Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
track upstream Rustls 0.22.x alpha changes. (#341)
* deps: use rustls/webpki/rustls-pemfile alphas. rustls 0.21.5 -> 0.22.0-alpha.4 webpki 0.101.0 -> 0.102.0-alpha.6 rustls-pemfile 1.0.3 -> 2.0.0-alpha.1 adds rustls-pki-types 0.2.1 * error: track upstream removal of cert SCT support. This commit removes the error handling related to certificate SCTs. The upstream Rustls project removed embedded SCT support in 0.22.x. * client: WebPkiVerifier -> WebPkiServerVerifier. * client: fixes for updated verifier traits. The upstream traits no longer have any default fn implementations, because they relied on webpki/*ring* and Rustls is making that optional. In this branch we're continuing to keep a webpki/*ring* dep. and so can reconstitute the default fns by deferring to the webpki impls as appropriate. * use danger modules for dangerous bits This commit updates several imports that were once provided when the `dangerous_configuration` feature was enabled to use their new homes in specific `danger` modules. The upstream feature flag was removed and these new `danger` modules are always available. * fix ALL_CIPHER_SUITES, DEFAULT_CIPHER_SUITES imports Both the `ALL_CIPHER_SUITES` and `DEFAULT_CIPHER_SUITES` symbols are now specific to a crypto provider. Since for the time being rustls-ffi will stick with using *ring* for the crypto provider this commit updates the imports to use the symbols provided by `rustls::crypto::ring` instead of the crate root. * switch to pki-types This commit updates rustls-ffi to use the shared pki-types crate, similar to the upstream rustls projects. * builder for root_cert_store This commit implements a builder pattern for `root_cert_store` so that we can have a path to both a mutable root cert store while trust anchors are being added, and a const root cert store suitable for an `Arc` once completed. * rework client cert verifiers w/ builder API This commit reworks the rustls-ffi API for client certificate validation to track the new builder based API that landed in Rustls rustls/rustls#1368 * implement Debug where required by upstream bounds The upstream Rustls project has added `Debug` bounds to many traits. This commit updates rustls-ffi implementations to derive `Debug`, or implement it by hand, as required. * cipher: adjust to provider-specific cipher suite imports The upstream rustls crate moved the `cipher_suite` module and defines into provider specific packages. Since rustls-ffi is presently hardcoded to use the *ring*-based crypto provider this commit updates the cipher suite references to use `rustls::crypto::ring::cipher_suite` in place of `rustls::cipher_suite`. * error: ClientCertVerifierBuilderError -> VerifierBuilderError This commit updates references to `ClientCertVerifierBuilderError` to track the upstream rename to `VerifierBuilderError`. * update import of rustls::sign::any_supported_type This re-export was removed and instead we need to use `rustls::crypto::ring::sign::any_supported_type` since this is a property of the *ring* specific crypto provider. * add builder for server cert verifier, root builder from file * Implement a builder pattern and built representation for the webpki server cert verifier. * Update the client config builder to consume a built server cert verifier. * Update the roots builder to support loading roots from a file in addition to pem buffer. * regenerate rustls.h * update client for server cert verifier builder * revocation status and unknown status control w/ verifier builders * control root hint subjects w/ client verifier builder * cbindgen update for comment tweaks
- Loading branch information
