rathole icon indicating copy to clipboard operation
rathole copied to clipboard

Published 20 hours ago verified publisher icon rapiz1

Use rustls for tls implementation

Open sunng87 opened this issue 3 years ago • 3 comments

This patch switches tls backend to rustls from openssl. This makes cross-compiling to arm and other architecture easier by not requiring openssl headers. Also the rustls implementation is more future promising in term of security and safety.

I will be using this branch in my own setup. If the change makes sense, I will finish some minor TODO items to improve the code quality.

Thank you for this excellent tool!

sunng87 avatar Apr 08 '22 15:04 sunng87

Thanks for your contribution! Shifting to rustls has been on my mind for pretty long time. But there are two main blockers:

  1. rustls doesn't support cert for ip, which has been an issue for years, waiting for the maintainer to fix.

  2. Rummors are that rustls makes it harder to cross compile for minor platforms. E.g. mips. However, I've not checked whether rustls compile for all platforms that rathole currently supports

---Original--- From: "Ning @.> Date: Fri, Apr 8, 2022 23:19 PM To: @.>; Cc: @.***>; Subject: [rapiz1/rathole] Use rustls for tls implementation (PR #152)

This patch switches tls backend to rustls from openssl. This makes cross-compiling to arm and other architecture easier by not requiring openssl headers. Also the rustls implementation is more future promising in term of security and safety.

I will be using this branch in my own setup. If the change makes sense, I will finish some minor TODO items to improve the code quality.

Thank you for this excellent tool!

You can view, comment on, or merge this pull request online at:

  https://github.com/rapiz1/rathole/pull/152

Commit Summary

18d38c6 refactor: use rustls for tls implementation

File Changes

(3 files)

 M     Cargo.lock     (363)      

 M     Cargo.toml     (5)      

 M     src/transport/tls.rs     (127)

Patch Links:

https://github.com/rapiz1/rathole/pull/152.patch

https://github.com/rapiz1/rathole/pull/152.diff

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.***>

yujqiao avatar Apr 08 '22 15:04 yujqiao

I'm thinking about adding a compile flag ( features, in cargo's terms) to compile with rustls, instead of replacing openssl. We can use this as meditation since rustls doesn't fit all our requirements (see above). Are you still interested in this work?

yujqiao avatar Jun 25 '22 14:06 yujqiao

@rapiz1 I'm no longer working on this. So feel free to pick it up for further development. Using feature flag for rustls makes a lot of sense. Thank you!

sunng87 avatar Jun 26 '22 02:06 sunng87

Interesting. I am struggling with rustls now. Glad to find this PR.

sunmy2019 avatar Feb 14 '24 08:02 sunmy2019

rustls 0.22 introducing some breaking changes that invalidates this code.

I am discovering how to fix. May take longer than I expected.

sunmy2019 avatar Feb 14 '24 13:02 sunmy2019

merged via https://github.com/rapiz1/rathole/pull/330

yujqiao avatar Feb 18 '24 09:02 yujqiao