Update rustls-ffi requirement from 0.8 to 0.9

[dependabot[bot]]

Updates the requirements on rustls-ffi to permit the latest version.

Release notes

Sourced from rustls-ffi's releases.

v0.8.2

Changed

• Add a feature, no_log_capture, which inhibits rustls from taking the global logger. Useful when built as a Rust dependency.

Changelog

Sourced from rustls-ffi's changelog.

0.8.2 (2021-11-13)

Changed

• Add a feature, no_log_capture, which inhibits rustls from taking the global logger. Useful when built as a Rust dependency.

0.8.1 (2021-11-12)

Changed

• Setting of ALPN protocols for client configs was broken in the 0.8.0 release. This release fixes it.

0.8.0 (2021-11-08)

The package name has changed to "rustls-ffi" (from "crustls"). The header file (as installed by make DESTDIR=/path/ install) is now rustls.h and the library is librustls.a. The old library and header names are symlinked as part of the install process, to simplify upgrading to the new version.

If you are importing this as a library from other Rust code, you should import rustls_ffi.

Added

• rustls_client_config_builder_new_custom and rustls_server_config_builder_new_custom: start building a config, with ciphersuites and TLS versions set at initial construction.
• rustls_default_ciphersuites_get_entry() and rustls_default_ciphersuites_len(): get default ciphersuites as opposed to all ciphersuites (these happen to be the same today but might not always be).

Changed

• rustls-ffi now imports rustls version 0.20, up from rustls 0.19. View the changelog.
• Configuring ciphersuites and TLS versions. Previously these could be set using setter methods on the builder object. Now they have to be set at the beginning of the config builder process, by calling rustls_client_config_builder_new_custom().
• Reading of plaintext from a rustls_connection. When the internal plaintext buffer is empty, rustls_connection_read will return RUSTLS_RESULT_PLAINTEXT_EMPTY. That means no more plaintext can be read until additional TLS bytes are ingested via rustls_connection_read_tls, and rustls_connection_process_new_packets is called. Previously this condition was indicated by returning RUSTLS_RESULT_OK with out_n set to 0.
• Handling of unclean close and the close_notify TLS alert. Mirroring upstream changes, a rustls_connection now tracks TCP closed state like so: rustls_connection_read_tls considers a 0-length read from its callback to mean "TCP stream was closed by peer." If that happens before the peer sent close_notify, rustls_connection_read will return RUSTLS_RESULT_UNEXPECTED_EOF once the available plaintext bytes are exhausted. This is useful to protect against truncation attacks. Note: some TLS implementations don't send close_notify. If you are already getting length

... (truncated)

Commits

• 0c8ce85 Update CHANGELOG and Cargo.toml for 0.8.2 (#222)
• 244ea16 Add feature to inhibit log capture (#219)
• 59765f3 Cargo.toml: update version number to match git tag (#221)
• ac3225d Fix Makefile.Windows (#211)
• 8927058 Include pthread.h only for non-WIN32 build (#210)
• 97debfa Add tests for server and client connection_new (#208)
• ca11338 Fix config builder tests under miri (#207)
• af2e8c3 Plug server mem-leaks (#196)
• 3d0c53b Win32: remove <sys/uio.h> (#201)
• 2dd1946 Re-add Miri to CI. (#199)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sagebind]

Not sure if we can actually do this upgrade yet; it depends on what version libcurl is designed to link to.

[dependabot[bot]]

Looks like rustls-ffi is no longer a dependency, so this is no longer needed.