itsi-server 0.2.22-aarch64-linux

data/Cargo.toml

@@ -0,0 +1,11 @@
+# This Cargo.toml is here to let externals tools (IDEs, etc.) know that this is
+# a Rust project. Your extensions dependencies should be added to the Cargo.toml
+# in the ext/ directory.
+
+[workspace]
+members = ["./ext/itsi_server"]
+resolver = "2"
+
+[patch.crates-io]
+magnus = { git = "https://github.com/matsadler/magnus.git", rev = "1ed232edb2b75a2eed9b1def34ad57e55c411a5c" }
+rb-sys-build = { path = "vendor/rb-sys-build" }

data/Rakefile

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "minitest/test_task"
+
+SMOKE_TEST_GLOBS = %w[
+  test/options/bind.rb
+  test/options/header_read_timeout.rb
+  test/options/test_request_timeout.rb
+  test/options/test_threads.rb
+  test/rack/test_rack_server.rb
+  test/middleware/allow_list.rb
+  test/middleware/auth_api_key.rb
+  test/middleware/auth_basic.rb
+  test/middleware/cache_control.rb
+  test/middleware/cidr_to_regex.rb
+  test/middleware/compression.rb
+  test/middleware/cors.rb
+  test/middleware/csp.rb
+  test/middleware/deny_list.rb
+  test/middleware/etag.rb
+  test/middleware/header_interpolation.rb
+  test/middleware/location.rb
+  test/middleware/max_body.rb
+  test/middleware/request_headers.rb
+  test/middleware/response_headers.rb
+  test/middleware/static_assets.rb
+  test/middleware/static_response.rb
+  test/middleware/string_rewrite.rb
+].freeze
+
+def configure_test_task(task_name, test_globs)
+  Minitest::TestTask.create(task_name) do |t|
+    t.libs << "test"
+    t.libs << "lib"
+    t.warning = false
+    t.test_globs = test_globs
+    t.test_prelude = 'require "helpers/test_helper.rb"'
+  end
+end
+
+configure_test_task(:test, ["test/**/*.rb"])
+configure_test_task("test:smoke", SMOKE_TEST_GLOBS)
+
+task "test:full" => :test
+
+require "rb_sys/extensiontask"
+
+task build: :compile
+
+GEMSPEC = Gem::Specification.load("itsi-server.gemspec")
+
+RbSys::ExtensionTask.new("itsi-server", GEMSPEC) do |ext|
+  ext.lib_dir = "lib/itsi/server"
+end
+
+task default: %i[compile test rubocop]

data/exe/itsi

@@ -0,0 +1,193 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "itsi/server"
+require "optparse"
+
+COMMANDS = {
+  "init" => "Initialize a new Itsi.rb server configuration file",
+  "status" => "Show the status of the server",
+  "start" => "Start the Itsi server",
+  "serve" => "Start the Itsi server",
+  "stop" => "Stop the server",
+  "reload" => "Reload the server",
+  "restart" => "Restart the server",
+  "test" => "Test config file validity",
+  "add_worker" => "Add a new worker to the server cluster",
+  "remove_worker" => "Remove a worker from the server cluster",
+  "routes" => "Print the routes of the server",
+  "passfile" => "Manage hashed users and passwords in a passfile (like .htpasswd). [add, echo, remove, list]",
+  "secret" => "Generate a new secret for use in a JWT verifier",
+  "test_route" => "Test which route a request will be routed to",
+  "static" => "Serve static assets in the given directory"
+}
+
+Itsi::Server::Config.prep_reexec!
+
+options = {}
+
+parser = OptionParser.new do |opts|
+  opts.banner = "Usage: itsi [COMMAND] [options]"
+
+  opts.on("-C", "--config CONFIG_FILE", String, "Itsi Configuration file to use (default: Itsi.rb)") do |config_file|
+    options[:config_file] = config_file
+  end
+
+  opts.on("-w", "--workers WORKERS", Integer, "Number of workers") do |w|
+    options[:workers] = w
+  end
+
+  opts.on("-d", "--daemonize", "Run the process as a daemon") do
+    options[:daemonize] = true
+  end
+
+  opts.on("-t", "--threads THREADS", Integer, "Number of threads (default: 1)") do |t|
+    options[:threads] = t
+  end
+
+  opts.on("--[no-]multithreaded-reactor", "Use a multithreaded reactor") do |mtr|
+    options[:multithreaded_reactor] = mtr
+  end
+
+  opts.on("-r", "--rackup_file FILE", String, "Rackup file to use (default: config.ru)") do |rf|
+    options[:rackup_file] = rf
+  end
+
+  opts.on("--worker-memory-limit MEMORY_LIMIT", Integer,
+          "Memory limit for each worker (default: None). If this limit is breached the worker is gracefully restarted") do |ml|
+    options[:worker_memory_limit] = ml
+  end
+
+  opts.on("-f", "--fiber_scheduler [CLASS_NAME]", String,
+          "Scheduler class to use (default: nil). Provide blank or true to use Itsi::Scheduler, or a classname to use an alternative scheduler") do |scheduler_class|
+    if scheduler_class.nil? || scheduler_class == "true"
+      options[:scheduler_class] = "Itsi::Scheduler"
+    elsif scheduler_class == "false"
+      options.delete(:scheduler_class)
+    else
+      options[:scheduler_class] = scheduler_class
+    end
+  end
+
+  opts.on("--preload [true, false, :bundle_group_name]", String, " Toggle preloading the application") do |preload|
+    if preload == "true"
+      options[:preload] = true
+    elsif preload == "false"
+      options[:preload] = false
+    else
+      # Not supported yet
+    end
+  end
+
+  opts.on("-b", "--bind BIND", String,
+          "Bind address (default: http://0.0.0.0:3000). You can specify this flag multiple times to bind to multiple addresses.") do |bind|
+    options[:binds] ||= []
+    options[:binds] << bind
+  end
+
+  opts.on("-c", "--cert_path CERT_PATH", String,
+          "Path to the SSL certificate file (must follow a --bind option). You can specify this flag multiple times.") do |cp|
+    raise OptionParser::InvalidOption, "--cert_path must follow a --bind" if options[:binds].empty?
+
+    require "uri"
+
+    # Modify the last bind entry to add/update the cert query parameter
+    uri = URI.parse("http://#{options[:binds].last}") # Ensure valid URI parsing
+    params = URI.decode_www_form(uri.query.to_s).to_h
+    params["cert"] = cp
+    query_string = params.map { |k, v| "#{k}=#{v}" }.join("&")
+    options[:binds][-1] = "#{uri.host}?#{query_string}"
+  end
+
+  opts.on("-k", "--key_path KEY_PATH", String,
+          "Path to the SSL key file (must follow a --bind option). You can specify this flag multiple times.") do |kp|
+    raise OptionParser::InvalidOption, "--key_path must follow a --bind" if options[:binds].empty?
+
+    require "uri"
+
+    # Modify the last bind entry to add/update the key query parameter
+    uri = URI.parse("http://#{options[:binds].last}") # Ensure valid URI parsing
+    params = URI.decode_www_form(uri.query.to_s).to_h
+    params["key"] = kp
+    query_string = params.map { |k, v| "#{k}=#{v}" }.join("&")
+    options[:binds][-1] = "#{uri.host}?#{query_string}"
+  end
+
+  opts.on("--shutdown_timeout SHUTDOWN_TIMEOUT", String,
+          "Graceful timeout period before forcing workers to shutdown") do |shutdown_timeout|
+    options[:shutdown_timeout] = shutdown_timeout
+  end
+
+  opts.on("--stream-body", TrueClass, "Stream body frames (default: false for best compatibility)") do |stream_body|
+    options[:stream_body] = stream_body
+  end
+
+  opts.on("-h", "--help", "Show this help message") do
+    puts opts
+    puts "COMMAND: "
+    COMMANDS.each do |command, description|
+      puts "    #{command} - #{description}"
+    end
+    exit
+  end
+
+  opts.on("--reexec PARAMS", String, "Reexec the server with the given parameters") do |params|
+    options[:reexec] = params
+  end
+
+  opts.on("--listeners LISTENERS", String, "Listeners for reexec") do |listeners|
+    options[:listeners] = listeners
+  end
+
+  opts.on("--passfile PASSFILE", String, "Passfile") do |passfile|
+    options[:passfile] = passfile
+  end
+
+  opts.on("--algorithm ALGORITHM", String, "Algorithm for password hashing") do |algorithm|
+    options[:algorithm] = algorithm
+  end
+
+  opts.on("-dDIR", "--dir=DIR", "(For use with secret) Save keys/secret to DIR instead of printing") do |d|
+    options[:save_dir] = d
+  end
+
+  opts.on("-v", "--version", "Show version") do
+    puts "Itsi version #{Itsi::Server::VERSION}"
+    exit(0)
+  end
+end
+
+if ENV["COMP_LINE"] || ARGV.include?("--completion")
+  puts COMMANDS.keys
+  exit
+end
+
+begin
+  parser.parse!
+rescue StandardError => e
+  puts e.message
+  exit
+end
+
+case (command = ARGV.shift)
+when *COMMANDS.keys
+  required_arity = Itsi::Server.method(command).parameters&.select { |c| c.first == :req }&.length&.succ || 2
+  case required_arity
+  when 1 then Itsi::Server.send(command)
+  when 2 then Itsi::Server.send(command, options)
+  else
+    if ARGV.length != required_arity - 2
+      puts "Command #{command} requires #{required_arity - 2} subcommands. "
+      exit(0)
+    end
+    Itsi::Server.send(command, options, *ARGV)
+  end
+when nil
+  Itsi::Server.start(options)
+else
+  puts "Invalid command #{command}.\n"
+  puts "COMMAND: "
+  COMMANDS.each do |command, description|
+    puts "    #{command} - #{description}"
+  end
+end

data/ext/itsi_acme/Cargo.toml

@@ -0,0 +1,86 @@
+[package]
+name = "itsi_acme"
+version = "0.1.0"
+authors = [
+  "wouterken <wc@pico.net.nz>",
+  "dignifiedquire <me@dignifiedquire.com>",
+  "Florian Uekermann <florian@uekermann.me>",
+]
+edition = "2018"
+description = "Automatic TLS certificate management using rustls, specifically for itsi"
+license = "Apache-2.0 OR MIT"
+repository = "https://github.com/n0-computer/tokio-rustls-acme"
+documentation = "https://docs.rs/tokio-rustls-acme"
+keywords = ["acme", "rustls", "tls", "letsencrypt"]
+categories = ["asynchronous", "cryptography", "network-programming"]
+
+[dependencies]
+futures = "0.3.21"
+rcgen = "0.13"
+serde_json = "1.0.81"
+serde = { version = "1.0.137", features = ["derive"] }
+ring = { version = "0.17.0", features = ["std"] }
+base64 = "0.22"
+log = "0.4.17"
+webpki-roots = "0.26"
+pem = "3.0"
+thiserror = "2.0"
+x509-parser = "0.16"
+chrono = { version = "0.4.24", default-features = false, features = ["clock"] }
+async-trait = "0.1.53"
+rustls = { version = "0.23", default-features = false, features = ["ring"] }
+time = "0.3.36"                                                                 # force the transitive dependency to a more recent minimal version. The build fails with 0.3.20
+
+tokio = { version = "1.20.1", default-features = false }
+tokio-rustls = { version = "0.26", default-features = false, features = [
+  "tls12",
+] }
+reqwest = { version = "0.12", default-features = false, features = [
+  "rustls-tls",
+] }
+
+# Axum
+axum-server = { version = "0.7", features = ["tokio-rustls"], optional = true }
+
+[dependencies.proc-macro2]
+# This is a transitive dependency, we specify it to make sure we have
+# a recent-enough version so that -Z minimal-versions crate resolution
+# works.
+version = "1.0.78"
+
+[dependencies.num-bigint]
+# This is a transitive dependency, we specify it to make sure we have
+# a recent-enough version so that -Z minimal-versions crate resolution
+# works.
+version = "0.4.4"
+
+[dev-dependencies]
+simple_logger = "5.0"
+structopt = "0.3.26"
+clap = { version = "4", features = ["derive"] }
+axum = "0.7"
+tokio = { version = "1.19.2", features = ["full"] }
+tokio-stream = { version = "0.1.9", features = ["net"] }
+tokio-util = { version = "0.7.3", features = ["compat"] }
+warp = "0.3"
+
+[package.metadata.docs.rs]
+all-features = true
+rustdoc-args = ["--cfg", "doc_auto_cfg"]
+
+[features]
+default = []
+axum = ["dep:axum-server"]
+
+[[example]]
+name = "low_level_axum"
+required-features = ["axum"]
+
+[[example]]
+name = "high_level_warp"
+
+[[example]]
+name = "high_level"
+
+[[example]]
+name = "low_level"

data/ext/itsi_acme/examples/high_level.rs

@@ -0,0 +1,63 @@
+use clap::Parser;
+use itsi_acme::caches::DirCache;
+use itsi_acme::AcmeConfig;
+use std::net::Ipv6Addr;
+use std::path::PathBuf;
+use tokio::io::AsyncWriteExt;
+use tokio_stream::wrappers::TcpListenerStream;
+use tokio_stream::StreamExt;
+
+#[derive(Parser, Debug)]
+struct Args {
+    /// Domains
+    #[clap(short, required = true)]
+    domains: Vec<String>,
+
+    /// Contact info
+    #[clap(short)]
+    email: Vec<String>,
+
+    /// Cache directory
+    #[clap(short)]
+    cache: Option<PathBuf>,
+
+    /// Use Let's Encrypt production environment
+    /// (see https://letsencrypt.org/docs/staging-environment/)
+    #[clap(long)]
+    prod: bool,
+
+    #[clap(short, long, default_value = "443")]
+    port: u16,
+}
+
+#[tokio::main]
+async fn main() {
+    simple_logger::init_with_level(log::Level::Info).unwrap();
+    let args = Args::parse();
+
+    let tcp_listener = tokio::net::TcpListener::bind((Ipv6Addr::UNSPECIFIED, args.port))
+        .await
+        .unwrap();
+    let tcp_incoming = TcpListenerStream::new(tcp_listener);
+
+    let mut tls_incoming = AcmeConfig::new(args.domains)
+        .contact(args.email.iter().map(|e| format!("mailto:{}", e)))
+        .cache_option(args.cache.clone().map(DirCache::new))
+        .directory_lets_encrypt(args.prod)
+        .incoming(tcp_incoming, Vec::new());
+
+    while let Some(tls) = tls_incoming.next().await {
+        let mut tls = tls.unwrap();
+        tokio::spawn(async move {
+            tls.write_all(HELLO).await.unwrap();
+            tls.shutdown().await.unwrap();
+        });
+    }
+    unreachable!()
+}
+
+const HELLO: &[u8] = br#"HTTP/1.1 200 OK
+Content-Length: 10
+Content-Type: text/plain; charset=utf-8
+
+Hello Tls!"#;

data/ext/itsi_acme/examples/high_level_warp.rs

@@ -0,0 +1,52 @@
+use clap::Parser;
+use itsi_acme::caches::DirCache;
+use itsi_acme::AcmeConfig;
+use std::net::Ipv6Addr;
+use std::path::PathBuf;
+use tokio_stream::wrappers::TcpListenerStream;
+use warp::Filter;
+
+#[derive(Parser, Debug)]
+struct Args {
+    /// Domains
+    #[clap(short, required = true)]
+    domains: Vec<String>,
+
+    /// Contact info
+    #[clap(short)]
+    email: Vec<String>,
+
+    /// Cache directory
+    #[clap(short)]
+    cache: Option<PathBuf>,
+
+    /// Use Let's Encrypt production environment
+    /// (see https://letsencrypt.org/docs/staging-environment/)
+    #[clap(long)]
+    prod: bool,
+
+    #[clap(short, long, default_value = "443")]
+    port: u16,
+}
+
+#[tokio::main]
+async fn main() {
+    simple_logger::init_with_level(log::Level::Info).unwrap();
+    let args = Args::parse();
+
+    let tcp_listener = tokio::net::TcpListener::bind((Ipv6Addr::UNSPECIFIED, args.port))
+        .await
+        .unwrap();
+    let tcp_incoming = TcpListenerStream::new(tcp_listener);
+
+    let tls_incoming = AcmeConfig::new(args.domains)
+        .contact(args.email.iter().map(|e| format!("mailto:{}", e)))
+        .cache_option(args.cache.clone().map(DirCache::new))
+        .directory_lets_encrypt(args.prod)
+        .incoming(tcp_incoming, Vec::new());
+
+    let route = warp::any().map(|| "Hello Tls!");
+    warp::serve(route).run_incoming(tls_incoming).await;
+
+    unreachable!()
+}

data/ext/itsi_acme/examples/low_level.rs

@@ -0,0 +1,87 @@
+use clap::Parser;
+use itsi_acme::caches::DirCache;
+use itsi_acme::{AcmeAcceptor, AcmeConfig};
+use rustls::ServerConfig;
+use std::net::Ipv6Addr;
+use std::path::PathBuf;
+use std::sync::Arc;
+use tokio::io::AsyncWriteExt;
+use tokio_stream::StreamExt;
+
+#[derive(Parser, Debug)]
+struct Args {
+    /// Domains
+    #[clap(short, required = true)]
+    domains: Vec<String>,
+
+    /// Contact info
+    #[clap(short)]
+    email: Vec<String>,
+
+    /// Cache directory
+    #[clap(short)]
+    cache: Option<PathBuf>,
+
+    /// Use Let's Encrypt production environment
+    /// (see https://letsencrypt.org/docs/staging-environment/)
+    #[clap(long)]
+    prod: bool,
+
+    #[clap(short, long, default_value = "443")]
+    port: u16,
+}
+
+#[tokio::main]
+async fn main() {
+    simple_logger::init_with_level(log::Level::Info).unwrap();
+    let args = Args::parse();
+
+    let mut state = AcmeConfig::new(args.domains)
+        .contact(args.email.iter().map(|e| format!("mailto:{}", e)))
+        .cache_option(args.cache.clone().map(DirCache::new))
+        .directory_lets_encrypt(args.prod)
+        .state();
+    let rustls_config = ServerConfig::builder()
+        .with_no_client_auth()
+        .with_cert_resolver(state.resolver());
+    let acceptor = state.acceptor();
+
+    tokio::spawn(async move {
+        loop {
+            match state.next().await.unwrap() {
+                Ok(ok) => log::info!("event: {:?}", ok),
+                Err(err) => log::error!("error: {:?}", err),
+            }
+        }
+    });
+
+    serve(acceptor, Arc::new(rustls_config), args.port).await;
+}
+
+async fn serve(acceptor: AcmeAcceptor, rustls_config: Arc<ServerConfig>, port: u16) {
+    let listener = tokio::net::TcpListener::bind((Ipv6Addr::UNSPECIFIED, port))
+        .await
+        .unwrap();
+    loop {
+        let tcp = listener.accept().await.unwrap().0;
+        let rustls_config = rustls_config.clone();
+        let accept_future = acceptor.accept(tcp);
+
+        tokio::spawn(async move {
+            match accept_future.await.unwrap() {
+                None => log::info!("received TLS-ALPN-01 validation request"),
+                Some(start_handshake) => {
+                    let mut tls = start_handshake.into_stream(rustls_config).await.unwrap();
+                    tls.write_all(HELLO).await.unwrap();
+                    tls.shutdown().await.unwrap();
+                }
+            }
+        });
+    }
+}
+
+const HELLO: &[u8] = br#"HTTP/1.1 200 OK
+Content-Length: 10
+Content-Type: text/plain; charset=utf-8
+
+Hello Tls!"#;

data/ext/itsi_acme/examples/low_level_axum.rs

@@ -0,0 +1,66 @@
+use axum::{routing::get, Router};
+use clap::Parser;
+use itsi_acme::caches::DirCache;
+use itsi_acme::AcmeConfig;
+use rustls::ServerConfig;
+use std::net::{Ipv6Addr, SocketAddr};
+use std::path::PathBuf;
+use std::sync::Arc;
+use tokio_stream::StreamExt;
+
+#[derive(Parser, Debug)]
+struct Args {
+    /// Domains
+    #[clap(short, required = true)]
+    domains: Vec<String>,
+
+    /// Contact info
+    #[clap(short)]
+    email: Vec<String>,
+
+    /// Cache directory
+    #[clap(short)]
+    cache: Option<PathBuf>,
+
+    /// Use Let's Encrypt production environment
+    /// (see https://letsencrypt.org/docs/staging-environment/)
+    #[clap(long)]
+    prod: bool,
+
+    #[clap(short, long, default_value = "443")]
+    port: u16,
+}
+
+#[tokio::main]
+async fn main() {
+    simple_logger::init_with_level(log::Level::Info).unwrap();
+    let args = Args::parse();
+
+    let mut state = AcmeConfig::new(args.domains)
+        .contact(args.email.iter().map(|e| format!("mailto:{}", e)))
+        .cache_option(args.cache.clone().map(DirCache::new))
+        .directory_lets_encrypt(args.prod)
+        .state();
+    let rustls_config = ServerConfig::builder()
+        .with_no_client_auth()
+        .with_cert_resolver(state.resolver());
+    let acceptor = state.axum_acceptor(Arc::new(rustls_config));
+
+    tokio::spawn(async move {
+        loop {
+            match state.next().await.unwrap() {
+                Ok(ok) => log::info!("event: {:?}", ok),
+                Err(err) => log::error!("error: {:?}", err),
+            }
+        }
+    });
+
+    let app = Router::new().route("/", get(|| async { "Hello Tls!" }));
+
+    let addr = SocketAddr::from((Ipv6Addr::UNSPECIFIED, args.port));
+    axum_server::bind(addr)
+        .acceptor(acceptor)
+        .serve(app.into_make_service())
+        .await
+        .unwrap();
+}

data/ext/itsi_acme/src/acceptor.rs

@@ -0,0 +1,81 @@
+use crate::acme::ACME_TLS_ALPN_NAME;
+use crate::ResolvesServerCertAcme;
+use rustls::server::Acceptor;
+use rustls::ServerConfig;
+use std::future::Future;
+use std::io;
+use std::pin::Pin;
+use std::sync::Arc;
+use std::task::{Context, Poll};
+use tokio::io::{AsyncRead, AsyncWrite};
+use tokio_rustls::{Accept, LazyConfigAcceptor, StartHandshake};
+
+#[derive(Clone)]
+pub struct AcmeAcceptor {
+    config: Arc<ServerConfig>,
+}
+
+impl AcmeAcceptor {
+    pub(crate) fn new(resolver: Arc<ResolvesServerCertAcme>) -> Self {
+        let mut config = ServerConfig::builder()
+            .with_no_client_auth()
+            .with_cert_resolver(resolver);
+        config.alpn_protocols.push(ACME_TLS_ALPN_NAME.to_vec());
+        Self {
+            config: Arc::new(config),
+        }
+    }
+    pub fn accept<IO: AsyncRead + AsyncWrite + Unpin>(&self, io: IO) -> AcmeAccept<IO> {
+        AcmeAccept::new(io, self.config.clone())
+    }
+}
+
+pub struct AcmeAccept<IO: AsyncRead + AsyncWrite + Unpin> {
+    acceptor: LazyConfigAcceptor<IO>,
+    config: Arc<ServerConfig>,
+    validation_accept: Option<Accept<IO>>,
+}
+
+impl<IO: AsyncRead + AsyncWrite + Unpin> AcmeAccept<IO> {
+    pub(crate) fn new(io: IO, config: Arc<ServerConfig>) -> Self {
+        Self {
+            acceptor: LazyConfigAcceptor::new(Acceptor::default(), io),
+            config,
+            validation_accept: None,
+        }
+    }
+}
+
+impl<IO: AsyncRead + AsyncWrite + Unpin> Future for AcmeAccept<IO> {
+    type Output = io::Result<Option<StartHandshake<IO>>>;
+
+    fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
+        loop {
+            if let Some(validation_accept) = &mut self.validation_accept {
+                return match Pin::new(validation_accept).poll(cx) {
+                    Poll::Ready(Ok(_)) => Poll::Ready(Ok(None)),
+                    Poll::Ready(Err(err)) => Poll::Ready(Err(err)),
+                    Poll::Pending => Poll::Pending,
+                };
+            }
+
+            return match Pin::new(&mut self.acceptor).poll(cx) {
+                Poll::Ready(Ok(handshake)) => {
+                    let is_validation = handshake
+                        .client_hello()
+                        .alpn()
+                        .into_iter()
+                        .flatten()
+                        .eq([ACME_TLS_ALPN_NAME]);
+                    if is_validation {
+                        self.validation_accept = Some(handshake.into_stream(self.config.clone()));
+                        continue;
+                    }
+                    Poll::Ready(Ok(Some(handshake)))
+                }
+                Poll::Ready(Err(err)) => Poll::Ready(Err(err)),
+                Poll::Pending => Poll::Pending,
+            };
+        }
+    }
+}