build: move actix to dev-deps, avoid rusttls in reqwest

Summary

• build: move actix and rusttls to dev-dependencies

They're not needed for production build and they bring vendored C dependencies which certification doesnt like.

---

• Cherry-pick to: 24.3
• Docs follow-up: not necessary

gostech/gostech-audit-log/src/main.rs

@@ -219,18 +219,20 @@ async fn send_logs(
     if !args.certificate.is_empty() && !args.private_key.is_empty() {
         let cert = fs::read(&args.certificate).await?;
         let key = fs::read(&args.private_key).await?;
-        let id = reqwest::Identity::from_pem(&[cert, key].concat())?;
-        builder = builder
-            .identity(id)
-            .danger_accept_invalid_certs(true)
-            .use_rustls_tls();
+        let id = reqwest::Identity::from_pkcs8_pem(&cert, &key)?;
+        builder = builder.identity(id).use_native_tls();
+
+        #[cfg(test)]
+        {
+            builder = builder.danger_accept_invalid_certs(true);
+        };
     }
 
     if !args.ca_certificate.is_empty() {
         let ca: Vec<u8> = fs::read(&args.ca_certificate).await?;
         builder = builder
             .add_root_certificate(reqwest::tls::Certificate::from_pem(&ca)?)
-            .use_rustls_tls();
+            .use_native_tls();
     }
 
     let client = builder.build()?;
@@ -372,6 +374,8 @@ mod tests {
     use super::*;
 
     use actix_web::web;
+    use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod};
+    use path::PathBuf;
     use std::str::FromStr;
     use std::{net, thread, time};
     use tokio::{runtime, sync::mpsc as tmpsc, sync::oneshot, time as ttime};
@@ -395,13 +399,18 @@ mod tests {
         }
     }
 
-    fn server(addr: &str, sender: tmpsc::Sender<()>) -> Server {
+    fn server(
+        addr: &str,
+        sender: tmpsc::Sender<()>,
+        key_cert: Option<(PathBuf, PathBuf)>,
+    ) -> Server {
         let (shutdown_tx, shutdown_rx) = oneshot::channel();
 
         let thread_name = format!(
             "test({})-support-server",
             thread::current().name().unwrap_or("<unknown>")
         );
+
         let addr = net::SocketAddr::from_str(addr).expect("Failed to create socket addr.");
 
         thread::Builder::new()
@@ -423,11 +432,22 @@ mod tests {
                             .app_data(web::Data::new(sender.clone()))
                             .route("/log", web::post().to(handler))
                     });
-                    let server = builder
-                        .bind(addr)
-                        .expect("Failed to bind.")
-                        .workers(1)
-                        .run();
+
+                    let server = if let Some((key, cert)) = key_cert {
+                        let mut ssl_builder =
+                            SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
+                        ssl_builder
+                            .set_private_key_file(key, SslFiletype::PEM)
+                            .unwrap();
+                        ssl_builder.set_certificate_chain_file(cert).unwrap();
+                        builder.bind_openssl(addr, ssl_builder)
+                    } else {
+                        builder.bind(addr)
+                    }
+                    .expect("Failed to bind.");
+
+                    let server = server.workers(1).run();
+
                     let handle = server.handle();
                     let task = tokio::spawn(async move { server.await.expect("Failed to run") });
                     let _ = shutdown_rx.await;
@@ -449,7 +469,7 @@ mod tests {
         _ = simple_logger::init_with_level(log::Level::Debug);
         let (s, mut r) = tmpsc::channel(256);
 
-        let server = server("127.0.0.1:4005", s);
+        let server = server("127.0.0.1:4005", s, None);
 
         let args = sync::Arc::new(Args {
             url: format!("http://{}/log", server.addr()),
@@ -496,6 +516,65 @@ mod tests {
         assert_eq!(counter, EXPECTED_LINES);
     }
 
+    #[tokio::test]
+    async fn logs_sent_success_ssl() {
+        _ = simple_logger::init_with_level(log::Level::Debug);
+        let (s, mut r) = tmpsc::channel(256);
+
+        let server = server(
+            "127.0.0.1:4006",
+            s,
+            Some((
+                PathBuf::from("test/server.key.pem"),
+                PathBuf::from("test/server.cert.pem"),
+            )),
+        );
+
+        let args = sync::Arc::new(Args {
+            url: format!("https://{}/log", server.addr()),
+            filename: String::from("audit.log"),
+            r#type: Type::File,
+            debug: true,
+            certificate: String::from("test/client.cert.pem"),
+            private_key: String::from("test/client.key.pem"),
+            ca_certificate: String::from("test/server.cert.pem"),
+        });
+
+        let lines = reader(args.clone()).await.expect("Failed to get reader.");
+        let (sender, receiver) = oneshot::channel();
+
+        let task = {
+            let args = args.clone();
+            tokio::spawn(async move { send_logs(args, lines, receiver).await })
+        };
+
+        const EXPECTED_LINES: usize = 13;
+
+        ttime::sleep(time::Duration::from_secs(3)).await;
+
+        let _ = sender.send(Ok(()));
+
+        task.await
+            .expect("Failed to join task outer.")
+            .expect("Failed to join task inner.");
+
+        drop(server);
+
+        let mut counter = 0;
+
+        loop {
+            match r.try_recv() {
+                Ok(_) => counter += 1,
+                Err(e) => match e {
+                    tmpsc::error::TryRecvError::Disconnected => break,
+                    tmpsc::error::TryRecvError::Empty => continue,
+                },
+            };
+        }
+
+        assert_eq!(counter, EXPECTED_LINES);
+    }
+
     #[tokio::test]
     async fn logs_server_unavailable() {
         _ = simple_logger::init_with_level(log::Level::Debug);