isahc
isahc copied to clipboard
Update rustls-ffi requirement from 0.8 to 0.9
Updates the requirements on rustls-ffi to permit the latest version.
Release notes
Sourced from rustls-ffi's releases.
v0.8.2
Changed
- Add a feature, no_log_capture, which inhibits rustls from taking the global logger. Useful when built as a Rust dependency.
Changelog
Sourced from rustls-ffi's changelog.
0.8.2 (2021-11-13)
Changed
- Add a feature, no_log_capture, which inhibits rustls from taking the global logger. Useful when built as a Rust dependency.
0.8.1 (2021-11-12)
Changed
- Setting of ALPN protocols for client configs was broken in the 0.8.0 release. This release fixes it.
0.8.0 (2021-11-08)
The package name has changed to "rustls-ffi" (from "crustls"). The header file (as installed by
make DESTDIR=/path/ install
) is nowrustls.h
and the library islibrustls.a
. The old library and header names are symlinked as part of the install process, to simplify upgrading to the new version.If you are importing this as a library from other Rust code, you should import
rustls_ffi
.Added
- rustls_client_config_builder_new_custom and rustls_server_config_builder_new_custom: start building a config, with ciphersuites and TLS versions set at initial construction.
- rustls_default_ciphersuites_get_entry() and rustls_default_ciphersuites_len(): get default ciphersuites as opposed to all ciphersuites (these happen to be the same today but might not always be).
Changed
rustls-ffi
now importsrustls
version 0.20, up from rustls 0.19. View the changelog.- Configuring ciphersuites and TLS versions. Previously these could be set using setter methods on the builder object. Now they have to be set at the beginning of the config builder process, by calling rustls_client_config_builder_new_custom().
- Reading of plaintext from a rustls_connection. When the internal plaintext buffer is empty, rustls_connection_read will return RUSTLS_RESULT_PLAINTEXT_EMPTY. That means no more plaintext can be read until additional TLS bytes are ingested via rustls_connection_read_tls, and rustls_connection_process_new_packets is called. Previously this condition was indicated by returning RUSTLS_RESULT_OK with out_n set to 0.
- Handling of unclean close and the close_notify TLS alert. Mirroring upstream changes, a rustls_connection now tracks TCP closed state like so: rustls_connection_read_tls considers a 0-length read from its callback to mean "TCP stream was closed by peer." If that happens before the peer sent close_notify, rustls_connection_read will return RUSTLS_RESULT_UNEXPECTED_EOF once the available plaintext bytes are exhausted. This is useful to protect against truncation attacks. Note: some TLS implementations don't send close_notify. If you are already getting length
... (truncated)
Commits
0c8ce85
Update CHANGELOG and Cargo.toml for 0.8.2 (#222)244ea16
Add feature to inhibit log capture (#219)59765f3
Cargo.toml: update version number to match git tag (#221)ac3225d
Fix Makefile.Windows (#211)8927058
Include pthread.h only for non-WIN32 build (#210)97debfa
Add tests for server and client connection_new (#208)ca11338
Fix config builder tests under miri (#207)af2e8c3
Plug server mem-leaks (#196)3d0c53b
Win32: remove <sys/uio.h> (#201)2dd1946
Re-add Miri to CI. (#199)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Not sure if we can actually do this upgrade yet; it depends on what version libcurl is designed to link to.
Looks like rustls-ffi is no longer a dependency, so this is no longer needed.