From f46f55a05b588ea0a40499ca5f63e221dc755838 Mon Sep 17 00:00:00 2001
From: Quentin Gliech <quenting@element.io>
Date: Mon, 1 Jul 2024 19:02:29 +0200
Subject: [PATCH] Upgrade rustls and update mas-http client bits

---
 Cargo.lock                                    | 232 ++++++++++++++----
 Cargo.toml                                    |  20 +-
 crates/http/Cargo.toml                        |   4 +-
 crates/http/src/client.rs                     |  19 +-
 .../http/src/layers/body_to_bytes_response.rs |   3 +-
 .../http/src/layers/bytes_to_body_request.rs  |   2 +-
 crates/http/src/lib.rs                        |   2 +-
 crates/listener/Cargo.toml                    |   2 +-
 8 files changed, 224 insertions(+), 60 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 49a123c97..34979ed43 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -569,6 +569,32 @@ version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0"
 
+[[package]]
+name = "aws-lc-rs"
+version = "1.6.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "df33e4a55b03f8780ba55041bc7be91a2a8ec8c03517b0379d2d6c96d2c30d95"
+dependencies = [
+ "aws-lc-sys",
+ "mirai-annotations",
+ "paste",
+ "zeroize",
+]
+
+[[package]]
+name = "aws-lc-sys"
+version = "0.13.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "37ede3d6e360a48436fee127cb81710834407b1ec0c48a001cc29dec9005f73e"
+dependencies = [
+ "bindgen",
+ "cmake",
+ "dunce",
+ "fs_extra",
+ "libc",
+ "paste",
+]
+
 [[package]]
 name = "axum"
 version = "0.7.5"
@@ -718,6 +744,29 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "bindgen"
+version = "0.69.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0"
+dependencies = [
+ "bitflags 2.6.0",
+ "cexpr",
+ "clang-sys",
+ "itertools 0.12.1",
+ "lazy_static",
+ "lazycell",
+ "log",
+ "prettyplease",
+ "proc-macro2",
+ "quote",
+ "regex",
+ "rustc-hash",
+ "shlex",
+ "syn 2.0.68",
+ "which",
+]
+
 [[package]]
 name = "bitflags"
 version = "1.3.2"
@@ -850,6 +899,15 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c"
 
+[[package]]
+name = "cexpr"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
+dependencies = [
+ "nom",
+]
+
 [[package]]
 name = "cfg-if"
 version = "1.0.0"
@@ -945,6 +1003,17 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "clang-sys"
+version = "1.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "67523a3b4be3ce1989d607a828d036249522dd9c1c8de7f4dd2dae43a37369d1"
+dependencies = [
+ "glob",
+ "libc",
+ "libloading",
+]
+
 [[package]]
 name = "clap"
 version = "4.5.8"
@@ -985,6 +1054,15 @@ version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4b82cf0babdbd58558212896d1a4272303a57bdb245c2bf1147185fb45640e70"
 
+[[package]]
+name = "cmake"
+version = "0.1.50"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a31c789563b815f77f4250caee12365734369f942439b7defd71e18a48197130"
+dependencies = [
+ "cc",
+]
+
 [[package]]
 name = "cobs"
 version = "0.2.3"
@@ -1520,6 +1598,12 @@ version = "0.15.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b"
 
+[[package]]
+name = "dunce"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b"
+
 [[package]]
 name = "duration-str"
 version = "0.11.2"
@@ -1583,9 +1667,9 @@ dependencies = [
 
 [[package]]
 name = "email-encoding"
-version = "0.2.1"
+version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a87260449b06739ee78d6281c68d2a0ff3e3af64a78df63d3a1aeb3c06997c8a"
+checksum = "60d1d33cdaede7e24091f039632eb5d3c7469fe5b066a985281a34fc70fa317f"
 dependencies = [
  "base64 0.22.1",
  "memchr",
@@ -1800,6 +1884,12 @@ dependencies = [
  "percent-encoding",
 ]
 
+[[package]]
+name = "fs_extra"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
+
 [[package]]
 name = "futures"
 version = "0.3.30"
@@ -2210,6 +2300,17 @@ dependencies = [
  "winapi",
 ]
 
+[[package]]
+name = "hostname"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f9c7c7c8ac16c798734b8a24560c1362120597c40d5e1459f09498f8f6c8f2ba"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "windows",
+]
+
 [[package]]
 name = "http"
 version = "0.2.12"
@@ -2342,7 +2443,7 @@ dependencies = [
  "rustls 0.23.10",
  "rustls-pki-types",
  "tokio",
- "tokio-rustls 0.26.0",
+ "tokio-rustls",
  "tower-service",
 ]
 
@@ -2907,6 +3008,12 @@ dependencies = [
  "spin",
 ]
 
+[[package]]
+name = "lazycell"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
+
 [[package]]
 name = "leb128"
 version = "0.2.5"
@@ -2915,31 +3022,31 @@ checksum = "884e2677b40cc8c339eaefcb701c32ef1fd2493d71118dc0ca4b6a736c93bd67"
 
 [[package]]
 name = "lettre"
-version = "0.11.4"
+version = "0.11.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "357ff5edb6d8326473a64c82cf41ddf78ab116f89668c50c4fac1b321e5e80f4"
+checksum = "1a62049a808f1c4e2356a2a380bd5f2aca3b011b0b482cf3b914ba1731426969"
 dependencies = [
  "async-std",
  "async-trait",
- "base64 0.21.7",
+ "base64 0.22.1",
  "chumsky",
  "email-encoding",
  "email_address",
  "fastrand 2.1.0",
  "futures-io",
  "futures-util",
- "hostname",
+ "hostname 0.4.0",
  "httpdate",
  "idna 0.5.0",
  "mime",
  "nom",
  "percent-encoding",
  "quoted_printable",
- "rustls 0.22.4",
+ "rustls 0.23.10",
  "rustls-pemfile 2.1.2",
  "socket2 0.5.7",
  "tokio",
- "tokio-rustls 0.25.0",
+ "tokio-rustls",
  "tracing",
  "url",
  "webpki-roots 0.26.3",
@@ -2951,6 +3058,16 @@ version = "0.2.155"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c"
 
+[[package]]
+name = "libloading"
+version = "0.8.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e310b3a6b5907f99202fcdb4960ff45b93735d7c7d96b760fcff8db2dc0e103d"
+dependencies = [
+ "cfg-if",
+ "windows-targets 0.52.5",
+]
+
 [[package]]
 name = "libm"
 version = "0.2.8"
@@ -3117,7 +3234,7 @@ dependencies = [
  "prometheus",
  "rand",
  "rand_chacha",
- "rustls 0.22.4",
+ "rustls 0.23.10",
  "sentry",
  "sentry-tower",
  "sentry-tracing",
@@ -3268,12 +3385,14 @@ dependencies = [
  "headers",
  "http 1.1.0",
  "http-body 1.0.0",
+ "http-body-util",
  "hyper 1.4.0",
  "hyper-rustls",
+ "hyper-util",
  "mas-tower",
  "opentelemetry",
  "opentelemetry-semantic-conventions",
- "rustls 0.22.4",
+ "rustls 0.23.10",
  "rustls-platform-verifier",
  "serde",
  "serde_json",
@@ -3281,7 +3400,7 @@ dependencies = [
  "thiserror",
  "tokio",
  "tower",
- "tower-http 0.4.4",
+ "tower-http 0.5.2",
  "tracing",
  "tracing-opentelemetry",
 ]
@@ -3425,7 +3544,7 @@ dependencies = [
  "socket2 0.5.7",
  "thiserror",
  "tokio",
- "tokio-rustls 0.25.0",
+ "tokio-rustls",
  "tokio-test",
  "tower",
  "tower-http 0.5.2",
@@ -3488,7 +3607,7 @@ dependencies = [
  "oauth2-types",
  "rand",
  "rand_chacha",
- "rustls 0.22.4",
+ "rustls 0.23.10",
  "rustls-platform-verifier",
  "serde",
  "serde_json",
@@ -3783,6 +3902,12 @@ dependencies = [
  "windows-sys 0.48.0",
 ]
 
+[[package]]
+name = "mirai-annotations"
+version = "1.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c9be0862c1b3f26a88803c4a49de6889c10e608b3ee9344e6ef5b45fb37ad3d1"
+
 [[package]]
 name = "multer"
 version = "2.1.0"
@@ -4587,6 +4712,16 @@ version = "0.2.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
 
+[[package]]
+name = "prettyplease"
+version = "0.2.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a41cf62165e97c7f814d2221421dbb9afcbcdb0a88068e5ea206e19951c2cbb5"
+dependencies = [
+ "proc-macro2",
+ "syn 2.0.68",
+]
+
 [[package]]
 name = "primeorder"
 version = "0.13.6"
@@ -5012,27 +5147,16 @@ dependencies = [
  "sct",
 ]
 
-[[package]]
-name = "rustls"
-version = "0.22.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bf4ef73721ac7bcd79b2b315da7779d8fc09718c6b3d2d1b2d94850eb8c18432"
-dependencies = [
- "log",
- "ring",
- "rustls-pki-types",
- "rustls-webpki 0.102.4",
- "subtle",
- "zeroize",
-]
-
 [[package]]
 name = "rustls"
 version = "0.23.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "05cff451f60db80f490f3c182b77c35260baace73209e9cdbbe526bfe3a4d402"
 dependencies = [
+ "aws-lc-rs",
+ "log",
  "once_cell",
+ "ring",
  "rustls-pki-types",
  "rustls-webpki 0.102.4",
  "subtle",
@@ -5079,16 +5203,16 @@ checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d"
 
 [[package]]
 name = "rustls-platform-verifier"
-version = "0.2.0"
+version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2c35b9a497e588f1fb2e1d18a0d46a6d057710f34c3da7084b27353b319453cc"
+checksum = "3e3beb939bcd33c269f4bf946cc829fcd336370267c4a927ac0399c84a3151a1"
 dependencies = [
  "core-foundation",
  "core-foundation-sys",
  "jni",
  "log",
  "once_cell",
- "rustls 0.22.4",
+ "rustls 0.23.10",
  "rustls-native-certs",
  "rustls-platform-verifier-android",
  "rustls-webpki 0.102.4",
@@ -5120,6 +5244,7 @@ version = "0.102.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e"
 dependencies = [
+ "aws-lc-rs",
  "ring",
  "rustls-pki-types",
  "untrusted",
@@ -5350,7 +5475,7 @@ version = "0.31.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6436c1bad22cdeb02179ea8ef116ffc217797c028927def303bc593d9320c0d1"
 dependencies = [
- "hostname",
+ "hostname 0.3.1",
  "libc",
  "os_info",
  "rustc_version",
@@ -5569,6 +5694,12 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "24188a676b6ae68c3b2cb3a01be17fbf7240ce009799bb56d5b1409051e78fde"
 
+[[package]]
+name = "shlex"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
+
 [[package]]
 name = "signal-hook-registry"
 version = "1.4.2"
@@ -6175,17 +6306,6 @@ dependencies = [
  "tokio",
 ]
 
-[[package]]
-name = "tokio-rustls"
-version = "0.25.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f"
-dependencies = [
- "rustls 0.22.4",
- "rustls-pki-types",
- "tokio",
-]
-
 [[package]]
 name = "tokio-rustls"
 version = "0.26.0"
@@ -6324,10 +6444,14 @@ checksum = "1e9cd434a998747dd2c4276bc96ee2e0c7a2eadf3cae88e52be55a05fa9053f5"
 dependencies = [
  "bitflags 2.6.0",
  "bytes",
+ "futures-util",
  "http 1.1.0",
  "http-body 1.0.0",
  "http-body-util",
+ "iri-string",
  "pin-project-lite",
+ "tokio",
+ "tower",
  "tower-layer",
  "tower-service",
 ]
@@ -6999,6 +7123,18 @@ dependencies = [
  "rustls-pki-types",
 ]
 
+[[package]]
+name = "which"
+version = "4.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
+dependencies = [
+ "either",
+ "home",
+ "once_cell",
+ "rustix 0.38.34",
+]
+
 [[package]]
 name = "whoami"
 version = "1.5.1"
@@ -7040,6 +7176,16 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
+[[package]]
+name = "windows"
+version = "0.52.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e48a53791691ab099e5e2ad123536d0fff50652600abaf43bbf952894110d0be"
+dependencies = [
+ "windows-core",
+ "windows-targets 0.52.5",
+]
+
 [[package]]
 name = "windows-core"
 version = "0.52.0"
diff --git a/Cargo.toml b/Cargo.toml
index 107e82431..e5a373dd8 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -109,6 +109,10 @@ version = "1.1.0"
 [workspace.dependencies.http-body]
 version = "1.0.0"
 
+# http-body utilities
+[workspace.dependencies.http-body-util]
+version = "0.1.2"
+
 # HTTP client and server
 [workspace.dependencies.hyper]
 version = "1.4.0"
@@ -117,7 +121,15 @@ features = ["client", "http1", "http2"]
 # Additional Hyper utilties
 [workspace.dependencies.hyper-util]
 version = "0.1.6"
-features = ["server", "server-auto", "service", "http1", "http2", "tokio"]
+features = [
+    "client",
+    "server",
+    "server-auto",
+    "service",
+    "http1",
+    "http2",
+    "tokio",
+]
 
 # Hyper Rustls support
 [workspace.dependencies.hyper-rustls]
@@ -127,7 +139,7 @@ default-features = false
 
 # Email sending
 [workspace.dependencies.lettre]
-version = "=0.11.4"
+version = "0.11.7"
 default-features = false
 features = [
     "tokio1-rustls-tls",
@@ -149,11 +161,11 @@ version = "0.8.5"
 
 # TLS stack
 [workspace.dependencies.rustls]
-version = "0.22.4"
+version = "0.23.10"
 
 # Use platform-specific verifier for TLS
 [workspace.dependencies.rustls-platform-verifier]
-version = "0.2.0"
+version = "0.3.1"
 
 # JSON Schema generation
 [workspace.dependencies.schemars]
diff --git a/crates/http/Cargo.toml b/crates/http/Cargo.toml
index dd5b013b1..c0692fcc5 100644
--- a/crates/http/Cargo.toml
+++ b/crates/http/Cargo.toml
@@ -17,7 +17,9 @@ futures-util = "0.3.30"
 headers.workspace = true
 http.workspace = true
 http-body.workspace = true
+http-body-util.workspace = true
 hyper.workspace = true
+hyper-util.workspace = true
 hyper-rustls = { workspace = true, optional = true }
 opentelemetry.workspace = true
 opentelemetry-semantic-conventions.workspace = true
@@ -28,7 +30,7 @@ serde_json.workspace = true
 serde_urlencoded = "0.7.1"
 thiserror.workspace = true
 tower.workspace = true
-tower-http = { version = "0.4.4", features = ["cors"] }
+tower-http = { version = "0.5.2", features = ["cors"] }
 tracing.workspace = true
 tracing-opentelemetry.workspace = true
 
diff --git a/crates/http/src/client.rs b/crates/http/src/client.rs
index a24b06926..f227e35c0 100644
--- a/crates/http/src/client.rs
+++ b/crates/http/src/client.rs
@@ -12,12 +12,15 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use hyper::client::{
-    connect::dns::{GaiResolver, Name},
-    HttpConnector,
-};
-pub use hyper::Client;
 use hyper_rustls::{HttpsConnector, HttpsConnectorBuilder};
+pub use hyper_util::client::legacy::Client;
+use hyper_util::{
+    client::legacy::connect::{
+        dns::{GaiResolver, Name},
+        HttpConnector,
+    },
+    rt::TokioExecutor,
+};
 use mas_tower::{
     DurationRecorderLayer, DurationRecorderService, FnWrapper, InFlightCounterLayer,
     InFlightCounterService, TraceLayer, TraceService,
@@ -26,8 +29,8 @@ use opentelemetry_semantic_conventions::trace::SERVER_ADDRESS;
 use tower::Layer;
 use tracing::Span;
 
-pub type UntracedClient<B> = hyper::Client<UntracedConnector, B>;
-pub type TracedClient<B> = hyper::Client<TracedConnector, B>;
+pub type UntracedClient<B> = Client<UntracedConnector, B>;
+pub type TracedClient<B> = Client<TracedConnector, B>;
 
 /// Create a basic Hyper HTTP & HTTPS client without any tracing
 #[must_use]
@@ -37,7 +40,7 @@ where
     B::Data: Send,
 {
     let https = make_untraced_connector();
-    Client::builder().build(https)
+    Client::builder(TokioExecutor::new()).build(https)
 }
 
 pub type TraceResolver<S> =
diff --git a/crates/http/src/layers/body_to_bytes_response.rs b/crates/http/src/layers/body_to_bytes_response.rs
index 1ebb3d93b..4bf01d3b3 100644
--- a/crates/http/src/layers/body_to_bytes_response.rs
+++ b/crates/http/src/layers/body_to_bytes_response.rs
@@ -16,6 +16,7 @@ use bytes::Bytes;
 use futures_util::future::BoxFuture;
 use http::{Request, Response};
 use http_body::Body;
+use http_body_util::BodyExt;
 use thiserror::Error;
 use tower::{Layer, Service};
 
@@ -82,7 +83,7 @@ where
             let response = inner.await.map_err(Error::service)?;
             let (parts, body) = response.into_parts();
 
-            let body = hyper::body::to_bytes(body).await.map_err(Error::body)?;
+            let body = body.collect().await.map_err(Error::body)?.to_bytes();
 
             let response = Response::from_parts(parts, body);
             Ok(response)
diff --git a/crates/http/src/layers/bytes_to_body_request.rs b/crates/http/src/layers/bytes_to_body_request.rs
index 8c8586c2d..8e8b2750a 100644
--- a/crates/http/src/layers/bytes_to_body_request.rs
+++ b/crates/http/src/layers/bytes_to_body_request.rs
@@ -14,7 +14,7 @@
 
 use bytes::Bytes;
 use http::Request;
-use http_body::Full;
+use http_body_util::Full;
 use tower::{Layer, Service};
 
 #[derive(Clone)]
diff --git a/crates/http/src/lib.rs b/crates/http/src/lib.rs
index 916208fdd..48b7f801c 100644
--- a/crates/http/src/lib.rs
+++ b/crates/http/src/lib.rs
@@ -44,4 +44,4 @@ pub use self::{
     service::{BoxCloneSyncService, HttpService},
 };
 
-pub type EmptyBody = http_body::Empty<bytes::Bytes>;
+pub type EmptyBody = http_body_util::Empty<bytes::Bytes>;
diff --git a/crates/listener/Cargo.toml b/crates/listener/Cargo.toml
index 79ea0a126..f39b708bf 100644
--- a/crates/listener/Cargo.toml
+++ b/crates/listener/Cargo.toml
@@ -23,7 +23,7 @@ pin-project-lite = "0.2.14"
 socket2 = "0.5.7"
 thiserror.workspace = true
 tokio.workspace = true
-tokio-rustls = "0.25.0"
+tokio-rustls = "0.26.0"
 tower.workspace = true
 tower-http = { version = "0.5.2", features = ["add-extension"] }
 tracing.workspace = true