Update to rustls-ffi 0.10.0

[jsha]

This brings in version 0.21.0 of the upstream rustls implementation, which notable includes support for IP address certificates. This allows enabling many of the unittests that relied on IP address certificates to communicate with localhost.

[jsha]

Interesting. The test failure is under address_sanitizer, but appears to be a failed assertion indicating that a connection was reused more than expected (one connect vs two).

=================================== FAILURES ===================================
_________________ TestDownload.test_02_07_download_reuse[0-h2] _________________

self = <test_02_download.TestDownload object at 0x7f[29](https://github.com/curl/curl/actions/runs/4557958324/jobs/8040275432?pr=10865#step:24:30)b0feab90>
env = <testenv.env.Env object at 0x7f29b0e3d720>
httpd = <testenv.httpd.Httpd object at 0x7f29b0ffeb90>
nghttpx = <testenv.nghttpx.Nghttpx object at 0x7f29b0ffd1b0>, repeat = 0
proto = 'h2'

    @pytest.mark.parametrize("proto", ['h2', 'h3'])
    def test_02_07_download_reuse(self, env: Env,
                                  httpd, nghttpx, repeat, proto):
        if proto == 'h3' and not env.have_h3():
            pytest.skip("h3 not supported")
        count = 200
        curl = CurlClient(env=env)
        urln = f'https://{env.authority_for(env.domain1, proto)}/data.json?[0-{count-1}]'
        r = curl.http_download(urls=[urln], alpn_proto=proto,
                               with_stats=True, extra_args=[
            '--parallel', '--parallel-max', '200'
        ])
        r.check_exit_code(0)
        r.check_stats(count=count, exp_status=200)
        # should have used 2 connections only (test servers allow 100 req/conn)
>       assert r.total_connects == 2, "h2 should use fewer connections here"
E       AssertionError: h2 should use fewer connections here
E       assert 1 == 2
E        +  where 1 = ExecResult[code=0, exception=None, args=['/home/runner/work/curl/curl/src/curl', '-s', '--path-as-is', '-v', '--http2'... done: 0\n', '* Connection #0 to host one.http.curl.se left intact\n', '* Expire cleared (transfer 0x6220001[30](https://github.com/curl/curl/actions/runs/4557958324/jobs/8040275432?pr=10865#step:24:31)908)\n']].total_connects

tests/http/test_02_download.py:163: AssertionError
=========================== short test summary info ============================
FAILED tests/http/test_02_download.py::TestDownload::test_02_07_download_reuse[0-h2] - AssertionError: h2 should use fewer connections here
assert 1 == 2
 +  where 1 = ExecResult[code=0, exception=None, args=['/home/runner/work/curl/curl/src/curl', '-s', '--path-as-is', '-v', '--http2'... done: 0\n', '* Connection #0 to host one.http.curl.se left intact\n', '* Expire cleared (transfer 0x622000130908)\n']].total_connects
============= 1 failed, 67 passed, [52](https://github.com/curl/curl/actions/runs/4557958324/jobs/8040275432?pr=10865#step:24:53) skipped in 62.67s (0:01:02) ==============

[jsha]

@icing I see you've been working on the pytests. Any idea why this would fail just on address_sanitizer?

[icing]

@icing I see you've been working on the pytests. Any idea why this would fail just on address_sanitizer?

First guess: the curl client becomes so slow, that apache answers the requests before the first connection runs out of space. So, a second one is never needed.

Hmm...we could change the assert to <= 2.

Added #10870 for exactly this.

[bagder]

Closed by mistake, sorry

[pheiduck]

This tests are still fail:

TESTFAIL: These test cases failed: 400 401 403 406 407 408 409 987 988 989 1112 

[bagder]

Tests are failing

[jsha]

Yep, have been meaning to look into this more. Apologies for the delay.