Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump hyper-rustls from 0.25.0 to 0.27.3 #1110

Draft
wants to merge 8 commits into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 9, 2024

Bumps hyper-rustls from 0.25.0 to 0.27.3.

Release notes

Sourced from hyper-rustls's releases.

v/0.27.3

What's Changed

0.27.2

What's Changed

0.27.1

Added

  • New ConnectorBuilder::with_server_name_resolver() fn for specifying an implementation of the ResolveServerName trait to dynamically resolve the subject name used when verifying a server's certificate.
  • New fips feature flag for enabling the aws-lc-rs Rustls crypto provider in FIPS mode.

Changed

  • ConnectorBuilder::with_server_name() is now deprecated. Existing usages should be replaced with ConnectorBuilder::with_server_name_resolver() and a FixedServerNameResolver.

What's Changed

New Contributors

Full Changelog: rustls/hyper-rustls@v/0.27.0...v/0.27.1

0.27.0

Changed

  • Rustls updated to 0.23
  • Default cryptography provider changed to aws-lc-rs to match upstream Rustls project. Note that this has some implications on platform support and build-time tool requirements such as cmake on all platforms and nasm on Windows. Support for ring continues to be available: set the ring crate feature.

Added

  • New with_platform_verifier connector builder fns for using rustls-platform-verifier for certificate verification. Requires the optional rustls-platform-verifier feature be enabled.
  • New HttpsConnector::builder fn for conveniently constructing a ConnectorBuilder.

... (truncated)

Commits
  • dc54bc0 Bump version to 0.27.3
  • a1d9263 Import std::io directly
  • 6d1267c Avoid io::Result type alias
  • 139550b Upgrade to rustls-native-certs 0.8
  • 516e3ac Alphabetically sort features
  • 3a4d5d7 Move features before dependencies
  • f8c2036 chore: sort features
  • 1d57d93 enable rustls-platform-verifier for docs.rs
  • a6a5687 Take impl Into<Arc> in connector builder
  • b4f5132 Add ConnectorBuilder::with_provider_and_platform_verifier
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 9, 2024
Bumps [hyper-rustls](https://github.com/rustls/hyper-rustls) from 0.25.0 to 0.27.3.
- [Release notes](https://github.com/rustls/hyper-rustls/releases)
- [Commits](rustls/hyper-rustls@v/0.25.0...v/0.27.3)

---
updated-dependencies:
- dependency-name: hyper-rustls
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/cargo/hyper-rustls-0.27.3 branch from 0f18ee1 to aeb7d64 Compare September 26, 2024 18:55
@ahl
Copy link
Collaborator

ahl commented Sep 26, 2024

@dependabot recreate

@dependabot dependabot bot force-pushed the dependabot/cargo/hyper-rustls-0.27.3 branch from aeb7d64 to 05630e6 Compare September 26, 2024 18:58
Bumps [hyper-rustls](https://github.com/rustls/hyper-rustls) from 0.25.0 to 0.27.3.
- [Release notes](https://github.com/rustls/hyper-rustls/releases)
- [Commits](rustls/hyper-rustls@v/0.25.0...v/0.27.3)

---
updated-dependencies:
- dependency-name: hyper-rustls
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/cargo/hyper-rustls-0.27.3 branch from 05630e6 to b558b82 Compare September 26, 2024 19:10
@ahl
Copy link
Collaborator

ahl commented Sep 27, 2024

This turns out to be a broken on illumos--interesting!

@ahl ahl self-assigned this Sep 27, 2024
@ahl ahl requested a review from davepacheco September 27, 2024 16:23
Copy link
Collaborator

@ahl ahl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I imagine we'll want to test that omicron works at all with this stuff rather than landing in a spot where dropshot has a required dependency that's broken for us

@@ -29,7 +29,7 @@ indexmap = "2.5.0"
multer = "3.1.0"
paste = "1.0.15"
percent-encoding = "2.3.1"
rustls = "0.22.4"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

these remove the default dependency on aws-lc-rs... which does not build on illumos

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add a comment here explaining why we're disabling this? Whether it's the short-term reason that aws-lc-rs doesn't build on illumos or a long-term preference to avoid it.

@@ -93,7 +93,7 @@ anyhow = "1.0.89"
async-channel = "2.3.1"
buf-list = "1.0.3"
expectorate = "1.1.0"
hyper-rustls = "0.26.0"
hyper-rustls = { version = "0.27.3", default-features = false, features = ["http1", "ring"] }
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this adds what we need for testing across platforms

@davepacheco
Copy link
Collaborator

From offline discussion I gathered a bit more context I wanted to leave here for the record:

  • Previously hyper-rustls used ring for crypto. In this update, hyper-rustls includes support for both ring and aws-lc-rs, with the latter being the default.
  • The released version of aws-lc-rs does not build on illumos due to support building on illumos systems aws/aws-lc#1854. This fix was landed but not yet released.
  • Disabling the features in various rustls-related crates here prevents us from pulling in the broken aws-lc-rs, which allows this to build. This also makes it easier (possible?) for consumers to decide which of the rustls crypto backends it wants to use based on what features they choose.

@@ -29,7 +29,7 @@ indexmap = "2.5.0"
multer = "3.1.0"
paste = "1.0.15"
percent-encoding = "2.3.1"
rustls = "0.22.4"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add a comment here explaining why we're disabling this? Whether it's the short-term reason that aws-lc-rs doesn't build on illumos or a long-term preference to avoid it.

@@ -42,7 +42,7 @@ slog-async = "2.8.0"
slog-bunyan = "2.5.0"
slog-json = "2.6.1"
slog-term = "2.9.1"
tokio-rustls = "0.25.0"
tokio-rustls = { version = "0.26.0", default-features = false }
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another comment here maybe?

@@ -93,7 +93,7 @@ anyhow = "1.0.89"
async-channel = "2.3.1"
buf-list = "1.0.3"
expectorate = "1.1.0"
hyper-rustls = "0.26.0"
hyper-rustls = { version = "0.27.3", default-features = false, features = ["http1", "ring"] }
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another comment here maybe?

@ahl
Copy link
Collaborator

ahl commented Sep 28, 2024

We need one of the crypto algorithms enabled by default or else consumers who don't have rustls as an explicit dep will encounter a runtime failure

@ahl ahl marked this pull request as draft September 28, 2024 18:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants