New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for rustls #218
Conversation
Also bump the minimum Rust version tested in the matrix to 1.53 as time-rs has bumped its own MSRV in a point release again.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As a first pass I've noted a few bits of low hanging fruit in the PR.
As-is, this branch interleaves a bunch of commits that are already present in master, so I've gone ahead and fixed/rebased that in dev-rustls if you'd like to reset
this PR onto that.
Aside from the stuff I've explicitly called out above, there are two more things I'd like to make sure we get right here:
- First is how we handle the XOR behaviour of the two SSL features. Cargo features are supposed to be additive, this could present problems because we are a library crate rather than a whole web framework, so we could feasibly get pulled in by two different dependents, each of which enable a different SSL feature. I'll look into how we make enabling both features a nice transparent compile-time error rather than exploding with a double definition.
- OpenSSL's handling of multithreaded contexts is arcane, to put it politely, and as such the Rust crate errs on the side of caution by marking
SslStream
as not thread safe. rustls::ServerConnection seems to implementSend + Sync
, so if we can get away without the Mutex around the stream that might offer a permanent workaround for issues like Responding to secure requests gets stuck after some time #160 and Running ssl.rs example, no response in the browser. #167 (which appear to be caused by some browsers waiting for a response while they're concurrently streaming a request).
Support extracting multiple certificates from a file, so that issuers which require an intermediate cert can be supported. Also improves our handling of private key data in both pathways, so that it's definitely erased once it has been handed to the SSL library.
@travispaul I've addressed a few of the points I mentioned above in 3e2ca09, including something I noticed while editing which is that the code as is would drop any extra certificates in a |
@bradfier thanks for review and updates, I've reset my branch and pulled in your changes.
That is a good point, looking at the link do you think this approach is reasonable:
Possibly always falling back to OpenSSL since that has is currently what the library uses?
Would that suggest removing for support for OpenSSL altogether? I've not observed that problem, I'll see if I can reproduce. |
This is one approach, I'd like to see what it looks like in practice. I had hoped that something as simple as this would do. diff --git a/src/lib.rs b/src/lib.rs
index 25c748f..75b3368 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -246,6 +246,8 @@ impl Server {
};
// building the SSL capabilities
+ #[cfg(all(feature = "ssl-openssl", feature = "ssl-rustls"))]
+ compile_error!("Features 'ssl-openssl' and 'ssl-rustls' must not be enabled at the same time");
#[cfg(feature = "ssl-openssl")]
type SslContext = openssl::ssl::SslContext;
#[cfg(feature = "ssl-rustls")] However when you try and compile with
Ideally we could avoid this and emit just the warning about the mutually incompatible features, We definitely shouldn't just fall back to OpenSSL as the library consumer might be relying on Rustls to only permit strong TLS methods, which OpenSSL won't do by default.
Almost completely opposite to the above, I think it's important to retain OpenSSL support, as Rustls makes a big deal of not supporting "insecure" TLS modes, sadly in the real world enterprises still use them, so to remove OpenSSL support would actually be a huge breaking change. |
Thanks for the help here @travispaul, I've now merged Rustls support in a9823f2 🎉 Due to the refactor I've managed to get the error spam from enabling both features down to 3 errors, where the explicit warning is shown nice and early. I was not able to find a way to avoid the use of a Mutex for the owned Rustls stream, but some future work could be done here to try and work around it. I need to fix #222 for the OpenSSL implementation then I'll cut a |
Thanks @bradfier and @3xmblzj5! |
Building off the work started in /pull/212