Skip to content

Implement optional support for rustls #568

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
brson opened this issue Jul 10, 2016 · 9 comments · Fixed by #2517
Closed

Implement optional support for rustls #568

brson opened this issue Jul 10, 2016 · 9 comments · Fixed by #2517
Labels
help wanted

Comments

@brson
Copy link
Contributor

brson commented Jul 10, 2016

Rustls is a pure-Rust TLS library. Just like today we support either curl or hyper + nativetls, add optional runtime support for hyper + rustls. The openssl dep is one of the most troublesome pieces of native code in Rust. It'll be nice to get rid of it.

This will require adding the dependency to rustup_utils, then modifying rustup_utils::raw::download_file to use hyper + rustls when RUSTUP_USE_RUSTLS environment variable is set. Follow the example of RUSTUP_USE_HYPER.
@RustPowers
Copy link

For first, need to fix his API. To use an environment variable to support it seems to me superfluous. When rustls stabilizes, you'll be able to remove openssl dependence in the rustup.

@brson
Copy link
Contributor Author

brson commented Jul 10, 2016

I'm doing a bit of work on the API right now to clean it up so each HTTP implementation doesn't have to do deal with writing to file and hashing.

@RustPowers The environment variable is there to test the less mature hyper implementation. I don't expect it to stay around forever.

This was referenced Jul 10, 2016
Merged
Merged
@brson
Copy link
Contributor Author

brson commented Jul 10, 2016

This PR adds code for a 3rd HTTPS backend, and plugs rustls into hyper. Doesn't work yet. Next step is to write code for loading the system root cert store (this might itself be a useful standalone crate).

@inejge
Copy link
Contributor

inejge commented Jul 13, 2016

A brief FYI: I've been working on a PoC cross-platform CA cert loading crate, and the results are promising so far: I can enumerate and dump the system CA stores on macOS and Windows in PEM format, and have the code to distinguish between Unix-like systems (which is needed to get at their CA stores.) I'll need another day or two to get everything in shape for integration with rustup.

@brson
Copy link
Contributor Author

brson commented Jul 14, 2016

@inejge omg woo!

@inejge inejge mentioned this issue Jul 15, 2016
Merged
@inejge
Copy link
Contributor

inejge commented Jul 15, 2016

PR opened, CA loading works but rustls connections hang after TLS negotiation, when the first user data is sent/received. (No relation to cert loading, it also happens with hardcoded values.) Will try to investigate further.

@brson
Copy link
Contributor Author

brson commented Jul 16, 2016

There's a very good chance the read/write code I wrote earlier is wrong since it's never been tested.

@inejge inejge mentioned this issue Jul 18, 2016
Merged
@x448 x448 mentioned this issue Apr 27, 2020
Closed
@est31
Copy link
Member

est31 commented Jun 14, 2020

rustls has now had an audit: http://jbp.io/2020/06/14/rustls-audit.html

@est31 est31 mentioned this issue Oct 9, 2020
Merged
5 tasks
@est31
Copy link
Member

est31 commented Oct 15, 2020

Made a PR for it: #2517

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Re-add rustls support (enabled by setting RUSTUP_USE_RUSTLS) est31/rustup
4 participants
@brson @inejge @est31 @RustPowers