feat: complete rewrite to support hyper 1.0, quinn 0.11 and h3 0.0.8

Author: Itsusinn

Cargo.lock

@@ -5,13 +5,16 @@ edition = "2021"
 
 [dependencies]
 tokio = { version = "1.38", features = ["rt-multi-thread", "macros", "net", "io-util"] }
-quinn = "0.10"
-h3 = "0.0.3"
-h3-quinn = "0.0.4"
-http = "0.2"
+quinn = "0.11"
+h3 = "0.0.8"
+h3-quinn = "0.0.10"
+http = "1.0"
+http-body = "1.0"
+http-body-util = "0.1"
 bytes = "1.4"
 anyhow = "1.0"
 tracing = "0.1"
 tracing-subscriber = { version = "0.3", features = ["fmt"] }
-rustls = "0.21"
-rustls-pemfile = "1.0"
+rustls = { version = "0.23", features = ["ring"] }
+rustls-pki-types = "1.0"
+rustls-pemfile = "2.0"

h3client/Cargo.toml

@@ -4,6 +4,7 @@ use std::{fs, net::SocketAddr, sync::Arc};
 use http::Request;
 use h3_quinn::Connection;
 use bytes::Buf;
+use rustls::pki_types::CertificateDer;
 
 #[tokio::main]
 async fn main() -> Result<()> {
@@ -15,17 +16,18 @@ async fn main() -> Result<()> {
     // trust self-signed cert
     let cert = fs::read("cert.pem")?;
     let mut roots = rustls::RootCertStore::empty();
-    let certs = rustls_pemfile::certs(&mut &*cert)?;
+    let certs: Vec<CertificateDer<'static>> = rustls_pemfile::certs(&mut &*cert).collect::<Result<_, _>>()?;
     for c in certs {
-        roots.add(&rustls::Certificate(c))?;
+        roots.add(c)?;
     }
-    let mut crypto = rustls::ClientConfig::builder()
-        .with_safe_defaults()
+    
+    let mut crypto = rustls::ClientConfig::builder_with_provider(Arc::new(rustls::crypto::ring::default_provider()))
+        .with_safe_default_protocol_versions()?
         .with_root_certificates(roots)
         .with_no_client_auth();
     crypto.alpn_protocols = vec![b"h3".to_vec(), b"h3-29".to_vec()];
 
-    let client_config = quinn::ClientConfig::new(Arc::new(crypto));
+    let client_config = quinn::ClientConfig::new(Arc::new(quinn::crypto::rustls::QuicClientConfig::try_from(crypto)?));
     endpoint.set_default_client_config(client_config);
 
     let quinn_conn = endpoint.connect(server_addr, "localhost")?.await?;
@@ -34,9 +36,7 @@ async fn main() -> Result<()> {
     let h3_conn_wrapped = Connection::new(quinn_conn);
     let (mut driver, mut send_request) = h3::client::new(h3_conn_wrapped).await?;
     tokio::spawn(async move {
-        if let Err(e) = std::future::poll_fn(|cx| driver.poll_close(cx)).await {
-            eprintln!("driver err: {:?}", e);
-        }
+        let _ = std::future::poll_fn(|cx| driver.poll_close(cx)).await;
     });
 
     // Example: send CONNECT to create tunnel to example.com:443

h3client/src/main.rs

@@ -10,6 +10,7 @@ anyhow = "1.0"
 tracing = "0.1"
 tracing-subscriber = { version = "0.3", features = ["fmt", "env-filter"] }
 clap = { version = "4.4", features = ["derive"] }
-quinn = "0.10"
-rustls = "0.21"
-rustls-pemfile = "1.0"
+quinn = "0.11"
+rustls = { version = "0.23", features = ["ring"] }
+rustls-pki-types = "1.0"
+rustls-pemfile = "2.0"

h3proxy-cli/Cargo.toml

@@ -26,15 +26,15 @@ async fn main() -> Result<()> {
     let cert_data = fs::read(&args.cert).with_context(|| format!("failed to read cert file: {}", args.cert))?;
     let key_data = fs::read(&args.key).with_context(|| format!("failed to read key file: {}", args.key))?;
 
-    let certs = rustls_pemfile::certs(&mut &*cert_data)
-        .context("failed to parse certs")?
+    let certs: Vec<_> = rustls_pemfile::certs(&mut &*cert_data)
+        .collect::<Result<_, _>>()
+        .context("failed to parse certs")?;
+
+    let mut keys: Vec<_> = rustls_pemfile::private_key(&mut &*key_data)
+        .context("failed to parse key")?
         .into_iter()
-        .map(rustls::Certificate)
         .collect();
-
-    let mut keys = rustls_pemfile::rsa_private_keys(&mut &*key_data)
-        .context("failed to parse key")?;
-    let priv_key = rustls::PrivateKey(keys.remove(0));
+    let priv_key = keys.remove(0);
 
     let config = ProxyConfig {
         listen_addr: args.listen,

h3proxy-cli/src/main.rs

@@ -5,13 +5,18 @@ edition = "2021"
 
 [dependencies]
 tokio = { version = "1.38", features = ["rt-multi-thread", "macros", "net", "io-util"] }
-quinn = "0.10"
-h3 = "0.0.3"
-h3-quinn = "0.0.4"
+quinn = "0.11"
+h3 = "0.0.8"
+h3-quinn = "0.0.10"
 bytes = "1.4"
-http = "0.2"
-hyper = { version = "0.14", features = ["client", "http1", "stream", "tcp"] }
+http = "1.0"
+http-body = "1.0"
+http-body-util = "0.1"
+tokio-stream = "0.1"
+rustls-pki-types = "1.0"
+hyper = { version = "1.0", features = ["http1", "client"] }
+hyper-util = { version = "0.1", features = ["client-legacy", "http1", "tokio"] }
 anyhow = "1.0"
 tracing = "0.1"
 futures = "0.3"
-rustls = "0.21"
+rustls = { version = "0.23", features = ["ring"] }

h3proxy-lib/Cargo.toml

@@ -1,8 +1,8 @@
-use rustls::{Certificate, PrivateKey};
+use rustls_pki_types::{CertificateDer, PrivateKeyDer};
 use std::net::SocketAddr;
 
 pub struct ProxyConfig {
     pub listen_addr: SocketAddr,
-    pub cert_chain: Vec<Certificate>,
-    pub priv_key: PrivateKey,
+    pub cert_chain: Vec<CertificateDer<'static>>,
+    pub priv_key: PrivateKeyDer<'static>,
 }

h3proxy-lib/src/config.rs

@@ -3,15 +3,17 @@ use bytes::{Buf, Bytes};
 use h3_quinn::BidiStream;
 use h3::server::RequestStream;
 use http::{Request, Response};
-use hyper::body::HttpBody;
+use http_body_util::{BodyExt, StreamBody};
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
 use tokio::net::TcpStream;
 use tracing::{error, info};
+use hyper_util::client::legacy::Client;
+use hyper_util::client::legacy::connect::HttpConnector;
 
 pub async fn handle_request(
     req: Request<()>,
     mut stream: RequestStream<BidiStream<Bytes>, Bytes>,
-    hyper_client: hyper::Client<hyper::client::HttpConnector>,
+    hyper_client: Client<HttpConnector, StreamBody<tokio_stream::wrappers::ReceiverStream<Result<hyper::body::Frame<Bytes>, anyhow::Error>>>>,
 ) -> Result<()> {
     let method = req.method().clone();
     let uri = req.uri().clone();
@@ -109,22 +111,23 @@ pub async fn handle_request(
         builder = builder.header(name.as_str(), value.as_bytes());
     }
 
-    let (mut sender, body) = hyper::Body::channel();
-    let hyper_req = builder.body(body)?;
+    let (tx_body, rx_body) = tokio::sync::mpsc::channel::<Result<hyper::body::Frame<Bytes>, anyhow::Error>>(10);
+    let stream_body = StreamBody::new(tokio_stream::wrappers::ReceiverStream::new(rx_body));
+    let hyper_req = builder.body(stream_body)?;
 
     let (mut tx, mut rx) = stream.split();
 
     tokio::spawn(async move {
         while let Ok(Some(mut chunk)) = rx.recv_data().await {
             let bytes = chunk.copy_to_bytes(chunk.remaining());
-            if let Err(e) = sender.send_data(bytes).await {
-                error!("failed to stream body to upstream: {:?}", e);
+            if let Err(_) = tx_body.send(Ok(hyper::body::Frame::data(bytes))).await {
+                error!("failed to stream body to upstream");
                 break;
             }
         }
     });
 
-    let resp = hyper_client.request(hyper_req).await?;
+    let mut resp = hyper_client.request(hyper_req).await?;
 
     let mut resp_builder = http::response::Builder::new();
     resp_builder = resp_builder.status(resp.status().as_u16());
@@ -134,10 +137,12 @@ pub async fn handle_request(
 
     tx.send_response(resp_builder.body(())?).await?;
 
-    let mut body_stream = resp.into_body();
-    while let Some(chunk_res) = body_stream.data().await {
-        let chunk = chunk_res?;
-        tx.send_data(chunk).await?;
+    while let Some(frame_res) = resp.body_mut().frame().await {
+        if let Ok(frame) = frame_res {
+            if let Some(chunk) = frame.data_ref() {
+                tx.send_data(chunk.clone()).await?;
+            }
+        }
     }
     tx.finish().await?;
 

h3proxy-lib/src/handler.rs

@@ -3,6 +3,8 @@ use h3_quinn::Connection;
 use quinn::Endpoint;
 use std::sync::Arc;
 use tracing::{error, info};
+use hyper_util::client::legacy::Client;
+use hyper_util::rt::TokioExecutor;
 
 use crate::config::ProxyConfig;
 use crate::handler::handle_request;
@@ -17,20 +19,20 @@ impl ProxyServer {
     }
 
     pub async fn serve(self) -> Result<()> {
-        let mut server_crypto = rustls::ServerConfig::builder()
-            .with_safe_defaults()
+        let mut server_crypto = rustls::ServerConfig::builder_with_provider(Arc::new(rustls::crypto::ring::default_provider()))
+            .with_safe_default_protocol_versions()?
             .with_no_client_auth()
             .with_single_cert(self.config.cert_chain, self.config.priv_key)?;
         server_crypto.alpn_protocols = vec![b"h3".to_vec(), b"h3-29".to_vec()];
 
-        let mut server_config = quinn::ServerConfig::with_crypto(Arc::new(server_crypto));
+        let mut server_config = quinn::ServerConfig::with_crypto(Arc::new(quinn::crypto::rustls::QuicServerConfig::try_from(server_crypto)?));
         server_config.transport_config(Arc::new(quinn::TransportConfig::default()));
 
         let addr = self.config.listen_addr;
         let endpoint = Endpoint::server(server_config, addr)?;
         info!(%addr, "h3 proxy listening");
 
-        let hyper_client = hyper::Client::builder().build_http();
+        let hyper_client = Client::builder(TokioExecutor::new()).build_http();
 
         while let Some(connecting) = endpoint.accept().await {
             let quinn_conn = match connecting.await {
@@ -56,14 +58,16 @@ impl ProxyServer {
                     }
                 };
 
-                while let Some(accept) = h3_server.accept().await.unwrap_or(None) {
-                    let (req, stream) = accept;
-                    let hyper_client = hyper_client.clone();
-                    tokio::spawn(async move {
-                        if let Err(e) = handle_request(req, stream, hyper_client).await {
-                            error!("request err: {:?}", e);
-                        }
-                    });
+                while let Ok(Some(req_resolver)) = h3_server.accept().await {
+                    if let Ok(resolved) = req_resolver.resolve_request().await {
+                        let (req, stream) = resolved;
+                        let hyper_client = hyper_client.clone();
+                        tokio::spawn(async move {
+                            if let Err(e) = handle_request(req, stream, hyper_client).await {
+                                error!("request err: {:?}", e);
+                            }
+                        });
+                    }
                 }
                 info!("connection closed");
             });

h3proxy-lib/src/server.rs

@@ -1 +1 @@
-{"rustc_fingerprint":17866707384158916766,"outputs":{"10803282065846393305":{"success":true,"status":"","code":0,"stdout":"___.exe\nlib___.rlib\n___.dll\n___.dll\n___.lib\n___.dll\nC:\\Users\\iHsin\\.rustup\\toolchains\\stable-x86_64-pc-windows-msvc\npacked\n___\ndebug_assertions\npanic=\"unwind\"\nproc_macro\ntarget_abi=\"\"\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"msvc\"\ntarget_family=\"windows\"\ntarget_feature=\"cmpxchg16b\"\ntarget_feature=\"fxsr\"\ntarget_feature=\"sse\"\ntarget_feature=\"sse2\"\ntarget_feature=\"sse3\"\ntarget_has_atomic=\"128\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_os=\"windows\"\ntarget_pointer_width=\"64\"\ntarget_vendor=\"pc\"\nwindows\n","stderr":""},"12855261153397992890":{"success":true,"status":"","code":0,"stdout":"rustc 1.93.1 (01f6ddf75 2026-02-11)\nbinary: rustc\ncommit-hash: 01f6ddf7588f42ae2d7eb0a2f21d44e8e96674cf\ncommit-date: 2026-02-11\nhost: x86_64-pc-windows-msvc\nrelease: 1.93.1\nLLVM version: 21.1.8\n","stderr":""}},"successes":{}}
+{"rustc_fingerprint":17866707384158916766,"outputs":{"12855261153397992890":{"success":true,"status":"","code":0,"stdout":"rustc 1.93.1 (01f6ddf75 2026-02-11)\nbinary: rustc\ncommit-hash: 01f6ddf7588f42ae2d7eb0a2f21d44e8e96674cf\ncommit-date: 2026-02-11\nhost: x86_64-pc-windows-msvc\nrelease: 1.93.1\nLLVM version: 21.1.8\n","stderr":""},"10803282065846393305":{"success":true,"status":"","code":0,"stdout":"___.exe\nlib___.rlib\n___.dll\n___.dll\n___.lib\n___.dll\nC:\\Users\\iHsin\\.rustup\\toolchains\\stable-x86_64-pc-windows-msvc\npacked\n___\ndebug_assertions\npanic=\"unwind\"\nproc_macro\ntarget_abi=\"\"\ntarget_arch=\"x86_64\"\ntarget_endian=\"little\"\ntarget_env=\"msvc\"\ntarget_family=\"windows\"\ntarget_feature=\"cmpxchg16b\"\ntarget_feature=\"fxsr\"\ntarget_feature=\"sse\"\ntarget_feature=\"sse2\"\ntarget_feature=\"sse3\"\ntarget_has_atomic=\"128\"\ntarget_has_atomic=\"16\"\ntarget_has_atomic=\"32\"\ntarget_has_atomic=\"64\"\ntarget_has_atomic=\"8\"\ntarget_has_atomic=\"ptr\"\ntarget_os=\"windows\"\ntarget_pointer_width=\"64\"\ntarget_vendor=\"pc\"\nwindows\n","stderr":""}},"successes":{}}