Take rustls 0.23

- track new alert-sending API for Acceptor.

Cargo.toml

@@ -14,7 +14,7 @@ exclude = ["/.github", "/examples", "/scripts"]
 
 [dependencies]
 tokio = "1.0"
-rustls = { version = "0.22", default-features = false }
+rustls = { version = "0.23", default-features = false, features = ["std"] }
 pki-types = { package = "rustls-pki-types", version = "1" }
 
 [features]

src/common/handshake.rs

@@ -4,10 +4,11 @@ use std::pin::Pin;
 use std::task::{Context, Poll};
 use std::{io, mem};
 
+use rustls::server::AcceptedAlert;
 use rustls::{ConnectionCommon, SideData};
 use tokio::io::{AsyncRead, AsyncWrite};
 
-use crate::common::{Stream, TlsState};
+use crate::common::{Stream, SyncWriteAdapter, TlsState};
 
 pub(crate) trait IoSession {
  type Io;
@@ -21,7 +22,15 @@ pub(crate) trait IoSession {
 pub(crate) enum MidHandshake<IS: IoSession> {
  Handshaking(IS),
  End,
- Error { io: IS::Io, error: io::Error },
+ SendAlert {
+ io: IS::Io,
+ alert: AcceptedAlert,
+ error: io::Error,
+ },
+ Error {
+ io: IS::Io,
+ error: io::Error,
+ },
 }
 
 impl<IS, SD> Future for MidHandshake<IS>
@@ -38,6 +47,15 @@ where
 
  let mut stream = match mem::replace(this, MidHandshake::End) {
  MidHandshake::Handshaking(stream) => stream,
+ MidHandshake::SendAlert {
+ mut io,
+ mut alert,
+ error,
+ } => {
+ let mut writer = SyncWriteAdapter { io: &mut io, cx };
+ let _ = alert.write(&mut writer); // best effort
+ return Poll::Ready(Err((error, io)));
+ }
  // Starting the handshake returned an error; fail the future immediately.
  MidHandshake::Error { io, error } => return Poll::Ready(Err((error, io))),
  _ => panic!("unexpected polling after handshake"),

src/lib.rs

@@ -288,8 +288,10 @@ where
  return Poll::Ready(Ok(StartHandshake { accepted, io }));
  }
  Ok(None) => continue,
- Err(err) => {
- return Poll::Ready(Err(io::Error::new(io::ErrorKind::InvalidInput, err)))
+ Err((err, mut alert)) => {
+ let mut writer = common::SyncWriteAdapter { io, cx };
+ let _ = alert.write(&mut writer); // best effort
+ return Poll::Ready(Err(io::Error::new(io::ErrorKind::InvalidInput, err)));
  }
  }
  }
@@ -319,9 +321,10 @@ where
  {
  let mut conn = match self.accepted.into_connection(config) {
  Ok(conn) => conn,
- Err(error) => {
- return Accept(MidHandshake::Error {
+ Err((error, alert)) => {
+ return Accept(MidHandshake::SendAlert {
  io: self.io,
+ alert,
  // TODO(eliza): should this really return an `io::Error`?
  // Probably not...
  error: io::Error::new(io::ErrorKind::Other, error),
@@ -361,6 +364,7 @@ impl<IO> Connect<IO> {
  pub fn get_ref(&self) -> Option<&IO> {
  match &self.0 {
  MidHandshake::Handshaking(sess) => Some(sess.get_ref().0),
+ MidHandshake::SendAlert { io, .. } => Some(io),
  MidHandshake::Error { io, .. } => Some(io),
  MidHandshake::End => None,
  }
@@ -369,6 +373,7 @@ impl<IO> Connect<IO> {
  pub fn get_mut(&mut self) -> Option<&mut IO> {
  match &mut self.0 {
  MidHandshake::Handshaking(sess) => Some(sess.get_mut().0),
+ MidHandshake::SendAlert { io, .. } => Some(io),
  MidHandshake::Error { io, .. } => Some(io),
  MidHandshake::End => None,
  }
@@ -384,6 +389,7 @@ impl<IO> Accept<IO> {
  pub fn get_ref(&self) -> Option<&IO> {
  match &self.0 {
  MidHandshake::Handshaking(sess) => Some(sess.get_ref().0),
+ MidHandshake::SendAlert { io, .. } => Some(io),
  MidHandshake::Error { io, .. } => Some(io),
  MidHandshake::End => None,
  }
@@ -392,6 +398,7 @@ impl<IO> Accept<IO> {
  pub fn get_mut(&mut self) -> Option<&mut IO> {
  match &mut self.0 {
  MidHandshake::Handshaking(sess) => Some(sess.get_mut().0),
+ MidHandshake::SendAlert { io, .. } => Some(io),
  MidHandshake::Error { io, .. } => Some(io),
  MidHandshake::End => None,
  }

tests/test.rs

@@ -223,12 +223,16 @@ async fn lazy_config_acceptor_take_io() -> Result<(), rustls::Error> {
  }
 
  let server_msg = b"message from server";
+ let fatal_alert_decode_error = b"\x15\x03\x03\x00\x02\x02\x32";
 
  let some_io = acceptor.take_io();
  assert!(some_io.is_some(), "Expected Some(io)");
  some_io.unwrap().write_all(server_msg).await.unwrap();
 
- assert_eq!(rx.await.unwrap(), server_msg);
+ assert_eq!(
+ rx.await.unwrap(),
+ [&fatal_alert_decode_error[..], &server_msg[..]].concat()
+ );
 
  assert!(
  acceptor.take_io().is_none(),