Drop Swift 5.10

Package.swift

@@ -1,4 +1,4 @@
-// swift-tools-version:5.10
+// swift-tools-version:6.0
 //===----------------------------------------------------------------------===//
 //
 // This source file is part of the SwiftNIO open source project
@@ -58,10 +58,6 @@ let strictConcurrencyDevelopment = false
 
 let strictConcurrencySettings: [SwiftSetting] = {
     var initialSettings: [SwiftSetting] = []
-    initialSettings.append(contentsOf: [
-        .enableUpcomingFeature("StrictConcurrency"),
-        .enableUpcomingFeature("InferSendableFromCaptures"),
-    ])
 
     if strictConcurrencyDevelopment {
         // -warnings-as-errors here is a workaround so that IDE-based development can

README.md

@@ -61,4 +61,7 @@ SwiftNIO SSL        | Minimum Swift Version
 `2.23.0 ..< 2.23.2` | 5.5.2
 `2.23.2 ..< 2.26.0` | 5.6
 `2.26.0 ..< 2.27.0` | 5.7
-`2.27.0 ...`        | 5.8
+`2.27.0 ..< 2.29.3` | 5.8
+`2.29.3 ..< 2.31.0` | 5.9
+`2.31.0 ..< 2.35.0` | 5.10
+`2.35.0 ...`        | 6.0

Sources/NIOSSL/NIOSSLClientHandler.swift

@@ -288,5 +288,8 @@ public final class NIOSSLClientHandler: NIOSSLHandler {
     }
 }
 
+// This conformance is technically redundant - Swift 6.2 compiler finally caught this
+#if compiler(<6.2)
 @available(*, unavailable)
 extension NIOSSLClientHandler: Sendable {}
+#endif

Sources/NIOSSL/NIOSSLServerHandler.swift

@@ -198,5 +198,8 @@ public final class NIOSSLServerHandler: NIOSSLHandler {
     }
 }
 
+// This conformance is technically redundant - Swift 6.2 compiler finally caught this
+#if compiler(<6.2)
 @available(*, unavailable)
 extension NIOSSLServerHandler: Sendable {}
+#endif

Sources/NIOSSL/SSLCallbacks.swift

@@ -320,9 +320,10 @@ extension NIOSSLContextConfigurationOverride {
 /// Within this callback, the user can create and return a new `NIOSSLContextConfigurationOverride` for the given host,
 /// and the delta will be applied to the current handshake configuration.
 ///
-public typealias NIOSSLContextCallback = @Sendable (
-    NIOSSLClientExtensionValues, EventLoopPromise<NIOSSLContextConfigurationOverride>
-) -> Void
+public typealias NIOSSLContextCallback =
+    @Sendable (
+        NIOSSLClientExtensionValues, EventLoopPromise<NIOSSLContextConfigurationOverride>
+    ) -> Void
 
 /// A struct that provides helpers for working with a NIOSSLContextCallback.
 internal struct CustomContextManager: Sendable {

Sources/NIOSSL/SSLContext.swift

@@ -139,7 +139,7 @@ private func serverPSKCallback(
 
     guard let serverCallback = parentSwiftContext.pskServerConfigurationCallback,
         let unwrappedIdentity = identity,  // Incoming identity
-        let strIdentity = String(validatingUTF8: unwrappedIdentity),
+        let strIdentity = String(validatingCString: unwrappedIdentity),
         let outputPSK = psk  // Output PSK key.
     else {
         return 0
@@ -198,7 +198,7 @@ private func clientPSKCallback(
     }
 
     // If set, build out a hint otherwise fallback to an empty string and pass it into the client callback.
-    let clientHint: String? = hint.flatMap({ String(validatingUTF8: $0) })
+    let clientHint: String? = hint.flatMap({ String(validatingCString: $0) })
 
     // Take the hint and pass it down to the callback to get associated PSK from callback
     let pskIdentity: PSKClientIdentityResponse?

Sources/NIOSSL/SwiftCrypto/NIOSSLSecureBytes.swift

@@ -240,8 +240,11 @@ extension NIOSSLSecureBytes {
     }
 }
 
+// This conformance is technically redundant - Swift 6.2 compiler finally caught this
+#if compiler(<6.2)
 @available(*, unavailable)
 extension NIOSSLSecureBytes.Backing: Sendable {}
+#endif
 
 extension NIOSSLSecureBytes.Backing {
     @usableFromInline

Sources/NIOSSL/UniversalBootstrapSupport.swift

@@ -123,9 +123,10 @@ public struct NIOSSLClientTLSProvider<Bootstrap: NIOClientTCPBootstrapProtocol>:
     public init(
         context: NIOSSLContext,
         serverHostname: String?,
-        customVerificationCallbackWithMetadata: @escaping (
-            @Sendable ([NIOSSLCertificate], EventLoopPromise<NIOSSLVerificationResultWithMetadata>) -> Void
-        )
+        customVerificationCallbackWithMetadata:
+            @escaping (
+                @Sendable ([NIOSSLCertificate], EventLoopPromise<NIOSSLVerificationResultWithMetadata>) -> Void
+            )
     ) throws {
         try self.init(
             context: context,

Tests/NIOSSLTests/IdentityVerificationTest.swift

@@ -114,15 +114,15 @@ class IdentityVerificationTest: XCTestCase {
         let cert = try NIOSSLCertificate(bytes: .init(multiSanCert.utf8), format: .pem)
         let matched = try validIdentityForService(
             serverHostname: nil,
-            socketAddress: try .makeAddressResolvingHost("192.168.0.1", port: 443),
+            socketAddress: try .init(ipAddress: "192.168.0.1", port: 443),
             leafCertificate: cert
         )
         XCTAssertTrue(matched)
     }
 
     func testAcceptsIpv6Address() throws {
         guard try ipv6Supported() else { return }
-        let ipv6Address = try SocketAddress.makeAddressResolvingHost("2001:db8::1", port: 443)
+        let ipv6Address = try SocketAddress(ipAddress: "2001:db8::1", port: 443)
 
         let cert = try NIOSSLCertificate(bytes: .init(multiSanCert.utf8), format: .pem)
         let matched = try validIdentityForService(
@@ -137,15 +137,15 @@ class IdentityVerificationTest: XCTestCase {
         let cert = try NIOSSLCertificate(bytes: .init(multiSanCert.utf8), format: .pem)
         let matched = try validIdentityForService(
             serverHostname: nil,
-            socketAddress: try .makeAddressResolvingHost("192.168.0.2", port: 443),
+            socketAddress: try .init(ipAddress: "192.168.0.2", port: 443),
             leafCertificate: cert
         )
         XCTAssertFalse(matched)
     }
 
     func testRejectsIncorrectIpv6Address() throws {
         guard try ipv6Supported() else { return }
-        let ipv6Address = try SocketAddress.makeAddressResolvingHost("2001:db8::2", port: 443)
+        let ipv6Address = try SocketAddress(ipAddress: "2001:db8::2", port: 443)
 
         let cert = try NIOSSLCertificate(bytes: .init(multiSanCert.utf8), format: .pem)
         let matched = try validIdentityForService(

Tests/NIOSSLTests/NIOSSLIntegrationTest.swift

@@ -433,8 +433,8 @@ internal func serverTLSChannel(
     )
 }
 
-typealias SendableAdditionalPeerCertificateVerificationCallback = @Sendable (NIOSSLCertificate, Channel) ->
-    EventLoopFuture<Void>
+typealias SendableAdditionalPeerCertificateVerificationCallback =
+    @Sendable (NIOSSLCertificate, Channel) -> EventLoopFuture<Void>
 
 internal func clientTLSChannel(
     context: NIOSSLContext,
@@ -477,7 +477,8 @@ private struct DeprecatedTLSProviderForTests<Bootstrap: NIOClientTCPBootstrapPro
     public init(
         context: NIOSSLContext,
         serverHostname: String?,
-        verificationCallback: @escaping @Sendable (NIOSSLVerificationResult, NIOSSLCertificate) ->
+        verificationCallback:
+            @escaping @Sendable (NIOSSLVerificationResult, NIOSSLCertificate) ->
             NIOSSLVerificationResult
     ) {
         self.context = context
@@ -486,14 +487,14 @@ private struct DeprecatedTLSProviderForTests<Bootstrap: NIOClientTCPBootstrapPro
     }
 
     public func enableTLS(_ bootstrap: Bootstrap) -> Bootstrap {
-        bootstrap.protocolHandlers {
+        bootstrap.protocolHandlers { [context, serverHostname, verificationCallback] in
             // NIOSSLClientHandler.init only throws because of `malloc` error and invalid SNI hostnames. We want to crash
             // on malloc error and we pre-checked the SNI hostname in `init` so that should be impossible here.
             [
                 try! NIOSSLClientHandler(
-                    context: self.context,
-                    serverHostname: self.serverHostname,
-                    verificationCallback: self.verificationCallback
+                    context: context,
+                    serverHostname: serverHostname,
+                    verificationCallback: verificationCallback
                 )
             ]
         }