Daniel McCarney
Daniel McCarney
> I also came across the CertifiedKey and Issuer types that didn't derive the Clone trait, but are able to. Should this be addressed as well, or should we keep...
I recommend reviewing this commit-by-commit. I've taken extra care to make sure each commit builds/tests cleanly along the way.
> attempt a demo using a 3rd party crypto provider I put together a rough proof of concept for this. I don't plan to "productionize" it at this time, but...
@ctz @jsha I'll be out of office next week. Is it possible you folks could take a look at this branch during that time so I can address feedback when...
> stage a downstream update in curl Here's a [WIP branch](https://github.com/curl/curl/compare/master...cpu:curl:cpu-rustls-ffi-0.14-wip/ci). For the time being I've left all of the `vtls/rustls.c` code using the interfaces that assume a clear default...
> stage a downstream update in `mod-tls` This one needs a bit more work, but here's [the start of a HTTPD branch that builds mod-tls w/ 0.14.0](https://github.com/apache/httpd/compare/trunk...cpu:httpd:cpu-rustls-ffi-0.14-wip-rebase). Like the `curl`...
> consider trimming CI matrix down? A full run is ~9m. That feels reasonable-ish to me, but it's also probably not necessary to build/test with both clang/gcc for each provider/platform...
> I think the test matrix should include a case that builds both ring and aws-lc-rs into the same binary, since that's supported. I should make this more clear in...
> Ideally the version string should say which crypto providers the package was built against, though that can be a followup. Great idea. I included an additional commit for this...
> IMO those are the only supported ways to build rustls-ffi and so we don't support builds w/ both providers. Maybe this is an oversimplification w.rt. `cargo-c` builds and it...