Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Update rustls to 0.23 and quinn to 0.11 #28

Merged
merged 5 commits into from
Nov 13, 2024
Merged

Update rustls to 0.23 and quinn to 0.11 #28

merged 5 commits into from
Nov 13, 2024

Conversation

Cyannide
Copy link

@Cyannide Cyannide commented Nov 9, 2024

Need the rustls-platform-verifier 0.4.0 for CA cert support on Android/iOS.

@Henauxg
Copy link
Owner

Henauxg commented Nov 12, 2024

Thanks, these updates were long overdue.

I updated a few things on your PR:

  • I kept RustlsServerName in ServerName. Did you have a strong reason to move to String ?

  • I also changed the configure_client implementation for the CertificateVerificationMode::SignedByCertificateAuthority case.

    The call to install_default in the following snippet

    let _ = rustls::crypto::CryptoProvider::install_default(rustls::crypto::ring::default_provider());

    was bothering me. Seeing the rustls documentation, libraries should not set the default per-process crypto provider and instead use the one set once by the application or specify a custom one.

    I decided to specify the usual ring default provider rustls::crypto::ring::default_provider(). In order to do this, rustls-platform-verifier 0.4 was added as a direct dependency since Quinn's helper ClientConfig::with_platform_verifier does not let us directly set the provider and instead relies on the per-process one.

@Cyannide
Copy link
Author

  • I kept RustlsServerName in ServerName. Did you have a strong reason to move to String ?

No strong reason, other than to avoid the new need for a lifetime parameter because of the 'static lifetime on DnsName member of ServerName. I just wanted to play it safe so opted to generate the CertStore key up front.

I decided to specify the usual ring default provider rustls::crypto::ring::default_provider(). In order to do this, rustls-platform-verifier 0.4 was added as a direct dependency since Quinn's helper ClientConfig::with_platform_verifier does not let us directly set the provider and instead relies on the per-process one.

Actually I have a PR awaiting final review for rustls-platform-verifier to update the jni dependency to 0.21 so hopefully it will be 0.5.0 in the next few days. And I would actually prefer the ability to use it without waiting for quinn to upgrade to it.

@Henauxg
Copy link
Owner

Henauxg commented Nov 13, 2024

Great. I will merge this and keep an eye on the rustls-platform-verifier release

@Henauxg Henauxg merged commit 6db90da into Henauxg:main Nov 13, 2024
@Henauxg
Copy link
Owner

Henauxg commented Jan 16, 2025

Updated rustls-platform-verifier to 0.5 in the 0.14.0 release

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Cyannide @Henauxg