Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependencies (rustls and axum-server) #5

Closed
wants to merge 7 commits into from

Conversation

tmpfs
Copy link
Contributor

@tmpfs tmpfs commented Jan 11, 2024

Hi,

I would like to integrate this into a project that uses a newer version of rustls and axum-server so I am trying to update the dependencies.

I am working through the changes here:

https://github.com/rustls/rustls/releases/tag/v%2F0.22.0

But am not sure what to do about OwnedTrustAnchor, do you think you could take a look and advise.

This is the error:

error[E0433]: failed to resolve: could not find `OwnedTrustAnchor` in `rustls`
  --> src/config.rs:54:21
   |
54 |             rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
   |                     ^^^^^^^^^^^^^^^^ could not find `OwnedTrustAnchor` in `rustls`

Thanks 🙏

Edit, a reminder for myself, I am using this to step through the compiler errors:

cargo run --example low_level_axum --features axum -- -d localhost

@tmpfs tmpfs marked this pull request as draft January 11, 2024 02:57
Use rustls::pki_types::TrustAnchor instead.
@tmpfs
Copy link
Contributor Author

tmpfs commented Jan 11, 2024

Ok so the OwnedTrustAnchor problem is resolved; now I just need to figure out the correct way to use the new CertificateDer and PrivateKeyDer types.

We can't share the ClientConfig anymore as reqwest has yet to be updated
to rustls@0.22 so instead we just let the client use it's own rustls
configuration.
@tmpfs tmpfs marked this pull request as ready for review January 11, 2024 04:58
@tmpfs
Copy link
Contributor Author

tmpfs commented Jan 11, 2024

@Frando and @dignifiedquire - this now compiles and it appears to be behaving the same as before but would appreciate a review.

The assumption i make is that we should be using Pkcs8 (and the new PrivatePkcs8KeyDer type in pki_types) to do the conversion to PrivateKeyDer - is that correct?

It's also worth noting that I had to change the behavior of the reqwest client to use it's own version of rustls as it has not been upgraded to rustls@0.22 yet, failing to do so would yield a TLS backend error as it would call use_preconfigured_tls() with an incompatible client config (different versions of rustls). This means we could also do some cleanup of ClientConfig in parts of the code as its no longer being used in https_helper.

let client = reqwest::ClientBuilder::new()
.use_preconfigured_tls(client_config)
.use_rustls_tls()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this removes the ability to pass the client config, which is not good, we should wait until reqwest is updated and we can pass it along again

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like this is part of seanmonstar/reqwest#2059

@dignifiedquire
Copy link
Contributor

The assumption i make is that we should be using Pkcs8 (and the new PrivatePkcs8KeyDer type in pki_types) to do the conversion to PrivateKeyDer - is that correct?

This looks correct asfaict

@tmpfs
Copy link
Contributor Author

tmpfs commented Jan 20, 2024

Thanks for taking a look @dignifiedquire , I am already subscribed to that reqwest issue as I also need that to land to settle on http/hyper v1.

Will update this PR once that lands and revert to use_preconfigured_tls().

@tmpfs
Copy link
Contributor Author

tmpfs commented Apr 7, 2024

Hi @dignifiedquire,

We now have a compatible version of reqwest available so I have updated to 0.12 and restored the call to use_preconfigured_tls() however I get this error when I run the example:

Unknown TLS backend passed to `use_preconfigured_tls`

The reqwest docs clearly indicate this can happen when a TLS backend version mismatch occurs however running cargo tree -i rustls shows only the v0.22.2 version of rustls in the dependency tree so I am not sure where I am going wrong here.

This is the code that is failing to execute correctly:

https://docs.rs/reqwest/latest/src/reqwest/async_impl/client.rs.html#1592-1602

Just not sure why the downcast is failing. Any ideas?

@tmpfs
Copy link
Contributor Author

tmpfs commented Apr 8, 2024

Oops, I wasn't passing --features=axum when inspecting the dependency tree.

Unfortunately, axum-server@0.6.0 uses rustls@0.21.x so we are now blocked waiting for this issue to be resolved: programatik29/axum-server#103

@tmpfs
Copy link
Contributor Author

tmpfs commented Apr 8, 2024

Wow, the version of rustls used by reqwest is already out of date so we now need to wait for:

seanmonstar/reqwest#2225

And:

programatik29/axum-server#112

@dignifiedquire
Copy link
Contributor

Sigh..this release cycle of rustls is really painful. Thanks for keeping track of this

@tmpfs
Copy link
Contributor Author

tmpfs commented Jul 31, 2024

Closing this as it looks like #11 will resolve this.

@tmpfs tmpfs closed this Jul 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants