fix: refactor and document tls stream

warlock-labs · Sep 13, 2024 · c09db40 · c09db40
1 parent b899cd2
commit c09db40
Show file tree

Hide file tree

Showing 4 changed files with 159 additions and 121 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -26,10 +26,10 @@ hyper-util = { version = "0.1.8", features = ["server", "tokio", "server-auto",
 pin-project = "1.1.5"
 pprof = { version = "0.13.0", features = ["flamegraph"], optional = true }
 ring = "0.17.8"
-rustls = { version = "0.23.13", features = ["zlib"] }
+rustls = { version = "0.23.13", features = ["zlib", "aws_lc_rs"] }
 rustls-pemfile = "2.1.3"
 tokio = { version = "1.40.0", features = ["net", "macros", "rt-multi-thread", "time"] }
-tokio-rustls = "0.26.0"
+tokio-rustls = { version = "0.26.0", features = ["aws_lc_rs"] }
 tokio-stream = { version = "0.1.16", features = ["net"] }
 tokio-util = "0.7.12"
 tower = { version = "0.5.1", features = ["util"] }

diff --git a/src/http.rs b/src/http.rs
@@ -570,6 +570,16 @@ mod tests {
 
     // Utility functions
 
+    fn init_crypto_provider() {
+        // This and some other helper functions need a bit of DRY
+        match rustls::crypto::aws_lc_rs::default_provider().install_default() {
+            Ok(_) => debug!("Default crypto provider installed successfully"),
+            Err(_) => {
+                // Crypto provider is already installed
+            }
+        }
+    }
+
     async fn echo(req: Request<Incoming>) -> Result<Response<Full<Bytes>>, hyper::Error> {
         match (req.method(), req.uri().path()) {
             (&hyper::Method::GET, "/") => {
@@ -812,6 +822,7 @@ mod tests {
 
         #[tokio::test]
         async fn test_https_connection() {
+            init_crypto_provider();
             let addr = SocketAddr::from(([127, 0, 0, 1], 0));
             let (incoming, server_addr) = setup_test_server(addr).await;
 
@@ -865,6 +876,7 @@ mod tests {
 
         #[tokio::test]
         async fn test_https_invalid_client_cert() {
+            init_crypto_provider();
             let addr = SocketAddr::from(([127, 0, 0, 1], 0));
             let (incoming, server_addr) = setup_test_server(addr).await;
 
@@ -905,6 +917,7 @@ mod tests {
         }
         #[tokio::test]
         async fn test_https_graceful_shutdown() {
+            init_crypto_provider();
             let addr = SocketAddr::from(([127, 0, 0, 1], 0));
             let (incoming, server_addr) = setup_test_server(addr).await;
 

diff --git a/src/tcp.rs b/src/tcp.rs
@@ -1,5 +1,5 @@
 use crate::error::handle_accept_error;
-use crate::Error;
+use crate::Error as TransportError;
 use std::ops::ControlFlow;
 use std::pin::pin;
 use tokio::io::{AsyncRead, AsyncWrite};
@@ -55,10 +55,10 @@ use tokio_stream::{Stream, StreamExt};
 #[inline]
 pub fn serve_tcp_incoming<IO, IE>(
     incoming: impl Stream<Item = Result<IO, IE>> + Send + 'static,
-) -> impl Stream<Item = Result<IO, crate::Error>>
+) -> impl Stream<Item = Result<IO, TransportError>>
 where
     IO: AsyncRead + AsyncWrite + Unpin + Send + 'static,
-    IE: Into<Error> + Send + 'static,
+    IE: Into<TransportError> + Send + 'static,
 {
     async_stream::stream! {
         // We pin the stream on the stack to ensure that it's safe to