Track the latest changes from upstream rustls and tokio-rustls #222
Conversation
|
This should also use alpha versions of rustls-native-certs, rustls-pemfile, and webpki-roots. |
src/acceptor/builder.rs
Outdated
| @@ -3,6 +3,9 @@ use std::sync::Arc; | |||
| use hyper::server::conn::AddrIncoming; | |||
| use rustls::ServerConfig; | |||
|
|
|||
| #[cfg(feature = "ring")] | |||
There was a problem hiding this comment.
I don't think these ring guards make sense.
There was a problem hiding this comment.
warning: unused imports: `CertificateDer`, `PrivateKeyDer`
--> src\acceptor\builder.rs:4:17
|
4 | use pki_types::{CertificateDer, PrivateKeyDer};
| ^^^^^^^^^^^^^^ ^^^^^^^^^^^^^
|
= note: `#[warn(unused_imports)]` on by default
This makes sense if ring is not part of the features
There was a problem hiding this comment.
Maybe I should just directly reference the type using full crate path.
There was a problem hiding this comment.
IMO all of the ring guards in this module don't make sense. What errors do you get if you leave them out?
There was a problem hiding this comment.
IMO all of the
ringguards in this module don't make sense. What errors do you get if you leave them out?
A list of errors:
error[E0412]: cannot find type `CertificateDer` in this scope
--> F:\.cache\cargo\registry\src\index.crates.io-6f17d22bba15001f\rustls-0.22.0-alpha.3\src\server\builder.rs:71:25
|
71 | cert_chain: Vec<CertificateDer<'static>>,
| ^^^^^^^^^^^^^^ not found in this scope
|
help: consider importing this struct
|
1 + use pki_types::CertificateDer;
|
error[E0412]: cannot find type `PrivateKeyDer` in this scope
--> F:\.cache\cargo\registry\src\index.crates.io-6f17d22bba15001f\rustls-0.22.0-alpha.3\src\server\builder.rs:72:18
|
72 | key_der: PrivateKeyDer<'static>,
| ^^^^^^^^^^^^^ not found in this scope
|
help: consider importing this enum
|
1 + use pki_types::PrivateKeyDer;
|
error[E0412]: cannot find type `Error` in this scope
--> F:\.cache\cargo\registry\src\index.crates.io-6f17d22bba15001f\rustls-0.22.0-alpha.3\src\server\builder.rs:73:31
|
73 | ) -> Result<ServerConfig, Error> {
| ^^^^^ not found in this scope
|
help: consider importing one of these items
|
1 + use alloc::fmt::Error;
|
1 + use core::error::Error;
|
1 + use core::fmt::Error;
|
1 + use crate::Error;
|
and 4 other candidates
error[E0412]: cannot find type `CertificateDer` in this scope
--> F:\.cache\cargo\registry\src\index.crates.io-6f17d22bba15001f\rustls-0.22.0-alpha.3\src\server\builder.rs:89:25
|
89 | cert_chain: Vec<CertificateDer<'static>>,
| ^^^^^^^^^^^^^^ not found in this scope
|
help: consider importing this struct
|
1 + use pki_types::CertificateDer;
|
error[E0412]: cannot find type `PrivateKeyDer` in this scope
--> F:\.cache\cargo\registry\src\index.crates.io-6f17d22bba15001f\rustls-0.22.0-alpha.3\src\server\builder.rs:90:18
|
90 | key_der: PrivateKeyDer<'static>,
| ^^^^^^^^^^^^^ not found in this scope
|
help: consider importing this enum
|
1 + use pki_types::PrivateKeyDer;
|
error[E0412]: cannot find type `Error` in this scope
--> F:\.cache\cargo\registry\src\index.crates.io-6f17d22bba15001f\rustls-0.22.0-alpha.3\src\server\builder.rs:92:31
|
92 | ) -> Result<ServerConfig, Error> {
| ^^^^^ not found in this scope
|
help: consider importing one of these items
|
1 + use alloc::fmt::Error;
|
1 + use core::error::Error;
|
1 + use core::fmt::Error;
|
1 + use crate::Error;
|
and 4 other candidates
There was a problem hiding this comment.
Oh I reckon, this is the problem:
#[cfg(feature = "ring")]
/// Create a builder for a client configuration with the default
/// [`CryptoProvider`]: [`crate::crypto::ring::RING`].
///
/// For more information, see the [`ConfigBuilder`] documentation.
pub fn builder() -> ConfigBuilder<Self, WantsCipherSuites> {
Self::builder_with_provider(crate::crypto::ring::RING)
}
Should we break the ABI instead (i.e. rename this to builder_with_ring)
There was a problem hiding this comment.
Yep, guess that would do. But I think the bigger problem is that rustls::ClientConfig was not liberal enough as a builder...
There was a problem hiding this comment.
Maybe we should further remove ring as part of the default features...in exchange for a chaos on the crates that depends on hyper-rustls, but this would definitely promote a good use for custom crypto suites provider.
There was a problem hiding this comment.
No, we should mirror the API as it's setup in rustls alpha.4, which uses builder() with ring as a default and offers an alternative option to select a different provider.
(And note that most of those errors have nothing to do with ring, which is why they shouldn't be guarded with it.)
There was a problem hiding this comment.
Acknowledged. Maybe this is the best we could do for now.
|
I did an alternative to this in #233. |
|
Since #233 landed I think we can close this one. Thanks for your contribution! |
This is blocked partially rustls/tokio-rustls#21 and awaiting for a while until the new rustls alpha version is released because there are some key changes (making ring optional, dynamic crypto provider). My own patch fork tracks all the latest changes.