From b0fbcecfcbdc1a9800525e728b05d3dbdfa07f74 Mon Sep 17 00:00:00 2001
From: Robsdedude <rouven.bauer@neo4j.com>
Date: Tue, 16 Apr 2024 08:44:47 +0200
Subject: [PATCH] Bump dependencies

---
 CHANGELOG.md                          | 12 ++++++++++--
 neo4j/Cargo.toml                      |  6 +++---
 neo4j/src/driver/config.rs            | 17 +++++++++++++++++
 neo4j/src/driver/io/bolt/handshake.rs | 23 ++++++++++++++++++++++-
 testkit/Dockerfile                    |  3 +++
 testkit_backend/Cargo.toml            |  1 +
 testkit_backend/src/main.rs           |  5 +++++
 7 files changed, 61 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a5092d2..316eab9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,13 @@
  - Add `Driver::is_encrypted()`.
  - Introduce `neo4j::driver::Conifg::with_keep_alive()` and `without_keep_alive()`.
 
+**👏 Improvements**
+ - ⚠️ ️️Bump `chrono-tz` from `0.8` to `0.9` (types of this crate are exposed through the driver's API.
+ - ⚠️ ️️Bump `rustls` from `0.22` to `0.23`: 
+   - types of this crate are exposed through the driver's API
+   - other breaking changes (e.g., new build requirements).
+     See [rustls' changelog](https://github.com/rustls/rustls/releases/tag/v%2F0.23.0) for more details.
+
 **🔧 Fixes**
  - Fix `Transaction::rolblack()` failing if a result stream failed before.
  - Fix errors during transaction `BEGIN` not being properly propagated.
@@ -29,7 +36,7 @@
 **👏 Improvements**
  - Impl `FromStr` for `neo4j::driver::ConnectionConfig` (besides `TryFrom<&str>`).
 
- - **🧹Clean-up**
+**🧹Clean-up**
  - ⚠️ Update dependencies.  
   Among others `rustls`.
   To accommodate this change, the `rustls_dangerous_configuration` feature was removed.
@@ -48,6 +55,7 @@
 **📚 Docs**
  - Much more documentation.
 
-## 0.0.1
 
+## 0.0.1
+***
 Initial release
diff --git a/neo4j/Cargo.toml b/neo4j/Cargo.toml
index 83222db..e875abd 100644
--- a/neo4j/Cargo.toml
+++ b/neo4j/Cargo.toml
@@ -29,15 +29,15 @@ _internal_public_api = [
 [dependencies]
 atomic_refcell = "0.1.13"
 chrono = "0.4.37"
-chrono-tz = "0.8.6"
+chrono-tz = "0.9.0"
 duplicate = "1.0.0"
 enum_dispatch = "0.3.13"
-itertools = "0.11.0"
+itertools = "0.12.1"
 log = "0.4.21"
 mockall_double = "0.3.1"
 parking_lot = "0.12.1"
 rand = "0.8.5"
-rustls = "0.22.3"
+rustls = "0.23.4"
 rustls-native-certs = "0.7.0"
 rustls-pemfile = "2.1.2"
 rustls-pki-types = "1.4.1"
diff --git a/neo4j/src/driver/config.rs b/neo4j/src/driver/config.rs
index f37a642..01b13c2 100644
--- a/neo4j/src/driver/config.rs
+++ b/neo4j/src/driver/config.rs
@@ -135,6 +135,15 @@ pub enum KeepAliveConfig {
 ///     .unwrap()
 ///     .with_routing_context(routing_context);
 /// ```
+///
+/// ## TLS
+/// The driver utilizes [`rustls`] for TLS concerns.
+/// Make sure to have a look at the requirements, for building and using it.
+/// In particular:
+///  * Consider the
+///    [platform support](https://docs.rs/rustls/latest/rustls/index.html#platform-support)
+///  * Make sure a crypto provider is installed (e.g., by calling
+///    [`rustls::crypto::CryptoProvider::install_default()`] when starting the process).
 #[derive(Debug)]
 pub struct ConnectionConfig {
     pub(crate) address: Address,
@@ -634,6 +643,8 @@ impl ConnectionConfig {
     /// certificate store.
     ///
     /// Returns an error if the system's root CA certificate store could not be loaded.
+    ///
+    /// To use TLS, see the notes about [TLS requirements](Self#tls).
     #[allow(clippy::result_large_err)]
     pub fn with_encryption_trust_default_cas(mut self) -> StdResult<Self, TlsConfigError> {
         self.tls_config = Some(match tls_helper::secure_tls_config() {
@@ -652,6 +663,8 @@ impl ConnectionConfig {
     /// loaded from the given file(s).
     ///
     /// Returns an error if loading the root CA certificates failed.
+    ///
+    /// To use TLS, see the notes about [TLS requirements](Self#tls).
     #[allow(clippy::result_large_err)]
     pub fn with_encryption_trust_custom_cas<P: AsRef<Path>>(
         self,
@@ -675,6 +688,8 @@ impl ConnectionConfig {
     ///
     /// **⚠️ WARNING**:  
     /// This is not secure and should only be used for testing purposes.
+    ///
+    /// To use TLS, see the notes about [TLS requirements](Self#tls).
     pub fn with_encryption_trust_any_certificate(mut self) -> Self {
         self.tls_config = Some(tls_helper::self_signed_tls_config());
         self
@@ -710,6 +725,8 @@ impl ConnectionConfig {
     /// let config = ConnectionConfig::new(("localhost", 7687).into())
     ///     .with_encryption_custom_tls_config(client_config);
     /// ```
+    ///
+    /// To use TLS, see the notes about [TLS requirements](Self#tls).
     pub fn with_encryption_custom_tls_config(mut self, tls_config: ClientConfig) -> Self {
         self.tls_config = Some(tls_config);
         self
diff --git a/neo4j/src/driver/io/bolt/handshake.rs b/neo4j/src/driver/io/bolt/handshake.rs
index d7445bb..d068e73 100644
--- a/neo4j/src/driver/io/bolt/handshake.rs
+++ b/neo4j/src/driver/io/bolt/handshake.rs
@@ -226,7 +226,12 @@ pub(crate) fn open<S: SocketProvider>(
     )?;
     socket_debug!(local_port, "S: <BOLT> {:02X?}", negotiated_version);
 
-    let version = decode_version_offer(&negotiated_version)?;
+    let version = wrap_socket_killing(
+        &mut socket_provider,
+        &raw_socket,
+        local_port,
+        decode_version_offer(&negotiated_version),
+    )?;
 
     Ok(Bolt::new(
         version,
@@ -304,6 +309,22 @@ where
     }))
 }
 
+fn wrap_socket_killing<S: SocketProvider, T>(
+    socket_provider: &mut S,
+    stream: &S::RW,
+    local_port: u16,
+    res: Result<T>,
+) -> Result<T> {
+    match res {
+        Ok(res) => Ok(res),
+        Err(err) => {
+            socket_debug!(local_port, "  closing socket because {}", &err);
+            let _ = socket_provider.shutdown(stream, Shutdown::Both);
+            Err(err)
+        }
+    }
+}
+
 fn wrap_socket_write<S: SocketProvider, T>(
     socket_provider: &mut S,
     stream: &S::RW,
diff --git a/testkit/Dockerfile b/testkit/Dockerfile
index ff26590..d8f1a98 100644
--- a/testkit/Dockerfile
+++ b/testkit/Dockerfile
@@ -3,6 +3,9 @@ FROM rust:1.73-buster
 ENV DEBIAN_FRONTEND noninteractive
 RUN apt-get update && \
     apt-get install -y locales && \
+    # needed for aws-lc (transitive dependency of rustls)
+    # https://aws.github.io/aws-lc-rs/requirements/linux.html
+    apt-get install -y cmake gcc g++ libclang1 && \
     apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
     localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 \
  && rm -rf /var/lib/apt/lists/*
diff --git a/testkit_backend/Cargo.toml b/testkit_backend/Cargo.toml
index a6262f8..a159812 100644
--- a/testkit_backend/Cargo.toml
+++ b/testkit_backend/Cargo.toml
@@ -20,3 +20,4 @@ serde = { version = "1.0.197", features = ["derive"] }
 serde_json = "1.0.115"
 snowflaked = "1.0.3"
 thiserror = "1.0.58"
+rustls = "0.23.4"
diff --git a/testkit_backend/src/main.rs b/testkit_backend/src/main.rs
index d5b4fc3..6f7f378 100644
--- a/testkit_backend/src/main.rs
+++ b/testkit_backend/src/main.rs
@@ -17,9 +17,14 @@
 mod logging;
 mod testkit_backend;
 
+use rustls::crypto::aws_lc_rs;
+
 use testkit_backend::start_server;
 
 fn main() {
+    aws_lc_rs::default_provider()
+        .install_default()
+        .expect("failed to initialize aws_lc_rs");
     logging::init();
     start_server()
 }