Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: use rustls-platform-verifier cert store #1373

Merged
merged 11 commits into from
May 28, 2024
Merged

refactor: use rustls-platform-verifier cert store #1373

merged 11 commits into from
May 28, 2024

Conversation

niklasad1
Copy link
Member

@niklasad1 niklasad1 commented May 21, 2024
edited
Loading

Close #1340

This PR replaces the current certificate stores rust-native-cert and webpki with rustls-platform-verifier and additionally it adds an API to use a custom certificate store for special use-cases e.g. such as disabling cert verification or use some custom certificate store on some niche platform.

@niklasad1 niklasad1 requested a review from a team as a code owner May 21, 2024 14:31
@niklasad1 niklasad1 added the breaking change Breaking change in the public APIs label May 21, 2024
niklasad1
niklasad1 commented May 21, 2024
View reviewed changes
core/src/client/mod.rs
@@ -522,16 +522,6 @@ impl<T: Clone> RequestIdGuard<T> {
}
}

/// What certificate store to use
Copy link
Member Author

@niklasad1 niklasad1 May 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed this from here because I don't want to expose another feature flag for TLS stuff

jsdw
jsdw reviewed May 24, 2024
View reviewed changes
client/http-client/Cargo.toml Outdated
default = ["native-tls"]
native-tls = ["hyper-rustls/native-tokio", "hyper-rustls/ring", "__tls"]
webpki-tls = ["hyper-rustls/webpki-tokio", "hyper-rustls/ring", "__tls"]
default = ["tls"]

# Internal feature to indicate whether TLS is enabled.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not internal any more then? :)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We had two feature flags for tls (native-tls, webpki-tls) before which was public but we don't need them anymore because we only support rustls-platform-verifier and the internal feature flag is not needed anymore

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah ok, I guess you were referring to the outdated comment, removed now

jsdw
jsdw approved these changes May 24, 2024
View reviewed changes
Copy link
Collaborator

@jsdw jsdw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Little comment to remove on the tls feature and wondering if we need some builder fns but looks good to me!

@niklasad1
Copy link
Member Author

Little comment to remove on the tls feature and wondering if we need some builder fns but looks good to me!

The builder fns in this PR should be sufficient :)

@niklasad1 niklasad1 merged commit 318a6c9 into master May 28, 2024
11 checks passed
@niklasad1 niklasad1 deleted the na-fix-1340-v2 branch May 28, 2024 12:42
@niklasad1 niklasad1 mentioned this pull request Jun 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsdw jsdw jsdw approved these changes

@lexnv lexnv lexnv approved these changes

Assignees
No one assigned
Labels
breaking change Breaking change in the public APIs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Replace rust-native-certs and webpki-roots with rust-platform-verifier
3 participants
@niklasad1 @jsdw @lexnv