Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(actix-tls): support for rustls 0.23 #554

Merged
merged 13 commits into from
May 12, 2024

Conversation

SleeplessOne1917
Copy link
Contributor

PR Type

Feature

PR Checklist

Check your PR fulfills the following:

  • Tests for the changes have been added / updated.
  • Documentation comments have been added / updated.
  • A changelog entry has been made for the appropriate packages.
  • Format code with the latest stable rustfmt

Overview

This adds a feature to allow users of this library to use rustls v0.23. I followed what was already done with v0.22 to figure out the changes I had to make. Once this makes it into a release, I plan on using these changes to make a similar change in actix-web to resolve problems like this issue.

@SleeplessOne1917
Copy link
Contributor Author

I'm not sure why only the Windows builds are failing.

@asonix
Copy link
Contributor

asonix commented May 2, 2024

tokio-rustls 0.26.0 defaults to enabling aws-lc-rs as the crypto backend instead of ring. On windows this doesn't build without nasm installed.

One solution could be to disable default features for rustls and tokio rustls so that the user can choose their preferred crypto provider

Another could be to disable default features and add a ring feature

@robjtede
Copy link
Member

robjtede commented May 2, 2024

Lets just install nasm on Windows. See: https://github.com/robjtede/inspect-cert-chain/blob/e49cdf0bad5e65e6b3cc3b08096f35ad61aae3e2/.github/workflows/ci.yml#L34-L36

@SleeplessOne1917
Copy link
Contributor Author

Builds are still failing for msrv Windows (excluding MinGW). The CI log doesn't display anything useful, but I got this error running one locally:

  thread 'main' panicked at /home/insomnia/.cargo/registry/src/index.crates.io-6f17d22bba15001f/aws-lc-sys-0.15.0/builder/main.rs:401:5:
  aws-lc-sys build failed. Please enable the 'bindgen' feature on aws-lc-rs or aws-lc-sys.For more information, see the aws-lc-rs User Guide: https://aws.github.io/aws-lc-rs/index.html

Since tokio-rustls doesn't allow us to include the bindgen feature, I'll make a PR on tokio-rustls to make it useable.

@SleeplessOne1917
Copy link
Contributor Author

SleeplessOne1917 commented May 3, 2024

@robjtede The 2 failing tests aren't marked as required, and they use the minimum supported rust version. Are there any other changes I need to make for this to be good to merge?

@SleeplessOne1917
Copy link
Contributor Author

@robjtede is this good to merge? I saw in the issue I linked in the PR description that rustls's different backends make using it difficult and that the maintainers haven't decided how to handle the problem yet.

Are the changes in this PR a sufficient stopgap for the time being?

@asonix
Copy link
Contributor

asonix commented May 8, 2024

IMO since actix requires a user-supplied ServerConfig it doesn't actually need to care about which crypto backend is in use, and can probably get away with disabling default features.

@robjtede robjtede changed the title actix-tls: Add feature for using rustls 0.23 feat(actix-tls): support for rustls 0.23 May 12, 2024
@robjtede robjtede enabled auto-merge May 12, 2024 18:38
@robjtede robjtede added this pull request to the merge queue May 12, 2024
Merged via the queue into actix:master with commit db79886 May 12, 2024
12 checks passed
@SleeplessOne1917 SleeplessOne1917 deleted the rustls-0.23 branch May 12, 2024 21:44
@Tirka
Copy link

Tirka commented May 20, 2024

If you stuck with following runtime panic after updating rustls to 0.23

thread 'main' panicked at /home/username/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rustls-0.23.7/src/crypto/mod.rs:260:14:
no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Here's how I solved the problem:

// pick and uncomment preferred crypto provider
// use rustls::crypto::aws_lc_rs as crypto_provider;
// use rustls::crypto::ring as crypto_provider;
crypto_provider::default_provider()
     .install_default()
     .unwrap();

Put this code before creating rustls::ServerConfig

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants