Rustup: Implement optional support for rustls

Created on 10 Jul 2016  路  9Comments  路  Source: rust-lang/rustup

Rustls is a pure-Rust TLS library. Just like today we support either curl or hyper + nativetls, add optional runtime support for hyper + rustls. The openssl dep is one of the most troublesome pieces of native code in Rust. It'll be nice to get rid of it.

This will require adding the dependency to rustup_utils, then modifying rustup_utils::raw::download_file to use hyper + rustls when RUSTUP_USE_RUSTLS environment variable is set. Follow the example of RUSTUP_USE_HYPER.

help wanted
Source
picture brson
👍5

Most helpful comment

rustls has now had an audit: http://jbp.io/2020/06/14/rustls-audit.html

picture est31 on 14 Jun 2020
👍3

All 9 comments

For first, need to fix his API. To use an environment variable to support it seems to me superfluous. When rustls stabilizes, you'll be able to remove openssl dependence in the rustup.

RustPowers picture RustPowers on 10 Jul 2016

I'm doing a bit of work on the API right now to clean it up so each HTTP implementation doesn't have to do deal with writing to file and hashing.

@RustPowers The environment variable is there to test the less mature hyper implementation. I don't expect it to stay around forever.

brson picture brson on 10 Jul 2016

This PR adds code for a 3rd HTTPS backend, and plugs rustls into hyper. Doesn't work yet. Next step is to write code for loading the system root cert store (this might itself be a useful standalone crate).

brson picture brson on 11 Jul 2016

A brief FYI: I've been working on a PoC cross-platform CA cert loading crate, and the results are promising so far: I can enumerate and dump the system CA stores on macOS and Windows in PEM format, and have the code to distinguish between Unix-like systems (which is needed to get at their CA stores.) I'll need another day or two to get everything in shape for integration with rustup.

inejge picture inejge on 13 Jul 2016
👀1

@inejge omg woo!

brson picture brson on 15 Jul 2016

PR opened, CA loading works but rustls connections hang after TLS negotiation, when the first user data is sent/received. (No relation to cert loading, it also happens with hardcoded values.) Will try to investigate further.

inejge picture inejge on 15 Jul 2016

There's a very good chance the read/write code I wrote earlier is wrong since it's never been tested.

brson picture brson on 16 Jul 2016

rustls has now had an audit: http://jbp.io/2020/06/14/rustls-audit.html

est31 picture est31 on 14 Jun 2020
👍3

Made a PR for it: #2517

est31 picture est31 on 15 Oct 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jjl picture jjl  路  3Comments
ghost picture ghost  路  3Comments
lilred picture lilred  路  3Comments
matthiaskrgr picture matthiaskrgr  路  3Comments
netgusto picture netgusto  路  4Comments