-
Notifications
You must be signed in to change notification settings - Fork 183
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rustls upgrade in 2.10 is a breaking change? #765
Comments
Yeah. I don't know what to do there. Re-exporting rustls like this has proven to be a bad idea. I guess re-exporting anything which is semver 0.x.x is not good, since 0.x means patch versions are allowed to be breaking. I really don't want to bump major version ureq for this, since I believe many users will not be affected in the same way as yourself. I can only apologise and promise to do better in ureq 3.x, which I'm working actively on right now (#762). I will add to the list for 3.x to be super conservative regarding re-exporting dependencies. I am sorry! |
hello @algesten, thanks for a super quick reply. No need to apologize - you owe me nothing! FWIW, I suspect that exposing a third-party library API within your own API is always a bit too close to running with scissors, as it means you are not fully in control of your library's API surface. However, perhaps that's just me, coming from the Java world and being overly cautious or conservative 🤷 👴 |
Thanks!
Yeah, it's a bit rock and hard place, because I really don't want to build API and abstractions for all the ins-and-outs of TLS. rustls, native-tls heck even openssl are all 0.x. I seen some tls-api crate but not sure there is a "certain" well supported way forward there. |
a workaround for algesten/ureq#765
It seems to break something else without this specific configuration. https://github.com/huggingface/text-generation-inference/actions/runs/9856277290/job/27212925674#step:13:453 I haven't understood yet what exactly is causing the issue, but I don't link it's due to dependency. But keepign ureq==2.9 doesn't trigger the issue. Has something changed in the default crypto providers ? (The linked repo depends on hf-hub which depends on Thanks a lot for this lib ! |
same issue with the |
@Narsil @xangelix the issue you observe is very likely a consequence of updating rustls to 0.23. See the Rustls Release Notes:
There is a related discussion at rustls/rustls#1938 |
@jerrinot Thanks for the link I saw that issue, but it seems slightly odd that every binary now has to change the code to choose a rustls implementation for the provider. If that's the case then the semver breaking might be a bit more serious, no ? |
Open to suggestions I can do that would improve the situation. ureq PR that bumped the dep was #753 I assumed ureq users would like to keep on top of the latest rustls changes, but I guess we could downgrade the dep to 0.22 to not have ureq be the first lib that require people to tackle the whole ring vs awc-lc-rs deal. |
Oh and I documented my feelings on the subject here: #751 (comment) |
Hi 👋 I'm interested in trying to help here, but also find myself entering the thread with trepidation. I don't want to drag heated discussion to your repo by trying to weigh in, but I also want to support folks figuring out what will work best for their applications. Just wanted to put that up front as a vulnerable disclaimer from a human being :-)
There's a bit more nuance here, as mentioned in the docs you quoted (emphasis added by me):
If the feature configuration of your project is such that only one of
I think it would be helpful to separate the challenges of the crypto provider interface (mainly, the nuance of the process-wide default) from the choice to make aws-lc-rs the default provider. My thinking here is that even if ring were the default the situation of an ambiguous process-wide default in the presence of crates enabling both ring and aws-lc-rs would remain. (I'd really like to avoid rehashing 751 over here so it's helpful in my mind if that choice isn't on topic).
I think there's two things we could think about:
|
Yeah. Sorry. I am too quick to jump into my feelings. Let's focus on making it better :)
Does that mean it would be better if ureq did not default to ring, to not confuse the default choice made by the user?
Yeah. Sorry. I meant to give context, which would be better to do without emotion.
This is similar to a situation we had in ureq when deciding how to handle Following from that logic, is there a way we can force rustls to use ring even when the user changes the default, and make the I understand that would proclude the user from configuration to make their entire app FIPS-compliant, but I suspect that set of users is much smaller than the set of users being affected by this situation.
Yeah a PR for this would be great. But maybe there is some fix along the lines I outlined above I should do first?
That's great. I'm currently building our ureq 3.x and what I learned here is to reduce this re-exporting business, especially of 0.x crates. I'd be very grateful for any pointers to prior art. |
To be explicit I've found your posts to be very reasonable, it's just a tough subject and not everyone is engaging in the most constructive manner. The energy pools for that kind of topic are quickly drained (as I'm sure you can relate!).
I think our guidance for libraries like ureq is to take rustls as a dependency with no default features enabled, and then let consumers either take their own direct dep on rustls to activate a specific feature flag for a backend, or to have ureq expose its own optional features that enable the relevant rustls features. That's the model hyper-rustls uses as one example. If you're using the builder methods that assume the crypto provider default that puts all of the control into the downstream project's hands. I'm not sure if this is better across all dimensions, but one option.
Let me refresh my understanding of the
That's fair, I think it's reasonable to prioritize different things here.
Sounds good. I think both I appreciate the conversation :-) Sorry for a half-reply promising better answers, it's the end of my day and I didn't want to leave this hanging. |
This comment was marked as off-topic.
This comment was marked as off-topic.
I did some more thinking on this. Here's some information to work with. As expected there are a handful of trade-offs to consider and no one solution that works for everyone (c'est la vie 😮💨 ).
I think the The Users that are passing in their own
Hopefully users providing their own customized config are a bit more "plugged in" to the Rustls API changes over breaking releases and so could contend with the above better than the folks that are relying on default interfaces. Does that make sense? The main potential issues I see across the board stem from Countering those issues, I do see an upside here that Sorry for the essay length reply 😆 I wanted to try and lay out all the pros/cons as I see them as impartially as possible. WDYT? |
Done: #767
Rolled this into #767 for consideration. |
Hi, ran across this while playing with IIUC with However, with Would it be possible for Or is there a reason why such approach wouldn't work in Thanks - and many thanks for |
Maybe it wasn't clear by the above discussion.
Making ureq ship every possible TLS backend (or variation of backend) is not a goal (the less such variations we have to maintain, the better). For now there are two TLS variants
ureq 3.x is making the transports (and TLS wrapping) easier to plug in. I'm hoping this will alleviate the problems people are experiencing.
I'm sure all sorts of solutions could work, but I'm uneasy about making more big changes in the 2.x tree for feature flags, fallbacks, etc since I had enough of accidental breaking changes in non-major versions. If you want to contribute a better solve than defaulting to ring, you can open a PR in the 3.x branch. I'm about to promote that branch to a public beta on crates.io. |
Locking this thread since I'd want discussions about potential other solves to be in new issues/PR. |
Hello,
I believe ureq 2.10 introduces a breaking change that should be reflected in the library's versioning.
Why do I think this is a breaking change?
Example of the breakage:
After the release of ureq 2.10, our library users automatically receive ureq 2.10 as it is considered compatible with 2.9. As a result, our library users end up with two different versions of rustls:
This leads to a scenario where the library instantiates ClientConfig from rustls 0.22 and attempts to pass it to AgentBuilder.tls_config(), which expects a client config from rustls 0.23, resulting in compatibility issues.
I am not very well versed in Rust ecosystem, but I believe that if you expose a 3rd party library in your API and this library declares a breaking change then your library should declare it too.
The text was updated successfully, but these errors were encountered: