axum-server icon indicating copy to clipboard operation
axum-server copied to clipboard

Published 20 hours ago verified publisher icon programatik29

fix: rustls 0.23.1, next version of tokio-rustls

Open pimeys opened this issue 1 year ago • 6 comments

Hey,

We can merge this only when the next version of tokio-rustls is out. I'm just opening it up already because we upgraded our whole project and need this dependency. Having this PR in our Cargo.toml so we can review and step back to crates.io when the dependency issues in the ecosystem are all merged and published.

Supersedes: https://github.com/programatik29/axum-server/pull/106

pimeys avatar Mar 07 '24 14:03 pimeys

@pimeys Can we merge this now? We are stuck with an older version of rusttls because of this.

diptanu avatar Mar 24 '24 18:03 diptanu

@diptanu you can integrate the changes from this PR into your own project with a patch like so:

[dependencies]
axum-server = "=0.6.0"

[patch.crates-io]
axum-server = { git = "https://github.com/grafbase/axum-server", branch = "rustls-0.23" }

More info on patches

MaxFangX avatar Mar 26 '24 01:03 MaxFangX

@MaxFangX Thanks! It would be great if this PR was merged in because SSL and being able to use latest version of the rust-tls library would be great.

diptanu avatar Apr 07 '24 20:04 diptanu

+1 on getting this merged.

julianh-y avatar Apr 10 '24 17:04 julianh-y

In the meantime tokio-rustls = 0.26.0 was released and we got RUSTSEC-2024-0336

@pimeys will you update this PR?

@programatik29 can we get this merged somehow?

atezet avatar Apr 22 '24 11:04 atezet

Before this can be merged, I guess we need to figure out what to do with rustls changing the default crypto provider from ring to aws-lc-rs. So far both reqwest and tonic decided to keep using ring as the default for various reasons

One of the reasons listed was aws-lc-rs requires CMake to compile. This was later fixed in https://github.com/aws/aws-lc-rs/pull/317.

liningpan avatar Jun 18 '24 02:06 liningpan

Yep. We also have a similar issue in our workspace with the changed tls impl, it's kind of annoying to set to ring if the workspace is large

pimeys avatar Jul 18 '24 16:07 pimeys

IMHO, axum-server should stick with the default provider aws-lc-ls now that CMake is not a build dependency anymore.

Perhaps update the README with a note about the rustls providers and perhaps some code snippet showing how to set up a provider for your app. i.e:

            // configure default provider for RUSTLS
            rustls::crypto::aws_lc_rs::default_provider()
                .install_default()
                .expect("install rustls default crypto provider");

julianh-y avatar Jul 18 '24 17:07 julianh-y

#124 should close this.

programatik29 avatar Jul 30 '24 16:07 programatik29