HFQR · fakeshadow · Mar 3, 2026 · Mar 3, 2026 · Mar 3, 2026 · Mar 3, 2026
diff --git a/client/Cargo.toml b/client/Cargo.toml
@@ -17,11 +17,11 @@ http2 = ["h2", "itoa", "xitca-http/http2"]
 # http/3 client(tls always enabled with rustls)
 http3 = ["h3", "h3-quinn", "quinn", "itoa", "async-stream", "rustls-ring-crypto"]
 # openssl as http/1 and http/2 tls handler
-openssl = ["xitca-tls/openssl"]
+openssl = ["xitca-tls/openssl-poll"]
 # rustls as http/1 and http/2 tls handler
-rustls = ["xitca-tls/rustls", "webpki-roots"]
+rustls = ["xitca-tls/rustls-poll-aws-crypto", "webpki-roots"]
 # rustls as tls handler with ring as crypto provider
-rustls-ring-crypto =  ["xitca-tls/rustls-ring-crypto", "webpki-roots"]
+rustls-ring-crypto =  ["xitca-tls/rustls-poll-ring-crypto", "webpki-roots"]
 # compression and decompression middleware support
 compress = ["http-encoding"]
 # json response body parsing support
@@ -36,8 +36,8 @@ multipart = ["dep:http-multipart"]
 dangerous = []
 
 [dependencies]
-xitca-http = { version = "0.8.0", default-features = false, features = ["runtime"] }
-xitca-io = "0.5.1"
+xitca-http = { version = "0.9.0", default-features = false, features = ["runtime"] }
+xitca-io = "0.6.0"
 xitca-unsafe-collection = "0.2.0"
 
 futures-core = { version = "0.3.17", default-features = false }
@@ -62,7 +62,7 @@ async-stream = { version = "0.3", optional = true }
 itoa = { version = "1", optional = true }
 
 # tls shared
-xitca-tls = { version = "0.5.0", optional = true }
+xitca-tls = { version = "0.6.0", optional = true }
 
 # rustls, http3 and dangerous features shared
 webpki-roots = { version = "1", optional = true }

diff --git a/client/src/builder.rs b/client/src/builder.rs
@@ -389,7 +389,7 @@ impl ClientBuilder {
 
             use h3_quinn::quinn::Endpoint;
             use webpki_roots::TLS_SERVER_ROOTS;
-            use xitca_tls::rustls::{ClientConfig, RootCertStore};
+            use xitca_tls::rustls_poll::{ClientConfig, RootCertStore};
 
             let mut root_store = RootCertStore::empty();
 
@@ -403,7 +403,7 @@ impl ClientBuilder {
 
             #[cfg(feature = "dangerous")]
             {
-                use xitca_tls::rustls::{
+                use xitca_tls::rustls_poll::{
                     self, DigitallySignedStruct,
                     client::danger::HandshakeSignatureValid,
                     crypto::{verify_tls12_signature, verify_tls13_signature},
@@ -419,29 +419,30 @@ impl ClientBuilder {
                     }
                 }
 
-                impl rustls::client::danger::ServerCertVerifier for SkipServerVerification {
+                impl rustls_poll::client::danger::ServerCertVerifier for SkipServerVerification {
                     fn verify_server_cert(
                         &self,
                         _end_entity: &CertificateDer<'_>,
                         _intermediates: &[CertificateDer<'_>],
                         _server_name: &ServerName<'_>,
                         _ocsp: &[u8],
                         _now: UnixTime,
-                    ) -> Result<rustls::client::danger::ServerCertVerified, rustls::Error> {
-                        Ok(rustls::client::danger::ServerCertVerified::assertion())
+                    ) -> Result<rustls_poll::client::danger::ServerCertVerified, rustls_poll::Error>
+                    {
+                        Ok(rustls_poll::client::danger::ServerCertVerified::assertion())
                     }
 
                     fn verify_tls12_signature(
                         &self,
                         message: &[u8],
                         cert: &CertificateDer<'_>,
                         dss: &DigitallySignedStruct,
-                    ) -> Result<HandshakeSignatureValid, rustls::Error> {
+                    ) -> Result<HandshakeSignatureValid, rustls_poll::Error> {
                         verify_tls12_signature(
                             message,
                             cert,
                             dss,
-                            &rustls::crypto::ring::default_provider().signature_verification_algorithms,
+                            &rustls_poll::crypto::ring::default_provider().signature_verification_algorithms,
                         )
                     }
 
@@ -450,17 +451,17 @@ impl ClientBuilder {
                         message: &[u8],
                         cert: &CertificateDer<'_>,
                         dss: &DigitallySignedStruct,
-                    ) -> Result<HandshakeSignatureValid, rustls::Error> {
+                    ) -> Result<HandshakeSignatureValid, rustls_poll::Error> {
                         verify_tls13_signature(
                             message,
                             cert,
                             dss,
-                            &rustls::crypto::ring::default_provider().signature_verification_algorithms,
+                            &rustls_poll::crypto::ring::default_provider().signature_verification_algorithms,
                         )
                     }
 
-                    fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
-                        rustls::crypto::ring::default_provider()
+                    fn supported_verify_schemes(&self) -> Vec<rustls_poll::SignatureScheme> {
+                        rustls_poll::crypto::ring::default_provider()
                             .signature_verification_algorithms
                             .supported_schemes()
                     }

diff --git a/client/src/tls/connector.rs b/client/src/tls/connector.rs
@@ -39,7 +39,7 @@ pub(crate) fn nop() -> Connector {
 #[cfg(feature = "openssl")]
 pub(crate) mod openssl {
     use xitca_http::bytes::BufMut;
-    use xitca_tls::openssl::{
+    use xitca_tls::openssl_poll::{
         self,
         ssl::{SslConnector, SslMethod},
     };
@@ -52,7 +52,7 @@ pub(crate) mod openssl {
 
         async fn call(&self, (name, io): (&'n str, TlsStream)) -> Result<Self::Response, Self::Error> {
             let ssl = self.configure()?.into_ssl(name)?;
-            let stream = openssl::TlsStream::connect(ssl, io).await?;
+            let stream = openssl_poll::TlsStream::connect(ssl, io).await?;
 
             let version = stream
                 .session()
@@ -90,7 +90,7 @@ pub(crate) mod rustls {
     use std::sync::Arc;
 
     use webpki_roots::TLS_SERVER_ROOTS;
-    use xitca_tls::rustls::{self, ClientConfig, ClientConnection, RootCertStore, pki_types::ServerName};
+    use xitca_tls::rustls_poll::{self, ClientConfig, ClientConnection, RootCertStore, pki_types::ServerName};
 
     use super::*;
 
@@ -107,7 +107,7 @@ pub(crate) mod rustls {
 
             let conn = ClientConnection::new(self.0.clone(), name).unwrap();
 
-            let stream = rustls::TlsStream::handshake(io, conn)
+            let stream = rustls_poll::TlsStream::handshake(io, conn)
                 .await
                 .map_err(crate::error::RustlsError::Io)?;
 

diff --git a/examples/Cargo.toml b/examples/Cargo.toml
@@ -25,3 +25,10 @@ members = [
 
 [profile.dev]
 debug-assertions = false
+
+[patch.crates-io]
+tokio-uring-xitca = { path = "../tokio-uring" }
+xitca-tls= { path = "../tls" }
+xitca-io= { path = "../io" }
+xitca-server = { path = "../server" }
+xitca-http = { path = "../http" }
diff --git a/examples/io-uring-h2/Cargo.toml b/examples/io-uring-h2/Cargo.toml
@@ -5,14 +5,19 @@ authors = ["fakeshadow <24548779@qq.com>"]
 edition = "2024"
 
 [dependencies]
-xitca-http = {  path = "../../http", features = ["http2", "io-uring", "router"] }
-xitca-server = { version = "0.6.1", features = ["io-uring"] }
+xitca-http = { version = "0.9", features = ["http2", "io-uring", "router", "openssl"] }
+xitca-server = { version = "0.7", features = ["io-uring"] }
 xitca-service = "0.3"
 
 futures-core = "0.3"
-
 mimalloc = { version = "0.1.48", default-features = false, features = ["v3"] }
 
+openssl = "0.10.44"
+# rcgen = "0.14"
+# rustls = "0.23"
+# rustls-pki-types = "1"
+
+
 [profile.release]
 opt-level = 3
 lto = "fat"
diff --git a/examples/io-uring-h2/src/main.rs b/examples/io-uring-h2/src/main.rs
@@ -1,7 +1,7 @@
 //! A Http/2 server returns Hello World String as Response.
 //!
-//! *. use h2c prior knowledge as protocol.
 //! *. io_uring is a linux OS feature.
+//! *. random self signed cert is used for tls certification.
 
 #[global_allocator]
 static ALLOC: mimalloc::MiMalloc = mimalloc::MiMalloc;
@@ -28,7 +28,7 @@ fn main() -> io::Result<()> {
             "http/2",
             "127.0.0.1:8080",
             fn_service(handler).enclosed(
-                HttpServiceBuilder::h2().io_uring(), // specify io_uring flavor of http service.
+                HttpServiceBuilder::h2().io_uring().openssl(tls_config()?), // specify io_uring flavor of http service.
             ),
         )?
         .build()
@@ -69,3 +69,47 @@ impl Stream for Once {
         (len, Some(len))
     }
 }
+
+// // rustls configuration.
+// fn tls_config() -> std::sync::Arc<rustls::ServerConfig> {
+//     let subject_alt_names = vec!["127.0.0.1".to_string(), "localhost".to_string()];
+
+//     let cert = rcgen::generate_simple_self_signed(subject_alt_names).unwrap();
+
+//     let mut config = rustls::ServerConfig::builder()
+//         .with_no_client_auth()
+//         .with_single_cert(
+//             vec![cert.cert.into()],
+//             cert.signing_key.serialize_der().try_into().unwrap(),
+//         )
+//         .unwrap();
+
+//     config.alpn_protocols = vec![b"h2".to_vec()];
+
+//     std::sync::Arc::new(config)
+// }
+
+use openssl::ssl::{AlpnError, SslAcceptor, SslFiletype, SslMethod};
+fn tls_config() -> io::Result<SslAcceptor> {
+    // set up openssl and alpn protocol.
+    let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls())?;
+    builder.set_private_key_file("../cert/key.pem", SslFiletype::PEM)?;
+    builder.set_certificate_chain_file("../cert/cert.pem")?;
+
+    builder.set_alpn_select_callback(|_, protocols| {
+        const H2: &[u8] = b"\x02h2";
+        const H11: &[u8] = b"\x08http/1.1";
+
+        if protocols.windows(3).any(|window| window == H2) {
+            Ok(b"h2")
+        } else if protocols.windows(9).any(|window| window == H11) {
+            Ok(b"http/1.1")
+        } else {
+            Err(AlpnError::NOACK)
+        }
+    });
+
+    builder.set_alpn_protos(b"\x08http/1.1\x02h2")?;
+
+    Ok(builder.build())
+}
diff --git a/examples/io-uring/Cargo.toml b/examples/io-uring/Cargo.toml
@@ -5,10 +5,10 @@ authors = ["fakeshadow <24548779@qq.com>"]
 edition = "2024"
 
 [dependencies]
-xitca-http = { version = "0.7", features = ["io-uring", "router", "rustls-uring"] }
-xitca-server = { version = "0.5", features = ["io-uring"] }
+xitca-http = { version = "0.9", features = ["io-uring", "router", "rustls"] }
+xitca-server = { version = "0.7", features = ["io-uring"] }
 xitca-service = "0.3"
 
-rcgen = "0.13"
+rcgen = "0.14"
 rustls = "0.23"
-rustls-pki-types = "1"
+rustls-pki-types = "1"
diff --git a/examples/io-uring/src/main.rs b/examples/io-uring/src/main.rs
@@ -7,11 +7,10 @@ use std::{convert::Infallible, io, sync::Arc};
 
 use rustls::ServerConfig;
 use xitca_http::{
-    h1,
-    http::{const_header_value::TEXT_UTF8, header::CONTENT_TYPE, Request, RequestExt, Response},
-    HttpServiceBuilder, ResponseBody,
+    HttpServiceBuilder, ResponseBody, h1,
+    http::{Request, RequestExt, Response, const_header_value::TEXT_UTF8, header::CONTENT_TYPE},
 };
-use xitca_service::{fn_service, ServiceExt};
+use xitca_service::{ServiceExt, fn_service};
 
 fn main() -> io::Result<()> {
     xitca_server::Builder::new()
@@ -21,7 +20,7 @@ fn main() -> io::Result<()> {
             fn_service(handler).enclosed(
                 HttpServiceBuilder::h1()
                     .io_uring() // specify io_uring flavor of http service.
-                    .rustls_uring(tls_config()), // specify io_uring flavor of tls.
+                    .rustls(tls_config()), // specify io_uring flavor of tls.
             ),
         )?
         .build()
@@ -45,7 +44,7 @@ fn tls_config() -> Arc<ServerConfig> {
         .with_no_client_auth()
         .with_single_cert(
             vec![cert.cert.into()],
-            cert.key_pair.serialize_der().try_into().unwrap(),
+            cert.signing_key.serialize_der().try_into().unwrap(),
         )
         .unwrap();
 

diff --git a/http/CHANGES.md b/http/CHANGES.md
@@ -1,4 +1,8 @@
-# unreleased
+# unreleased 0.9.0
+## Change
+- update `xitca-io` to `0.6.0`
+- update `xitca-tls` to `0.6.0`
+- use completion based API for all I/O operations
 
 # 0.8.2
 ## Fix

diff --git a/http/Cargo.toml b/http/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "xitca-http"
-version = "0.8.2"
+version = "0.9.0"
 edition = "2024"
 license = "Apache-2.0"
 description = "http library for xitca"
@@ -25,21 +25,18 @@ http3 = ["xitca-io/quic", "futures-util/alloc", "h3", "h3-quinn", "runtime"]
 # openssl as server side tls.
 openssl = ["xitca-tls/openssl", "runtime"]
 # rustls as server side tls.
-rustls = ["xitca-tls/rustls-no-crypto", "runtime"]
+rustls = ["xitca-tls/rustls", "runtime"]
 # rustls as server side tls.
-rustls-uring = ["rustls", "xitca-tls/rustls-uring-no-crypto", "xitca-io/runtime-uring"]
-# rustls as server side tls.
-native-tls = ["dep:native-tls", "runtime"]
+native-tls = ["xitca-tls/native-tls", "runtime"]
 # async runtime feature.
 runtime = ["xitca-io/runtime", "tokio"]
 
 # unstable features that are subject to be changed at anytime.
 io-uring = ["xitca-io/runtime-uring"]
-compio = ["dep:compio-buf", "dep:compio-io", "dep:compio-net"]
 router = ["xitca-router"]
 
 [dependencies]
-xitca-io = "0.5.1"
+xitca-io = "0.6.0"
 xitca-service = { version = "0.3.0", features = ["alloc"] }
 xitca-unsafe-collection = { version = "0.2.0", features = ["bytes"] }
 
@@ -49,11 +46,8 @@ httpdate = "1.0"
 pin-project-lite = "0.2.10"
 tracing = { version = "0.1.40", default-features = false }
 
-# native tls support
-native-tls = { version = "0.2.7", features = ["alpn"], optional = true }
-
 # tls support shared
-xitca-tls = { version = "0.5.1", optional = true }
+xitca-tls = { version = "0.6.0", optional = true }
 
 # http/1 support
 httparse = { version = "1.8", optional = true }
@@ -75,17 +69,12 @@ tokio = { version = "1.48", features = ["rt", "time"], optional = true }
 # util service support
 xitca-router = { version = "0.4.1", optional = true }
 
-# compio optional. not officially supported only exist for possible benchmarking usage
-compio-buf = { version = "0.7", features = ["bytes"], optional = true }
-compio-io = { version = "0.8", optional = true }
-compio-net = { version = "0.10", optional = true }
-
 [target.'cfg(not(target_family = "wasm"))'.dependencies]
 socket2 = { version = "0.6.0", features = ["all"] }
 
 [dev-dependencies]
-criterion = "0.7"
-xitca-server = "0.6.1"
+criterion = "0.8"
+xitca-server = "0.7.0"
 
 [[bench]]
 name = "h1_decode"

diff --git a/http/src/builder.rs b/http/src/builder.rs
@@ -17,8 +17,6 @@ pub(crate) mod marker {
     pub struct Http;
     #[cfg(feature = "http1")]
     pub struct Http1;
-    #[cfg(all(feature = "io-uring", feature = "http1"))]
-    pub struct Http1Uring;
     #[cfg(all(feature = "io-uring", feature = "http2"))]
     pub struct Http2Uring;
     #[cfg(feature = "http2")]
@@ -160,16 +158,6 @@ impl<V, St, FA, const HEADER_LIMIT: usize, const READ_BUF_LIMIT: usize, const WR
         self.with_tls(tls::rustls::TlsAcceptorBuilder::new(config))
     }
 
-    #[cfg(feature = "rustls-uring")]
-    /// use rustls on io-uring as tls service. io-uring (either with or without) is used for Http/1 protocol only.
-    pub fn rustls_uring(
-        self,
-        config: tls::rustls::RustlsConfig,
-    ) -> HttpServiceBuilder<V, St, tls::rustls_uring::TlsAcceptorBuilder, HEADER_LIMIT, READ_BUF_LIMIT, WRITE_BUF_LIMIT>
-    {
-        self.with_tls(tls::rustls_uring::TlsAcceptorBuilder::new(config))
-    }
-
     #[cfg(feature = "native-tls")]
     /// use native-tls as tls service. tnative-tlsls service is used for Http/1 protocol only.
     pub fn native_tls(