fix integration test with complete removal of ring and aws-rs

Cargo.toml

@@ -24,42 +24,42 @@ chacha20poly1305 = { version = "0.10.1", default-features = false }
 crypto-common = { version = "0.1.6", default-features = false }
 der = { version = "0.7.9", default-features = false }
 digest = { version = "0.10.7", default-features = false }
-ecdsa = { version = "0.16.8", default-features = false, features = ["alloc"] }
+ecdsa = { version = "0.16.9", default-features = false, features = ["alloc"] }
 ed25519-dalek = { version = "2", default-features = false, features = ["pkcs8"] }
 hmac = { version = "0.12.1", default-features = false }
 p256 = { version = "0.13.2", default-features = false, features = ["pem", "ecdsa", "ecdh"] }
 p384 = { version = "0.13.0", default-features = false, features = ["pem", "ecdsa", "ecdh"] }
 paste = { version = "1.0.15", default-features = false }
 pkcs8 = { version = "0.10.2", default-features = false, features = ["pem", "pkcs5"] }
-pki-types = { package = "rustls-pki-types", version = "1.0.1", default-features = false }
+pki-types = { package = "rustls-pki-types", version = "1.8.0", default-features = false }
 rand_core = { version = "0.6.4", default-features = false, features = ["getrandom"] }
-rsa = { version = "0.9.2", default-features = false, features = ["sha2"] }
-rustls = { version = "0.23.12", default-features = false }
+rsa = { version = "0.9.6", default-features = false, features = ["sha2"] }
+rustls = { version = "0.23.13", default-features = false }
 sec1 = { version = "0.7.3", default-features = false, features = ["pkcs8", "pem"] }
-sha2 = { version = "0.10.7", default-features = false }
-signature = { version = "2.1.0", default-features = false }
-webpki = { package = "rustls-webpki", version = "0.102.0", default-features = false }
+sha2 = { version = "0.10.8", default-features = false }
+signature = { version = "2.2.0", default-features = false }
+webpki = { package = "rustls-webpki", version = "0.102.8", default-features = false }
 x25519-dalek = { version = "2", default-features = false }
 
 [dev-dependencies]
-anyhow = "1.0.86"
-bytes = "1.6.0"
+anyhow = "1.0.89"
+bytes = "1.7.2"
 claim = "0.5.0"
-env_logger = "0.11.3"
+env_logger = "0.11.5"
 futures = "0.3.30"
 getrandom = { version = "0.2", features = ["custom"] } # workaround to build on no_std targets
 http = "1.1.0"
 http-body-util = "0.1.2"
-hyper = { version = "1.4.0", default-features = false, features = ["http1", "http2", "client", "server"] }
-hyper-rustls = { version = "0.27.2", default-features = false, features = ["http1", "http2", "webpki-roots"] }
-hyper-util = { version = "0.1.6", features = ["tokio", "server-auto", "service", "http1", "http2"] }
+hyper = { version = "1.4.1", default-features = false, features = ["http1", "http2", "client", "server"] }
+hyper-rustls = { version = "0.27.3", default-features = false, features = ["http1", "http2", "webpki-roots"] }
+hyper-util = { version = "0.1.9", features = ["tokio", "server-auto", "service", "http1", "http2"] }
 indoc = "2.0.5"
 rcgen = "0.13.1"
-reqwest = { version = "0.12.5", default-features = false, features = ["http2", "charset", "rustls-tls-webpki-roots", "json"] }
+reqwest = { version = "0.12.7", default-features = false, features = ["http2", "charset", "rustls-tls-manual-roots-no-provider", "json"] }
 test-case = "3.3.1"
-tls-listener = { version = "0.10.0", features = ["rt", "rustls"], git = "https://github.com/tmccombs/tls-listener" }
-tokio = { version = "1.38.0", features = ["rt-multi-thread", "macros"] }
+tokio = { version = "1.40.0", features = ["rt-multi-thread", "macros"] }
 tokio-rustls = { version = "0.26.0", default-features = false }
+webpki-root-certs = "0.26.6"
 
 [features]
 default = ["std", "tls12", "zeroize"]

tests/integrations.rs

@@ -9,3 +9,7 @@ mod generic;
 #[cfg(test)]
 #[path = "integrations/server.rs"]
 mod server;
+
+#[cfg(test)]
+#[path = "integrations/utils.rs"]
+mod utils;

tests/integrations/badssl.rs

@@ -11,7 +11,7 @@ use test_case::test_case;
 #[test_case("https://ecc384.badssl.com/", Ok(()); "test ECC384 verification")]
 #[test_case("https://rsa2048.badssl.com/", Ok(()); "test RSA-2048 verification")]
 #[test_case("https://rsa4096.badssl.com/", Ok(()); "test RSA-4096 verification")]
-#[cfg_attr(TODO, test_case("https://rsa8192.badssl.com/", Err(()); "test RSA-8192 verification"))]
+#[test_case("https://rsa8192.badssl.com/", Err(()); "test RSA-8192 verification")]
 #[test_case("https://sha256.badssl.com/", Ok(()); "test SHA-256 hash")]
 #[test_case("https://sha384.badssl.com/", Err(()); "test SHA-384 hash (but expired)")]
 #[test_case("https://sha512.badssl.com/", Err(()); "test SHA-512 hash (but expired)")]
@@ -22,8 +22,12 @@ use test_case::test_case;
 #[tokio::test]
 async fn test_badssl_tls12(uri: &str, expected: Result<(), ()>) {
     let _ = env_logger::builder().is_test(true).try_init();
-    let _ = rustls_rustcrypto::provider().install_default().unwrap();
-    let body = reqwest::get(uri).and_then(|x| x.text());
+    let _ = rustls_rustcrypto::provider().install_default();
+    let body = crate::utils::make_client()
+        .expect("client cannot be built")
+        .get(uri)
+        .send()
+        .and_then(|x| x.text());
 
     if expected.is_ok() {
         assert_ok!(body.await);
@@ -50,13 +54,19 @@ async fn test_badssl_tls12(uri: &str, expected: Result<(), ()>) {
 #[test_case("https://self-signed.badssl.com/", Err(()); "test self signed")]
 #[test_case("https://untrusted-root.badssl.com/", Err(()); "test untrusted root")]
 #[test_case("https://wrong.host.badssl.com/", Err(()); "test wrong host")]
-#[test_case("https://no-sct.badssl.com/", Err(()); "test Signed Certificate Timestamp")] // NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED
+// SCT is not implemented in Rustls yet
+#[cfg_attr(TODO, test_case("https://no-sct.badssl.com/", Err(()); "test Signed Certificate Timestamp"))] // NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED
+// TLS Cert Pinning is not implemented in Rustls yet 
 #[cfg_attr(TODO, test_case("https://pinning-test.badssl.com/", Err(()); "test pinning test"))] // NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN
 #[tokio::test]
 async fn test_badssl(uri: &str, expected: Result<(), ()>) {
     let _ = env_logger::builder().is_test(true).try_init();
-    let _ = rustls_rustcrypto::provider().install_default().unwrap();
-    let body = reqwest::get(uri).and_then(|x| x.text());
+    let _ = rustls_rustcrypto::provider().install_default();
+    let body = crate::utils::make_client()
+        .expect("client cannot be built")
+        .get(uri)
+        .send()
+        .and_then(|x| x.text());
 
     if expected.is_ok() {
         assert_ok!(body.await);

tests/integrations/generic.rs

@@ -1,7 +1,6 @@
 use claim::{assert_err, assert_ok};
 use futures::TryFutureExt;
 use test_case::test_case;
-
 // For the available tests check out here: https://badssl.com/dashboard/
 
 #[test_case("https://codeforces.com/", Ok(()))]
@@ -22,8 +21,12 @@ use test_case::test_case;
 #[tokio::test]
 async fn test_generic_sites(uri: &str, expected: Result<(), ()>) {
     let _ = env_logger::builder().is_test(true).try_init();
-    let _ = rustls_rustcrypto::provider().install_default().unwrap();
-    let body = reqwest::get(uri).and_then(|x| x.text());
+    let _ = rustls_rustcrypto::provider().install_default();
+    let body = crate::utils::make_client()
+        .expect("client cannot be built")
+        .get(uri)
+        .send()
+        .and_then(|x| x.text());
 
     if expected.is_ok() {
         assert_ok!(body.await);

tests/integrations/hyper_server.rs

@@ -5,7 +5,6 @@ use std::{
 
 use super::pki::TestPki;
 use bytes::Bytes;
-use futures::StreamExt;
 use http_body_util::{BodyExt, Full};
 use hyper::{body::Incoming, service::service_fn, Method, Request, Response, StatusCode};
 use hyper_util::{
@@ -15,7 +14,6 @@ use hyper_util::{
 use indoc::indoc;
 use pki_types::PrivateKeyDer;
 use rustls::ServerConfig;
-use tls_listener::TlsListener;
 use tokio::net::TcpListener;
 use tokio_rustls::TlsAcceptor;
 
@@ -78,26 +76,35 @@ pub async fn make_hyper_server() -> anyhow::Result<(
     let service = service_fn(serve);
 
     Ok((
-        tokio::spawn(
-            TlsListener::new(tls_acceptor, listener).for_each_concurrent(
-                None,
-                move |s| async move {
-                    match s {
-                        Ok((stream, _)) => {
-                            if let Err(err) = Builder::new(TokioExecutor::new())
-                                .serve_connection(TokioIo::new(stream), service)
-                                .await
-                            {
-                                eprintln!("failed to serve connection: {err:#}");
+        tokio::spawn(async move {
+            loop {
+                match listener.accept().await {
+                    Ok((stream, _)) => {
+                        tokio::spawn({
+                            let tls_acceptor = tls_acceptor.clone();
+                            async move {
+                                match tls_acceptor.accept(stream).await {
+                                    Ok(stream) => {
+                                        if let Err(err) = Builder::new(TokioExecutor::new())
+                                            .serve_connection(TokioIo::new(stream), service)
+                                            .await
+                                        {
+                                            eprintln!("failed to serve connection: {err:#}");
+                                        }
+                                    }
+                                    Err(err) => {
+                                        eprintln!("failed to upgrade TLS connection: {err:#}");
+                                    }
+                                }
                             }
-                        }
-                        Err(e) => {
-                            eprintln!("failed to perform tls handshake: {:?}", e);
-                        }
+                        });
                     }
-                },
-            ),
-        ),
+                    Err(err) => {
+                        eprintln!("failed to accept connection: {err:#}");
+                    }
+                }
+            }
+        }),
         addr,
         reqwest::Certificate::from_der(pki.ca_cert().der())?,
     ))

tests/integrations/server.rs

@@ -7,7 +7,7 @@ use reqwest::Client;
 #[tokio::test]
 async fn test_hyper_server() -> anyhow::Result<()> {
     let _ = env_logger::builder().is_test(true).try_init();
-    let _ = rustls_rustcrypto::provider().install_default().unwrap();
+    let _ = rustls_rustcrypto::provider().install_default();
 
     let (_server, addr, root_cert) = hyper_server::make_hyper_server().await?;
     let client = Client::builder().add_root_certificate(root_cert).build()?;

tests/integrations/utils.rs

@@ -0,0 +1,9 @@
+use reqwest::{Certificate, Client, Error};
+
+pub fn make_client() -> Result<Client, Error> {
+    let mut builder = Client::builder();
+    for cert in webpki_root_certs::TLS_SERVER_ROOT_CERTS {
+        builder = builder.add_root_certificate(Certificate::from_der(cert).unwrap())
+    }
+    builder.build()
+}