 @@ use futures_core::{future::LocalBoxFuture, ready};
use http::Uri; use http::Uri;
use pin_project_lite::pin_project; use pin_project_lite::pin_project;
use super::config::ConnectorConfig; use super::{
use super::connection::{Connection, ConnectionIo}; config::ConnectorConfig,
use super::error::ConnectError; connection::{Connection, ConnectionIo},
use super::pool::ConnectionPool; error::ConnectError,
use super::Connect; pool::ConnectionPool,
Connect,
};
enum OurTlsConnector { enum OurTlsConnector {
#[allow(dead_code)] // only dead when no TLS feature is enabled #[allow(dead_code)] // only dead when no TLS feature is enabled
@ -35,6 +37,12 @@ enum OurTlsConnector {
#[cfg(feature = "openssl")] #[cfg(feature = "openssl")]
Openssl(actix_tls::connect::openssl::reexports::SslConnector), Openssl(actix_tls::connect::openssl::reexports::SslConnector),
/// Provided because building the OpenSSL context on newer versions can be very slow.
/// This prevents unnecessary calls to `.build()` while constructing the client connector.
#[cfg(feature = "openssl")]
#[allow(dead_code)] // false positive; used in build_ssl
OpensslBuilder(actix_tls::connect::openssl::reexports::SslConnectorBuilder),
#[cfg(feature = "rustls")] #[cfg(feature = "rustls")]
Rustls(std::sync::Arc<actix_tls::connect::rustls::reexports::ClientConfig>), Rustls(std::sync::Arc<actix_tls::connect::rustls::reexports::ClientConfig>),
} }
@ -57,7 +65,7 @@ pub struct Connector<T> {
config: ConnectorConfig, config: ConnectorConfig,
#[allow(dead_code)] // only dead when no TLS feature is enabled #[allow(dead_code)] // only dead when no TLS feature is enabled
ssl: OurTlsConnector, tls: OurTlsConnector,
} }
impl Connector<()> { impl Connector<()> {
@ -72,7 +80,7 @@ impl Connector<()> {
Connector { Connector {
connector: TcpConnector::new(resolver::resolver()).service(), connector: TcpConnector::new(resolver::resolver()).service(),
config: ConnectorConfig::default(), config: ConnectorConfig::default(),
ssl: Self::build_ssl(vec![b"h2".to_vec(), b"http/1.1".to_vec()]), tls: Self::build_ssl(vec![b"h2".to_vec(), b"http/1.1".to_vec()]),
} }
} }
@ -116,7 +124,7 @@ impl Connector<()> {
log::error!("Can not set ALPN protocol: {:?}", err); log::error!("Can not set ALPN protocol: {:?}", err);
} }
OurTlsConnector::Openssl(ssl.build()) OurTlsConnector::OpensslBuilder(ssl)
} }
} }
@ -134,7 +142,7 @@ impl<S> Connector<S> {
Connector { Connector {
connector, connector,
config: self.config, config: self.config,
ssl: self.ssl, tls: self.tls,
} }
} }
} }
@ -167,23 +175,35 @@ where
self self
} }
/// Use custom OpenSSL `SslConnector` instance.
#[cfg(feature = "openssl")] #[cfg(feature = "openssl")]
/// Use custom `SslConnector` instance. pub fn openssl(
mut self,
connector: actix_tls::connect::openssl::reexports::SslConnector,
) -> Self {
self.tls = OurTlsConnector::Openssl(connector);
self
}
/// See docs for [`Connector::openssl`].
#[doc(hidden)]
#[cfg(feature = "openssl")]
#[deprecated(since = "3.0.0", note = "Renamed to `Connector::openssl`.")]
pub fn ssl( pub fn ssl(
mut self, mut self,
connector: actix_tls::connect::openssl::reexports::SslConnector, connector: actix_tls::connect::openssl::reexports::SslConnector,
) -> Self { ) -> Self {
self.ssl = OurTlsConnector::Openssl(connector); self.tls = OurTlsConnector::Openssl(connector);
self self
} }
/// Use custom Rustls `ClientConfig` instance.
#[cfg(feature = "rustls")] #[cfg(feature = "rustls")]
/// Use custom `ClientConfig` instance.
pub fn rustls( pub fn rustls(
mut self, mut self,
connector: std::sync::Arc<actix_tls::connect::rustls::reexports::ClientConfig>, connector: std::sync::Arc<actix_tls::connect::rustls::reexports::ClientConfig>,
) -> Self { ) -> Self {
self.ssl = OurTlsConnector::Rustls(connector); self.tls = OurTlsConnector::Rustls(connector);
self self
} }
@ -198,7 +218,7 @@ where
unimplemented!("actix-http client only supports versions http/1.1 & http/2") unimplemented!("actix-http client only supports versions http/1.1 & http/2")
} }
}; };
self.ssl = Connector::build_ssl(versions); self.tls = Connector::build_ssl(versions);
self self
} }
@ -270,8 +290,8 @@ where
} }
/// Finish configuration process and create connector service. /// Finish configuration process and create connector service.
/// The Connector builder always concludes by calling `finish()` last in ///
/// its combinator chain. /// The `Connector` builder always concludes by calling `finish()` last in its combinator chain.
pub fn finish(self) -> ConnectorService<S, IO> { pub fn finish(self) -> ConnectorService<S, IO> {
let local_address = self.config.local_address; let local_address = self.config.local_address;
let timeout = self.config.timeout; let timeout = self.config.timeout;
@ -284,7 +304,15 @@ where
service: tcp_service_inner.clone(), service: tcp_service_inner.clone(),
}; };
let tls_service = match self.ssl { let tls = match self.tls {
#[cfg(feature = "openssl")]
OurTlsConnector::OpensslBuilder(builder) => {
OurTlsConnector::Openssl(builder.build())
}
tls => tls,
};
let tls_service = match tls {
OurTlsConnector::None => { OurTlsConnector::None => {
#[cfg(not(feature = "dangerous-h2c"))] #[cfg(not(feature = "dangerous-h2c"))]
{ {
@ -374,6 +402,11 @@ where
Some(actix_service::boxed::rc_service(tls_service)) Some(actix_service::boxed::rc_service(tls_service))
} }
#[cfg(feature = "openssl")]
OurTlsConnector::OpensslBuilder(_) => {
unreachable!("OpenSSL builder is built before this match.");
}
#[cfg(feature = "rustls")] #[cfg(feature = "rustls")]
OurTlsConnector::Rustls(tls) => { OurTlsConnector::Rustls(tls) => {
const H2: &[u8] = b"h2"; const H2: &[u8] = b"h2";
@ -853,7 +886,7 @@ mod tests {
let connector = Connector { let connector = Connector {
connector: TcpConnector::new(resolver::resolver()).service(), connector: TcpConnector::new(resolver::resolver()).service(),
config: ConnectorConfig::default(), config: ConnectorConfig::default(),
ssl: OurTlsConnector::None, tls: OurTlsConnector::None,
}; };
let client = Client::builder().connector(connector).finish(); let client = Client::builder().connector(connector).finish();

View file

@ -58,7 +58,7 @@ async fn test_connection_window_size() {
.map_err(|e| log::error!("Can not set alpn protocol: {:?}", e)); .map_err(|e| log::error!("Can not set alpn protocol: {:?}", e));
let client = awc::Client::builder() let client = awc::Client::builder()
.connector(awc::Connector::new().ssl(builder.build())) .connector(awc::Connector::new().openssl(builder.build()))
.initial_window_size(100) .initial_window_size(100)
.initial_connection_window_size(100) .initial_connection_window_size(100)
.finish(); .finish();

View file

@ -72,7 +72,7 @@ async fn test_connection_reuse_h2() {
.map_err(|e| log::error!("Can not set alpn protocol: {:?}", e)); .map_err(|e| log::error!("Can not set alpn protocol: {:?}", e));
let client = awc::Client::builder() let client = awc::Client::builder()
.connector(awc::Connector::new().ssl(builder.build())) .connector(awc::Connector::new().openssl(builder.build()))
.finish(); .finish();
// req 1 // req 1

View file

@ -121,7 +121,7 @@ async fn test_start_ssl() {
let client = awc::Client::builder() let client = awc::Client::builder()
.connector( .connector(
awc::Connector::new() awc::Connector::new()
.ssl(builder.build()) .openssl(builder.build())
.timeout(Duration::from_millis(100)), .timeout(Duration::from_millis(100)),
) )
.finish(); .finish();