Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add http-rustls feature #466

Merged
merged 1 commit into from
Mar 26, 2021
Merged

add http-rustls feature #466

merged 1 commit into from
Mar 26, 2021

Conversation

toxeus
Copy link
Contributor

@toxeus toxeus commented Mar 3, 2021

The existing http-tls feature enables TLS support via hyper-tls which in turn pulls in OpenSSL on Linux via native-tls. OpenSSL is written in C and has a long history of vulnerabilities caused by memory corruption.

The new http-rustls feature allows to choose a TLS implementation that is written in Rust.

Depends on #454 being merged first. I'll rebase once that happens.

@tomusdrw
Copy link
Owner

tomusdrw commented Mar 3, 2021

Nice, thanks!

@lclc
Copy link

lclc commented Mar 24, 2021

A new OpenSSL release comes out tomorrow, that fixes yet another critical security issue:

OpenSSL 1.1.1k is a security-fix release. The highest severity issue
fixed in this release is HIGH
https://mta.openssl.org/pipermail/openssl-announce/2021-March/000196.html

it would be great to get rid of OpenSSL with this PR.

@tomusdrw
Copy link
Owner

@toxeus do you mind addressing build issues?

@toxeus
Copy link
Contributor Author

toxeus commented Mar 25, 2021

@lclc @tomusdrw as I wrote in the PR description, this PR can only successfully build if #454 is fixed and merged because it depends on tokio 1.X.

@tomusdrw
Copy link
Owner

@lclc @tomusdrw as I wrote in the PR description, this PR can only successfully build if #454 is fixed and merged because it depends on tokio 1.X.

🤦‍♂️ sorry, let's wait for #454 then.

@tomusdrw
Copy link
Owner

@toxeus just merged #454, mind rebasing? :)

@toxeus
Copy link
Contributor Author

toxeus commented Mar 25, 2021

@tomusdrw done

tomusdrw
tomusdrw reviewed Mar 26, 2021
View reviewed changes
Copy link
Owner

@tomusdrw tomusdrw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! I thought of making this default, but I think ws-tls will pull in openssl anyway, right?

Could you also update the README to mention how to get a no-openssl build?

@toxeus
Copy link
Contributor Author

toxeus commented Mar 26, 2021

Yes, our troublemaker crate is pulling in openssl 😉

I have updated the README.

@toxeus
add http-rustls feature
f3aa493 
The existing `http-tls` feature enables TLS support via
`hyper-tls` which in turn pulls in OpenSSL on Linux via
`native-tls`. OpenSSL is written in C and has a long
history of vulnerabilities caused by memory corruption.

The new `http-rustls` feature allows to choose a TLS
implementation that is written in Rust.
tomusdrw
tomusdrw approved these changes Mar 26, 2021
View reviewed changes
Copy link
Owner

@tomusdrw tomusdrw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect, thanks!

@tomusdrw tomusdrw merged commit 96a4e9c into tomusdrw:master Mar 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomusdrw tomusdrw tomusdrw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@toxeus @tomusdrw @lclc