Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add rustls-platform-verifier binding #419

Merged
merged 6 commits into from
Apr 19, 2024
Merged

Add rustls-platform-verifier binding #419

merged 6 commits into from
Apr 19, 2024

Conversation

amesgen
Copy link
Contributor

@amesgen amesgen commented Apr 8, 2024
edited
Loading

Closes #417

Have not yet taken a closer look at the Windows failures Now resolved, see the review comments below.

amesgen
amesgen commented Apr 8, 2024
View reviewed changes
src/cipher.rs Outdated
Comment on lines 1170 to 1173
pub extern "C" fn rustls_platform_server_cert_verifier(
verifier_out: *mut *mut rustls_server_cert_verifier,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could also take an (optional) rustls_root_cert_store to use for Verifier::new_with_extra_roots; however, it doesn't exist on e.g. macOS and Windows, so one would either need a platform-conditional API or at least new error codes for these cases. WDYT?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's an open issue (rustls/rustls-platform-verifier#58) on rustls-platform-verifier to add support for extra roots for the other platforms.

I think we should keep this simple and avoid implementing it in -ffi until the feature is available more broadly. There's not very much platform-conditional code in this repo and it'd be great to avoid adding more if we can.

cpu
cpu reviewed Apr 11, 2024
View reviewed changes
Copy link
Member

@cpu cpu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! This is looking good. I had a few suggestions for documentation related fixes but the actual implementation is great 🌠

Have not yet taken a closer look at the Windows failures

I did some fiddling of my own and I believe we need crypt32.lib added to the Windows CMakeLists.txt in the target_link_libraries list.

Looking into that was worthwhile because (as mentioned in a review comment) it uncovered that I accidentally removed our test coverage for the expected Windows link libraries changing 😓

Applying this commit 575c80d fixes the Windows build in my testing. It tidies the overall list to match what I get using RUSTFLAGS=--print native-static-libs cargo build in CI while also adding crypt32.lib.

.github/workflows/test.yaml Outdated Show resolved Hide resolved
src/cipher.rs Outdated Show resolved Hide resolved
src/cipher.rs Outdated Show resolved Hide resolved
src/rustls.h Outdated Show resolved Hide resolved
tests/client_server.rs Show resolved Hide resolved
tests/static_libs.rs Show resolved Hide resolved
@amesgen amesgen force-pushed the rustls-platform-verifier branch from 81e77da to a16b456 Compare April 13, 2024 19:13
@amesgen amesgen marked this pull request as ready for review April 13, 2024 19:14
cpu
cpu approved these changes Apr 13, 2024
View reviewed changes
Copy link
Member

@cpu cpu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! The latest revisions look great. I left a comment suggesting we separate the new test but that's a minor detail.

@cpu
Copy link
Member

cpu commented Apr 13, 2024

Build+test (clang, 1.61.0, ubuntu-latest) Expected — Waiting for status to be reported
Build+test (gcc, 1.61.0, ubuntu-latest) Expected — Waiting for status to be reported

This is to be expected from the MSRV update. We'll admin merge and fixup the branch protection rules afterwards.

@amesgen amesgen force-pushed the rustls-platform-verifier branch from a16b456 to 396923d Compare April 13, 2024 20:24
@cpu cpu requested review from jsha and ctz April 13, 2024 20:58
jsha
jsha requested changes Apr 19, 2024
View reviewed changes
Copy link
Collaborator

@jsha jsha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally looks great!

src/cipher.rs Outdated Show resolved Hide resolved
@amesgen amesgen force-pushed the rustls-platform-verifier branch from 396923d to 819ba4b Compare April 19, 2024 12:04
@amesgen amesgen force-pushed the rustls-platform-verifier branch from 819ba4b to 4d65d5a Compare April 19, 2024 12:27
@cpu cpu requested a review from jsha April 19, 2024 13:42
@cpu cpu merged commit 6342e48 into rustls:main Apr 19, 2024
21 checks passed
@cpu
Copy link
Member

cpu commented Apr 19, 2024

Thanks @amesgen !

@amesgen amesgen deleted the rustls-platform-verifier branch April 19, 2024 17:53
@cpu
Copy link
Member

cpu commented Apr 19, 2024

This is to be expected from the MSRV update. We'll admin merge and fixup the branch protection rules afterwards.

I've retroactively fixed the branch protection rules for the new MSRV.

@chenrui333 chenrui333 mentioned this pull request Sep 13, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpu cpu cpu approved these changes

@jsha jsha jsha approved these changes

@ctz ctz Awaiting requested review from ctz

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bindings to rustls-platform-verifier?
3 participants
@amesgen @cpu @jsha