-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow for optionally using OpenSSL #136
Comments
That sounds useful and doable. It's possible to choose between native-tls and rustls at runtime.
|
This is exactly the way I'd recommend doing it.
Yes, I think rustls should stay default so as to not surprise users.
I think that's probably a worse compromise and should be avoided.
I would rather prefer if that weren't an option and I don't think it's worth it. It would also complicate options for users for no large benefit (well, except for a slightly smaller binary). |
It seems native-tls has added support for ALPN a couple of months ago. This PR should enable it for reqwest seanmonstar/reqwest#1283
If we are planning to support Also, do we want to add a |
Yes.
If we automatically detect But it might also be interesting to support DER files and automatically switch the TLS backend based on that. We should take care with the error messages here, if we just let it crash they'll be confusing.
That's a good idea. I already have a proof of concept, I'll make a WIP PR. |
Not super related, but it would be good if our tests don't depend on OpenSSL unless |
xh v0.12.0 has been released which supports using the system's TLS library 🎉 # make sure to enable the newly added native-tls feature when compiling xh i.e cargo build --features=native-tls
$ xh --native-tls https://1.1.1.1
HTTP/2.0 200 OK
age: 270
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 67a3e3c28af3fe50-HEL
content-type: text/html
date: Thu, 05 Aug 2021 23:43:47 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Fri, 06 Aug 2021 03:43:47 GMT
last-modified: Tue, 03 Aug 2021 14:31:58 GMT
served-in-seconds: 0.003
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-amz-request-id: tx0000000000000083a103c-00610953bb-5653bdb-default
# response body is omitted |
Hey, I think it'd be neat if the user could choose between using rustls or OpenSSL. For instance, I do sometimes have the requirement to use either one or the other and if xh supported that it'd be pretty good. I'm not sure whether it'd be a compile-time switch or a runtime one as linking to OpenSSL at all times would decrease the nice portability of xh which I do value.
Perhaps allow the user to add OpenSSL support during compile time? Then distro packagers could choose to ship a xh supporting both versions while you still keep building the static builds with only rustls.
I imagine building this would enable a flag
--native-tls
which would then internally switch TLS calls to the linked OpenSSL.Use cases:
What do you think?
The text was updated successfully, but these errors were encountered: