diff --git a/Package.swift b/Package.swift
index 8aa9f31e7..28d229473 100644
--- a/Package.swift
+++ b/Package.swift
@@ -21,10 +21,10 @@ let package = Package(
.library(name: "AsyncHTTPClient", targets: ["AsyncHTTPClient"]),
],
dependencies: [
- .package(url: "https://github.com/apple/swift-nio.git", from: "2.29.0"),
- .package(url: "https://github.com/apple/swift-nio-ssl.git", from: "2.13.0"),
- .package(url: "https://github.com/apple/swift-nio-extras.git", from: "1.9.1"),
- .package(url: "https://github.com/apple/swift-nio-transport-services.git", from: "1.5.1"),
+ .package(url: "https://github.com/apple/swift-nio.git", from: "2.30.0"),
+ .package(url: "https://github.com/apple/swift-nio-ssl.git", from: "2.14.0"),
+ .package(url: "https://github.com/apple/swift-nio-extras.git", from: "1.10.0"),
+ .package(url: "https://github.com/apple/swift-nio-transport-services.git", from: "1.11.0"),
.package(url: "https://github.com/apple/swift-log.git", from: "1.4.0"),
],
targets: [
diff --git a/Sources/AsyncHTTPClient/HTTPClient.swift b/Sources/AsyncHTTPClient/HTTPClient.swift
index 51a1c8c4d..850abc415 100644
--- a/Sources/AsyncHTTPClient/HTTPClient.swift
+++ b/Sources/AsyncHTTPClient/HTTPClient.swift
@@ -637,7 +637,7 @@ public class HTTPClient {
/// `HTTPClient` configuration.
public struct Configuration {
- /// TLS configuration, defaults to `TLSConfiguration.forClient()`.
+ /// TLS configuration, defaults to `TLSConfiguration.makeClientConfiguration()`.
public var tlsConfiguration: Optional<TLSConfiguration>
/// Enables following 3xx redirects automatically, defaults to `RedirectConfiguration()`.
///
@@ -701,7 +701,9 @@ public class HTTPClient {
proxy: Proxy? = nil,
ignoreUncleanSSLShutdown: Bool = false,
decompression: Decompression = .disabled) {
- self.init(tlsConfiguration: TLSConfiguration.forClient(certificateVerification: certificateVerification),
+ var tlsConfig = TLSConfiguration.makeClientConfiguration()
+ tlsConfig.certificateVerification = certificateVerification
+ self.init(tlsConfiguration: tlsConfig,
redirectConfiguration: redirectConfiguration,
timeout: timeout,
connectionPool: ConnectionPool(),
@@ -718,7 +720,9 @@ public class HTTPClient {
ignoreUncleanSSLShutdown: Bool = false,
decompression: Decompression = .disabled,
backgroundActivityLogger: Logger?) {
- self.init(tlsConfiguration: TLSConfiguration.forClient(certificateVerification: certificateVerification),
+ var tlsConfig = TLSConfiguration.makeClientConfiguration()
+ tlsConfig.certificateVerification = certificateVerification
+ self.init(tlsConfiguration: tlsConfig,
redirectConfiguration: redirectConfiguration,
timeout: timeout,
connectionPool: ConnectionPool(),
diff --git a/Sources/AsyncHTTPClient/Utils.swift b/Sources/AsyncHTTPClient/Utils.swift
index 174bc593e..d2fc46532 100644
--- a/Sources/AsyncHTTPClient/Utils.swift
+++ b/Sources/AsyncHTTPClient/Utils.swift
@@ -72,7 +72,7 @@ extension NIOClientTCPBootstrap {
//
// Note that TLS proxies are not supported at the moment. This means that we will always speak
// plaintext to the proxy but we do support sending HTTPS traffic through the proxy.
- sslContext = sslContextCache.sslContext(tlsConfiguration: configuration.tlsConfiguration ?? .forClient(),
+ sslContext = sslContextCache.sslContext(tlsConfiguration: configuration.tlsConfiguration ?? .makeClientConfiguration(),
eventLoop: eventLoop,
logger: logger).map { $0 }
} else {
@@ -130,7 +130,7 @@ extension NIOClientTCPBootstrap {
eventLoop: eventLoop,
requiresTLS: requiresTLS,
sslContextCache: sslContextCache,
- tlsConfiguration: configuration.tlsConfiguration ?? .forClient(),
+ tlsConfiguration: configuration.tlsConfiguration ?? .makeClientConfiguration(),
useProxy: configuration.proxy != nil,
logger: logger)
.map { bootstrap -> NIOClientTCPBootstrap in
diff --git a/Tests/AsyncHTTPClientTests/HTTPClientNIOTSTests.swift b/Tests/AsyncHTTPClientTests/HTTPClientNIOTSTests.swift
index 71d2b312f..8edb24b75 100644
--- a/Tests/AsyncHTTPClientTests/HTTPClientNIOTSTests.swift
+++ b/Tests/AsyncHTTPClientTests/HTTPClientNIOTSTests.swift
@@ -97,9 +97,13 @@ class HTTPClientNIOTSTests: XCTestCase {
guard isTestingNIOTS() else { return }
#if canImport(Network)
let httpBin = HTTPBin(ssl: true)
+ var tlsConfig = TLSConfiguration.makeClientConfiguration()
+ tlsConfig.certificateVerification = .none
+ tlsConfig.minimumTLSVersion = .tlsv11
+ tlsConfig.maximumTLSVersion = .tlsv1
let httpClient = HTTPClient(
eventLoopGroupProvider: .shared(self.clientGroup),
- configuration: .init(tlsConfiguration: TLSConfiguration.forClient(minimumTLSVersion: .tlsv11, maximumTLSVersion: .tlsv1, certificateVerification: .none))
+ configuration: .init(tlsConfiguration: tlsConfig)
)
defer {
XCTAssertNoThrow(try httpClient.syncShutdown(requiresCleanClose: true))
@@ -116,7 +120,8 @@ class HTTPClientNIOTSTests: XCTestCase {
guard isTestingNIOTS() else { return }
#if canImport(Network)
if #available(macOS 10.14, iOS 12.0, tvOS 12.0, watchOS 6.0, *) {
- let tlsConfig = TLSConfiguration.forClient(trustRoots: .file("not/a/certificate"))
+ var tlsConfig = TLSConfiguration.makeClientConfiguration()
+ tlsConfig.trustRoots = .file("not/a/certificate")
XCTAssertThrowsError(try tlsConfig.getNWProtocolTLSOptions()) { error in
switch error {
diff --git a/Tests/AsyncHTTPClientTests/HTTPClientTestUtils.swift b/Tests/AsyncHTTPClientTests/HTTPClientTestUtils.swift
index 7a9160663..7a264e33f 100644
--- a/Tests/AsyncHTTPClientTests/HTTPClientTestUtils.swift
+++ b/Tests/AsyncHTTPClientTests/HTTPClientTestUtils.swift
@@ -289,8 +289,8 @@ internal final class HTTPBin {
}
static func configureTLS(channel: Channel) -> EventLoopFuture<Void> {
- let configuration = TLSConfiguration.forServer(certificateChain: [.certificate(try! NIOSSLCertificate(bytes: Array(cert.utf8), format: .pem))],
- privateKey: .privateKey(try! NIOSSLPrivateKey(bytes: Array(key.utf8), format: .pem)))
+ let configuration = TLSConfiguration.makeServerConfiguration(certificateChain: [.certificate(try! NIOSSLCertificate(bytes: Array(cert.utf8), format: .pem))],
+ privateKey: .privateKey(try! NIOSSLPrivateKey(bytes: Array(key.utf8), format: .pem)))
let context = try! NIOSSLContext(configuration: configuration)
return channel.pipeline.addHandler(NIOSSLServerHandler(context: context), position: .first)
}
@@ -773,8 +773,8 @@ internal class HttpBinForSSLUncleanShutdown {
.childChannelInitializer { channel in
let requestDecoder = HTTPRequestDecoder()
return channel.pipeline.addHandler(ByteToMessageHandler(requestDecoder)).flatMap {
- let configuration = TLSConfiguration.forServer(certificateChain: [.certificate(try! NIOSSLCertificate(bytes: Array(cert.utf8), format: .pem))],
- privateKey: .privateKey(try! NIOSSLPrivateKey(bytes: Array(key.utf8), format: .pem)))
+ let configuration = TLSConfiguration.makeServerConfiguration(certificateChain: [.certificate(try! NIOSSLCertificate(bytes: Array(cert.utf8), format: .pem))],
+ privateKey: .privateKey(try! NIOSSLPrivateKey(bytes: Array(key.utf8), format: .pem)))
let context = try! NIOSSLContext(configuration: configuration)
return channel.pipeline.addHandler(NIOSSLServerHandler(context: context), name: "NIOSSLServerHandler", position: .first).flatMap {
channel.pipeline.addHandler(HttpBinForSSLUncleanShutdownHandler(channelPromise: channelPromise))
diff --git a/Tests/AsyncHTTPClientTests/HTTPClientTests.swift b/Tests/AsyncHTTPClientTests/HTTPClientTests.swift
index 1c976343c..49cda659c 100644
--- a/Tests/AsyncHTTPClientTests/HTTPClientTests.swift
+++ b/Tests/AsyncHTTPClientTests/HTTPClientTests.swift
@@ -2858,7 +2858,10 @@ class HTTPClientTests: XCTestCase {
// We use a specially crafted client that has no cipher suites to offer. To do this we ask
// only for cipher suites incompatible with our TLS version.
- let tlsConfig = TLSConfiguration.forClient(minimumTLSVersion: .tlsv13, maximumTLSVersion: .tlsv12, certificateVerification: .none)
+ var tlsConfig = TLSConfiguration.makeClientConfiguration()
+ tlsConfig.minimumTLSVersion = .tlsv13
+ tlsConfig.maximumTLSVersion = .tlsv12
+ tlsConfig.certificateVerification = .none
let localHTTPBin = HTTPBin(ssl: true)
let localClient = HTTPClient(eventLoopGroupProvider: .shared(self.clientGroup),
configuration: HTTPClient.Configuration(tlsConfiguration: tlsConfig))
@@ -2951,7 +2954,9 @@ class HTTPClientTests: XCTestCase {
}
// First two requests use identical TLS configurations.
- let firstRequest = try HTTPClient.Request(url: "https://localhost:\(localHTTPBin.port)/get", method: .GET, tlsConfiguration: .forClient(certificateVerification: .none))
+ var tlsConfig = TLSConfiguration.makeClientConfiguration()
+ tlsConfig.certificateVerification = .none
+ let firstRequest = try HTTPClient.Request(url: "https://localhost:\(localHTTPBin.port)/get", method: .GET, tlsConfiguration: tlsConfig)
let firstResponse = try localClient.execute(request: firstRequest).wait()
guard let firstBody = firstResponse.body else {
XCTFail("No request body found")
@@ -2959,7 +2964,7 @@ class HTTPClientTests: XCTestCase {
}
let firstConnectionNumber = try decoder.decode(RequestInfo.self, from: firstBody).connectionNumber
- let secondRequest = try HTTPClient.Request(url: "https://localhost:\(localHTTPBin.port)/get", method: .GET, tlsConfiguration: .forClient(certificateVerification: .none))
+ let secondRequest = try HTTPClient.Request(url: "https://localhost:\(localHTTPBin.port)/get", method: .GET, tlsConfiguration: tlsConfig)
let secondResponse = try localClient.execute(request: secondRequest).wait()
guard let secondBody = secondResponse.body else {
XCTFail("No request body found")
@@ -2968,7 +2973,10 @@ class HTTPClientTests: XCTestCase {
let secondConnectionNumber = try decoder.decode(RequestInfo.self, from: secondBody).connectionNumber
// Uses a differrent TLS config.
- let thirdRequest = try HTTPClient.Request(url: "https://localhost:\(localHTTPBin.port)/get", method: .GET, tlsConfiguration: .forClient(maximumTLSVersion: .tlsv1, certificateVerification: .none))
+ var tlsConfig2 = TLSConfiguration.makeClientConfiguration()
+ tlsConfig2.certificateVerification = .none
+ tlsConfig2.maximumTLSVersion = .tlsv1
+ let thirdRequest = try HTTPClient.Request(url: "https://localhost:\(localHTTPBin.port)/get", method: .GET, tlsConfiguration: tlsConfig2)
let thirdResponse = try localClient.execute(request: thirdRequest).wait()
guard let thirdBody = thirdResponse.body else {
XCTFail("No request body found")
diff --git a/Tests/AsyncHTTPClientTests/SSLContextCacheTests.swift b/Tests/AsyncHTTPClientTests/SSLContextCacheTests.swift
index d44d65432..650eeb5b9 100644
--- a/Tests/AsyncHTTPClientTests/SSLContextCacheTests.swift
+++ b/Tests/AsyncHTTPClientTests/SSLContextCacheTests.swift
@@ -26,7 +26,7 @@ final class SSLContextCacheTests: XCTestCase {
XCTAssertNoThrow(try group.syncShutdownGracefully())
}
- XCTAssertNoThrow(try cache.sslContext(tlsConfiguration: .forClient(),
+ XCTAssertNoThrow(try cache.sslContext(tlsConfiguration: .makeClientConfiguration(),
eventLoop: eventLoop,
logger: HTTPClient.loggingDisabled).wait())
}
@@ -42,10 +42,10 @@ final class SSLContextCacheTests: XCTestCase {
var firstContext: NIOSSLContext?
var secondContext: NIOSSLContext?
- XCTAssertNoThrow(firstContext = try cache.sslContext(tlsConfiguration: .forClient(),
+ XCTAssertNoThrow(firstContext = try cache.sslContext(tlsConfiguration: .makeClientConfiguration(),
eventLoop: eventLoop,
logger: HTTPClient.loggingDisabled).wait())
- XCTAssertNoThrow(secondContext = try cache.sslContext(tlsConfiguration: .forClient(),
+ XCTAssertNoThrow(secondContext = try cache.sslContext(tlsConfiguration: .makeClientConfiguration(),
eventLoop: eventLoop,
logger: HTTPClient.loggingDisabled).wait())
XCTAssertNotNil(firstContext)
@@ -64,12 +64,14 @@ final class SSLContextCacheTests: XCTestCase {
var firstContext: NIOSSLContext?
var secondContext: NIOSSLContext?
- XCTAssertNoThrow(firstContext = try cache.sslContext(tlsConfiguration: .forClient(),
+ XCTAssertNoThrow(firstContext = try cache.sslContext(tlsConfiguration: .makeClientConfiguration(),
eventLoop: eventLoop,
logger: HTTPClient.loggingDisabled).wait())
// Second one has a _different_ TLSConfiguration.
- XCTAssertNoThrow(secondContext = try cache.sslContext(tlsConfiguration: .forClient(certificateVerification: .none),
+ var testTLSConfig = TLSConfiguration.makeClientConfiguration()
+ testTLSConfig.certificateVerification = .none
+ XCTAssertNoThrow(secondContext = try cache.sslContext(tlsConfiguration: testTLSConfig,
eventLoop: eventLoop,
logger: HTTPClient.loggingDisabled).wait())
XCTAssertNotNil(firstContext)