From 70ea5322ab0394f363665193bf9cdd90d53164f5 Mon Sep 17 00:00:00 2001
From: Rob Ede <robjtede@icloud.com>
Date: Wed, 20 Oct 2021 17:12:11 +0100
Subject: [PATCH] prepare actix-tls 3.0.0-beta.7 release (#401)

---
 actix-tls/CHANGES.md                            |  7 +++++++
 actix-tls/Cargo.toml                            |  6 +++---
 actix-tls/src/connect/mod.rs                    |  4 +++-
 actix-tls/src/connect/{ssl => tls}/mod.rs       |  2 +-
 .../src/connect/{ssl => tls}/native_tls.rs      |  0
 actix-tls/src/connect/{ssl => tls}/openssl.rs   |  0
 actix-tls/src/connect/{ssl => tls}/rustls.rs    | 17 ++++++++++++++++-
 7 files changed, 30 insertions(+), 6 deletions(-)
 rename actix-tls/src/connect/{ssl => tls}/mod.rs (89%)
 rename actix-tls/src/connect/{ssl => tls}/native_tls.rs (100%)
 rename actix-tls/src/connect/{ssl => tls}/openssl.rs (100%)
 rename actix-tls/src/connect/{ssl => tls}/rustls.rs (85%)

diff --git a/actix-tls/CHANGES.md b/actix-tls/CHANGES.md
index 51a82e8244..d3d1f7618b 100644
--- a/actix-tls/CHANGES.md
+++ b/actix-tls/CHANGES.md
@@ -3,6 +3,13 @@
 ## Unreleased - 2021-xx-xx
 
 
+## 3.0.0-beta.7 - 2021-10-20
+* Add `webpki_roots_cert_store()` to get rustls compatible webpki roots cert store. [#401]
+* Alias `connect::ssl` to `connect::tls`. [#401]
+
+[#401]: https://github.com/actix/actix-net/pull/401
+
+
 ## 3.0.0-beta.6 - 2021-10-19
 * Update `tokio-rustls` to `0.23` which uses `rustls` `0.20`. [#396]
 * Removed a re-export of `Session` from `rustls` as it no longer exist. [#396]
diff --git a/actix-tls/Cargo.toml b/actix-tls/Cargo.toml
index 6bf8ec62b6..cb3842e129 100755
--- a/actix-tls/Cargo.toml
+++ b/actix-tls/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "actix-tls"
-version = "3.0.0-beta.6"
+version = "3.0.0-beta.7"
 authors = ["Nikolay Kim <fafhrd91@gmail.com>"]
 description = "TLS acceptor and connector services for Actix ecosystem"
 keywords = ["network", "tls", "ssl", "async", "transport"]
@@ -55,7 +55,7 @@ tokio-openssl = { version = "0.6", optional = true }
 
 # rustls
 tokio-rustls = { version = "0.23", optional = true }
-webpki-roots = { version = "0.21", optional = true }
+webpki-roots = { version = "0.22", optional = true }
 
 # native-tls
 tokio-native-tls = { version = "0.3", optional = true }
@@ -64,7 +64,7 @@ tokio-native-tls = { version = "0.3", optional = true }
 actix-rt = "2.2.0"
 actix-server = "2.0.0-beta.6"
 bytes = "1"
-env_logger = "0.8"
+env_logger = "0.9"
 futures-util = { version = "0.3.7", default-features = false, features = ["sink"] }
 log = "0.4"
 rustls-pemfile = "0.2.1"
diff --git a/actix-tls/src/connect/mod.rs b/actix-tls/src/connect/mod.rs
index ad4f40a314..60bb334486 100644
--- a/actix-tls/src/connect/mod.rs
+++ b/actix-tls/src/connect/mod.rs
@@ -21,7 +21,9 @@ mod connector;
 mod error;
 mod resolve;
 mod service;
-pub mod ssl;
+pub mod tls;
+#[doc(hidden)]
+pub use tls as ssl;
 #[cfg(feature = "uri")]
 mod uri;
 
diff --git a/actix-tls/src/connect/ssl/mod.rs b/actix-tls/src/connect/tls/mod.rs
similarity index 89%
rename from actix-tls/src/connect/ssl/mod.rs
rename to actix-tls/src/connect/tls/mod.rs
index 6e0e8aac29..7f48d06ced 100644
--- a/actix-tls/src/connect/ssl/mod.rs
+++ b/actix-tls/src/connect/tls/mod.rs
@@ -1,4 +1,4 @@
-//! SSL Services
+//! TLS Services
 
 #[cfg(feature = "openssl")]
 pub mod openssl;
diff --git a/actix-tls/src/connect/ssl/native_tls.rs b/actix-tls/src/connect/tls/native_tls.rs
similarity index 100%
rename from actix-tls/src/connect/ssl/native_tls.rs
rename to actix-tls/src/connect/tls/native_tls.rs
diff --git a/actix-tls/src/connect/ssl/openssl.rs b/actix-tls/src/connect/tls/openssl.rs
similarity index 100%
rename from actix-tls/src/connect/ssl/openssl.rs
rename to actix-tls/src/connect/tls/openssl.rs
diff --git a/actix-tls/src/connect/ssl/rustls.rs b/actix-tls/src/connect/tls/rustls.rs
similarity index 85%
rename from actix-tls/src/connect/ssl/rustls.rs
rename to actix-tls/src/connect/tls/rustls.rs
index d66ceaa507..5abc7673dd 100755
--- a/actix-tls/src/connect/ssl/rustls.rs
+++ b/actix-tls/src/connect/tls/rustls.rs
@@ -14,11 +14,26 @@ use actix_rt::net::ActixStream;
 use actix_service::{Service, ServiceFactory};
 use futures_core::{future::LocalBoxFuture, ready};
 use log::trace;
-use tokio_rustls::rustls::client::ServerName;
+use tokio_rustls::rustls::{client::ServerName, OwnedTrustAnchor, RootCertStore};
 use tokio_rustls::{Connect, TlsConnector};
 
 use crate::connect::{Address, Connection};
 
+/// Returns standard root certificates from `webpki-roots` crate as a rustls certificate store.
+pub fn webpki_roots_cert_store() -> RootCertStore {
+    let mut root_certs = RootCertStore::empty();
+    for cert in TLS_SERVER_ROOTS.0 {
+        let cert = OwnedTrustAnchor::from_subject_spki_name_constraints(
+            cert.subject,
+            cert.spki,
+            cert.name_constraints,
+        );
+        let certs = vec![cert].into_iter();
+        root_certs.add_server_trust_anchors(certs);
+    }
+    root_certs
+}
+
 /// Rustls connector factory
 pub struct RustlsConnector {
     connector: Arc<ClientConfig>,