Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: rustls 0.23.1, next version of tokio-rustls #112

Closed
wants to merge 5 commits into from
Closed

fix: rustls 0.23.1, next version of tokio-rustls #112

wants to merge 5 commits into from
+71 −67

Conversation

pimeys
Copy link

@pimeys pimeys commented Mar 7, 2024
edited
Loading

Hey,

We can merge this only when the next version of tokio-rustls is out. I'm just opening it up already because we upgraded our whole project and need this dependency. Having this PR in our Cargo.toml so we can review and step back to crates.io when the dependency issues in the ecosystem are all merged and published.

Supersedes: #106

@eric-seppanen @pimeys
Revert "fix: rustls 0.22 issues, not ready yet, need tokio-rustls 0.2…
bd0c885 
…5 first which is unreleased."

tokio-rustls 0.25.0 is released now, so we can switch back to rustls
0.22.

This reverts commit 3003040.
@pimeys pimeys marked this pull request as draft March 7, 2024 14:31
@eric-seppanen @pimeys
upgrade to rustls 0.22.1, tokio-rustls 0.25.0
c36a301 
This includes a breaking change to RustlsConfig::from_der; this is
because rustls 0.22 no longer has a way to accept a private key in DER
Vec<u8> form.
@pimeys pimeys force-pushed the rustls-0.23 branch 3 times, most recently from 6b327c5 to 858c9bc Compare March 7, 2024 16:07
@diptanu
Copy link

diptanu commented Mar 24, 2024

@pimeys Can we merge this now? We are stuck with an older version of rusttls because of this.

MaxFangX pushed a commit to lexe-app/axum-server that referenced this pull request Mar 26, 2024
@eric-seppanen @MaxFangX
cargo: rustls->0.22.1, tokio-rustls->0.25.0
10dca0a 
This patch is from this axum-server draft PR, credit to @eric-seppanen:
- programatik29#106

It looks like axum-server will skip directly to 0.23, so this patch can
be removed then. programatik29#112
@MaxFangX
Copy link

@diptanu you can integrate the changes from this PR into your own project with a patch like so:

[dependencies]
axum-server = "=0.6.0"

[patch.crates-io]
axum-server = { git = "https://github.com/grafbase/axum-server", branch = "rustls-0.23" }

More info on patches

@diptanu
Copy link

diptanu commented Apr 7, 2024

@MaxFangX Thanks! It would be great if this PR was merged in because SSL and being able to use latest version of the rust-tls library would be great.

@tmpfs tmpfs mentioned this pull request Apr 8, 2024
Open
@julianh-y
Copy link

+1 on getting this merged.

@atezet
Copy link

atezet commented Apr 22, 2024

In the meantime tokio-rustls = 0.26.0 was released and we got RUSTSEC-2024-0336

@pimeys will you update this PR?

@programatik29 can we get this merged somehow?

@dignifiedquire dignifiedquire mentioned this pull request May 8, 2024
Open
12 tasks
@liningpan
Copy link

Before this can be merged, I guess we need to figure out what to do with rustls changing the default crypto provider from ring to aws-lc-rs. So far both reqwest and tonic decided to keep using ring as the default for various reasons

One of the reasons listed was aws-lc-rs requires CMake to compile. This was later fixed in aws/aws-lc-rs#317.

@pimeys
Copy link
Author

pimeys commented Jul 18, 2024

Yep. We also have a similar issue in our workspace with the changed tls impl, it's kind of annoying to set to ring if the workspace is large

@julianh-y
Copy link

IMHO, axum-server should stick with the default provider aws-lc-ls now that CMake is not a build dependency anymore.

Perhaps update the README with a note about the rustls providers and perhaps some code snippet showing how to set up a provider for your app. i.e:

            // configure default provider for RUSTLS
            rustls::crypto::aws_lc_rs::default_provider()
                .install_default()
                .expect("install rustls default crypto provider");

@programatik29
Copy link
Owner

#124 should close this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
9 participants
@pimeys @diptanu @MaxFangX @julianh-y @atezet @liningpan @programatik29 @eric-seppanen @jakubadamw