Implement support for Rustls - v2#725
Implement support for Rustls - v2#725jaymell merged 19 commits intoredis-rs:mainfrom rharish101:rustls
Conversation
|
Thanks for picking this up! Hope to be able to review this soon. |
|
I just fixed a bug (a misconfiguration in the x509v3 extensions file for generating TLS certs used in testing) causing the Redis cluster tests to hang forever. All tests now pass on my machine. Could you run the CI again? |
|
This is exciting. Would like to use here: valorem-labs-inc/quay#41 - just saw this PR, serendipitous, because I'm trying to converge everything on tokio/rustls for sqlx, redis, http, grpc, etc. |
|
Nice! I hope to see this merged soon as well to remove openssl completely from our work project 🚀 |
|
Is there an ETA on this merge? |
|
Nope, sorry. @rharish101 would you mind rebasing this once more? |
|
@djc Done 👍🏽 |
|
I'm checking in to see if there's any movement on rustls support. |
|
Hi @djc , @rharish101 , what can I do to help get this PR merged? I'd like to use this crate in a project that cannot use openssl. |
|
I'll take a look at it tomorrow -- sorry for the slow response. |
From my side, I don't think there's anything that needs to be done before code review, apart from rebasing the PR when asked. Let me know if I'm wrong, though. |
djc
left a comment
There was a problem hiding this comment.
This is looking pretty good to me -- apologies again for the slow review!
|
Just rebased it, fixed tests, and made Rustls use native certs by default. The tests pass on my machine, so if the CI says it's good, feel free to merge it. |
|
The failing tests seem odd. The error seems like a correctness bug, not a TLS connection issue (as you might expect from this PR). It's also only for one specific configuration, which I cannot reproduce locally (on Arch Linux, with Rust 1.68.0, Redis 7.0.9 and Redis-JSON 2.2.0). |
|
Likely test flakiness, re-running |
|
Great, they work now. Thanks! |
|
Will this PR be merged soon? Eager to use the rustls support. |
|
@rharish101 Do you mind resolving the conflict? 🙏 |
- Fixed syntax such that it's supported by the MSRV - Renamed "tls" to "tls-native-tls" - Renamed "rustls" to "tls-rustls" - Renamed "rustls-insecure" to "tls-rustls-insecure" - Renamed "async-std-tls-comp" to "async-std-native-tls-comp"
Rustls only accepts x509v3 certs, hence update the code to generate x509v3 certs for the redis server.
The bug also exists in `main`
Also add deprecation notice for older features
|
I've rebased the PR onto the latest |
|
(Might be worth noting that rustls 0.21 has come out, but there are no matching tokio-rustls/webpki-roots versions quite yet.) |
If there are libraries that haven't been updated with the new Rustls, then I think it would be better to merge this PR and update Rustls in a new PR, rather than wait for them and update this PR. |
|
I'm a bit worried that, as is, our test runs will not be hitting native-tls at all with the current configuration, correct? I hate to keep adding more jobs, but I think it's probably worth it in this case. |
|
Oh yeah, good catch. I'll work on it. |
|
Thanks. And sorry "jobs" was not the right terminology. I was thinking in terms of Github CI for some reason, but obviously I think the solution is to add yet another run to the Makefile 😓 |
|
Test flakiness, perhaps, since the failing test is for RedisJSON, which wasn't changed at all. |
|
Merged. Thanks for bringing this to the finish line! |
|
Folks, thank you for this work AND please update the features section of the docs when you add features! |
Add python/core support for configuring client name during connection…
This PR takes over #601.
I've rebased @LeoRowan's PR onto the latest
main. Then, I took @djc's suggestions about the feature flags, and did the following:tls-rustlsfeature flag.tls-rustls-insecurefeature flag.tls-rustls-webpki-rootsfeature flag.tokio-rustls-compfeature flag.async-std-rustls-compfeature flag.tlstotls-native-tls(for lack of a better naming scheme that's consistent with Rustls).async-std-tls-comptoasync-std-native-tls-comp(for consistency).Cargo.toml.I've also documented how to use the Rustls feature flags in the README.
Closes #601 and resolves #574.