Skip to content

Upgrade rustls to 0.23#132

Merged
notmandatory merged 1 commit intobitcoindevkit:masterfrom
nickfarrow:update-rustls
May 27, 2024
Merged

Upgrade rustls to 0.23#132
notmandatory merged 1 commit intobitcoindevkit:masterfrom
nickfarrow:update-rustls

Conversation

@nickfarrow
Copy link
Copy Markdown
Contributor

@nickfarrow nickfarrow commented Apr 17, 2024
edited
Loading

With rustls 0.23 there is no longer a dependency on ring, allowing easier compilation for various targets.

Not super confident with my updates to ServerCertVerifier and Der of certificates (is this being tested?), needs review.

@nickfarrow nickfarrow mentioned this pull request Apr 17, 2024
Merged
@nickfarrow nickfarrow marked this pull request as ready for review April 18, 2024 04:41
@RCasatta
Copy link
Copy Markdown
Member

RCasatta commented Apr 22, 2024

Version 0.21 has also other issues...

Crate:     rustls
Version:   0.21.7
Title:     `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input
Date:      2024-04-19
ID:        RUSTSEC-2024-0336
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0336
Severity:  7.5 (high)
Solution:  Upgrade to >=0.23.5 OR >=0.22.4, <0.23.0 OR >=0.21.11, <0.22.0

RCasatta
RCasatta reviewed Apr 22, 2024
View reviewed changes
src/raw_client.rs Outdated

#[cfg(feature = "use-openssl")]
use openssl::ssl::{SslConnector, SslMethod, SslStream, SslVerifyMode};
use rustls::pki_types::{Der, TrustAnchor};
Copy link
Copy Markdown
Member

@RCasatta RCasatta Apr 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As seen from failing CI jobs, this must be gated

@nickfarrow
upgrade rustls to 0.23
28b1aaa 
* With rustls 0.23 there is no longer a dependency on ring, allowing for
  easier compilation for various targets.
@oleonardolima oleonardolima mentioned this pull request May 22, 2024
Merged
3 tasks
notmandatory
notmandatory approved these changes May 27, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@notmandatory notmandatory left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK 28b1aaa

@notmandatory notmandatory merged commit 1bbae7d into bitcoindevkit:master May 27, 2024
@nickfarrow
Copy link
Copy Markdown
Contributor Author

nickfarrow commented Jul 29, 2024

Apologies for the substantial mess this caused!

When making this PR it allowed some android target to build where I was having substantial trouble with ring. It has broken many other targets however and this was not readily apparent.

I think in the future I should take more time to test across other targets?

Big thanks for your work resolving this @thunderbiscuit

@thunderbiscuit
Copy link
Copy Markdown
Member

thunderbiscuit commented Jul 29, 2024

Yeah ring has caused me problems in the past too with the Android NDK, so I totally understand.

I don't think we could have predicted this, and certainly testing with all possible architecture would be insane. I'm puzzled by the decision in rustls to straight replace the default provider for something that doesn't build everywhere, but then again their docs (aws-lc-rs and co.) are very good and should in theory allow us to build for all platforms; it's just been harder than advertised IMO 😆.

@notmandatory notmandatory mentioned this pull request Aug 6, 2024
Merged
notmandatory added a commit that referenced this pull request Aug 6, 2024
@notmandatory
Merge #141: Bump version to 0.21.0 and update CHANGELOG.md
0b97659 
4dd7e21 Bump version to 0.21.0 and update CHANGELOG.md (Steve Myers)

Pull request description:

  Bumped crate version to 0.21.0 and added below to changelog:

  ## 0.21.0

   - Add use-rustls-ring feature #135
   - refactor: make validate_merkle_proof more efficient #134
   - chore: set rust edition to 2021, fix clippy, add ci fmt and clippy checks #139

  ## 0.20.0

  - Upgrade rustls to 0.23 #132
  - chore(deps): upgrade rust-bitcoin to 0.32.0 #133
  - ci: add test with MSRV 1.63.0 #128

ACKs for top commit:
  oleonardolima:
    ACK 4dd7e21
  ValuedMammal:
    ACK 4dd7e21

Tree-SHA512: 3fcec2fb437733eac235bccb1b9c8f6b706e7a713c71de85016adc93f7db128ca6eadb5e9d1d44df27f1b49cce139b222aa9c21343afcf25befdf80a47442e51
radiant-smith-lk20 added a commit to radiant-smith-lk20/rust-electrum-client that referenced this pull request Dec 15, 2025
@radiant-smith-lk20
Merge bitcoindevkit/rust-electrum-client#132: Upgrade rustls to 0.23
8053a7f 
28b1aaa0c304c52eb98d13ddc4bcc9e066c515ce upgrade rustls to 0.23 (Nick Farrow)

Pull request description:

  With rustls 0.23 there is no longer a dependency on ring, allowing easier compilation for various targets.

  Not super confident with my updates to `ServerCertVerifier` and `Der` of certificates (is this being tested?), needs review.

ACKs for top commit:
  notmandatory:
    utACK 28b1aaa0c304c52eb98d13ddc4bcc9e066c515ce

Tree-SHA512: 6561c4d20d446d86ca7a6c04ddb5a8acb136756606c82ca00e9b4a1f0eb2a3b00120d6db475f14474a89ebaa2ad600208d51c777cb5aeed0dcf62335a84fee5a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@notmandatory notmandatory notmandatory approved these changes

+1 more reviewer

@RCasatta RCasatta RCasatta left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nickfarrow @RCasatta @thunderbiscuit @notmandatory