Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

add http-rustls feature #466

Merged
merged 1 commit into from
Mar 26, 2021
Merged

add http-rustls feature #466

merged 1 commit into from
Mar 26, 2021

Conversation

toxeus
Copy link
Contributor

@toxeus toxeus commented Mar 3, 2021

The existing http-tls feature enables TLS support via hyper-tls which in turn pulls in OpenSSL on Linux via native-tls. OpenSSL is written in C and has a long history of vulnerabilities caused by memory corruption.

The new http-rustls feature allows to choose a TLS implementation that is written in Rust.

Depends on #454 being merged first. I'll rebase once that happens.

@tomusdrw
Copy link
Owner

tomusdrw commented Mar 3, 2021

Nice, thanks!

@lclc
Copy link

lclc commented Mar 24, 2021

A new OpenSSL release comes out tomorrow, that fixes yet another critical security issue:

OpenSSL 1.1.1k is a security-fix release. The highest severity issue
fixed in this release is HIGH
https://mta.openssl.org/pipermail/openssl-announce/2021-March/000196.html

it would be great to get rid of OpenSSL with this PR.

@tomusdrw
Copy link
Owner

@toxeus do you mind addressing build issues?

@toxeus
Copy link
Contributor Author

toxeus commented Mar 25, 2021

@lclc @tomusdrw as I wrote in the PR description, this PR can only successfully build if #454 is fixed and merged because it depends on tokio 1.X.

@tomusdrw
Copy link
Owner

@lclc @tomusdrw as I wrote in the PR description, this PR can only successfully build if #454 is fixed and merged because it depends on tokio 1.X.

🤦‍♂️ sorry, let's wait for #454 then.

@tomusdrw
Copy link
Owner

@toxeus just merged #454, mind rebasing? :)

@toxeus
Copy link
Contributor Author

toxeus commented Mar 25, 2021

@tomusdrw done

tomusdrw
tomusdrw reviewed Mar 26, 2021
View reviewed changes
Copy link
Owner

@tomusdrw tomusdrw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! I thought of making this default, but I think ws-tls will pull in openssl anyway, right?

Could you also update the README to mention how to get a no-openssl build?

@toxeus
Copy link
Contributor Author

toxeus commented Mar 26, 2021

Yes, our troublemaker crate is pulling in openssl 😉

I have updated the README.

@toxeus
add http-rustls feature
f3aa493 
The existing `http-tls` feature enables TLS support via
`hyper-tls` which in turn pulls in OpenSSL on Linux via
`native-tls`. OpenSSL is written in C and has a long
history of vulnerabilities caused by memory corruption.

The new `http-rustls` feature allows to choose a TLS
implementation that is written in Rust.
tomusdrw
tomusdrw approved these changes Mar 26, 2021
View reviewed changes
Copy link
Owner

@tomusdrw tomusdrw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect, thanks!

@tomusdrw tomusdrw merged commit 96a4e9c into tomusdrw:master Mar 26, 2021
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@tomusdrw tomusdrw tomusdrw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@toxeus @tomusdrw @lclc