This commit introduces the ability to dynamically select a TLS
configuration based on the client's TLS hello via the new `Resolver`
trait. In support of this, it also makes the following changes:
* Added `Authority::set_port()`.
* `UdsListener` is now `UnixListener`.
* `Bindable` removed in favor of new `Bind`.
* All built-in listeners now implement `Bind<&Rocket>`.
* `Connection` requires `AsyncRead + AsyncWrite`.
* The `Debug` impl for `Endpoint` displays the underlying address.
* `Listener` must be `Sized`.
* The TLS listener was moved to `tls::TlsListener`.
* The preview `quic` listener no longer implements `Listener`.
* Added `TlsConfig::server_config()`.
* Added `race` future helpers.
* Added `Rocket::launch_with()`, `Rocket::bind_launch()`.
* Added a default `client.pem` to the TLS example.
* Various unnecessary listener `Config` structures removed.
In addition, the testbench was revamped to support more scenarios. This
resulted in the following issues being found and fixed:
* Fix an issue where the logger would ignore color requests.
* Clarified docs for `mtls::Certificate` guard.
* Improved error messages on listener misconfiguration.
Resolves#2730.
Resolves#2363.
Closes#2748.
Closes#2683.
Closes#2577.
Prior to this commit, some TLS related operations used 'ring' even when
a different default 'CryptoProvider' was installed. This commit fixes
that by refactoring 'TlsConfig' such that all utility methods are
required to use the default 'CryptoProvider'.
This commit also cleans up code related to the rustls 0.23 update.
This commit updates rustls to 0.23 and adds support for custom
'CryptoProvider's installable via 'CryptoProvider::install_default()'.
In particular, this enables using `aws-lc-rs` for cryptography related
operation in TLS. The 'TLS' example was updated to test use of
'aws-lc-rs' on Unix.
The latest version of `rustls` acts on the SNI extension to TLS without
the apparent ability to disable the behavior. `rustls` requires that the
server's certificate match the client's requested server. The matching
is done by looking at DNS names in the `subjectAltName` extension and
checking if the requested server name is present. Since the certificate
in the `tls` example did not have the `subjectAltName` extension, this
check always failed, and the TLS connection was aborted. This commit
adds the extension to the certificate with a DNS name of `localhost`,
ensuring that TLS succeeds on `localhost`.
Sessions
--------
This commit removes the `Session` type in favor of methods on the
`Cookies` types that allow for adding, removing, and getting private
(signed and encrypted) cookies. These methods provide a superset of
the functionality of `Session` while also being a minimal addition to
the existing API. They can be used to implement the previous `Session`
type as well as other forms of session storage. The new methods are:
* Cookie::add_private(&mut self, Cookie)
* Cookie::remove_private(&mut self, Cookie)
* Cookie::get_private(&self, &str)
Resolves#20
Testing
-------
This commit removes the `rocket::testing` module. It adds the
`rocket::local` module which provides a `Client` type for local
dispatching of requests against a `Rocket` instance. This `local`
package subsumes the previous `testing` package.
Rocket Examples
---------------
The `forms`, `optional_result`, and `hello_alt_methods` examples have
been removed. The following example have been renamed:
* extended_validation -> form_validation
* hello_ranks -> ranking
* from_request -> request_guard
* hello_tls -> tls
Other Changes
-------------
This commit also includes the following smaller changes:
* Config::{development, staging, production} constructors have been
added for easier creation of default `Config` structures.
* The `Config` type is exported from the root.
* `Request` implements `Clone` and `Debug`.
* `Request::new` is no longer exported.
* A `Response::body_bytes` method was added to easily retrieve a
response's body as a `Vec<u8>`.
Sergio Benitez
Abdullah Alyan