feat(tls): upgrade to tokio-rustls 0.23 (rustls 0.20) #859
Conversation
djc
force-pushed
the
rustls-0.20
branch
5 times, most recently
from
86ffa7b
to
48ed610
Compare
|
FYI this is will require a breaking release because we accept the client/server config from rustls in an api. |
|
What's the planning for 0.7? Would be nice not to carry around duplicate deps for this. |
|
As discussed a bit on Discord, I added a commit that removes API surface referencing specific rustls types so that hopefully a future rustls upgrade won't need to be a semver-incompatible version bump. Would still appreciate some context on planning for 0.7, since I'd like to make some changes to opentelemetry-stackdriver that would pull in rustls 0.20 -- but that crate also depends on tonic, and it would be nice not to depend on two versions of rustls/webpki. |
|
Is it still possible to pass in a custom rustls ClientConfig now? |
|
No, it isn't. But we could potentially add API surface to ClientTlsConfig, depending on your use case? |
|
Thanks, that would be great! We would definitely need this, we use a custom cert validator, and it seems after this commit there is no way of using it in tonic. |
|
Can you file a separate issue so we can be sure to track your use case? I have some ideas but will need to investigate in more detail. |
|
Hi, we're in the process of upgrading from tonic 0.6 to 0.8, and the direct rustls configuration seems to have been removed in this PR, and TLS configuration is now done completely differently. We'll try to update to the new way of configuring, but I think it'd be nice if there was still a way to configure rustls directly with a |
|
Bumping this. This is now a big blocker for us. |
|
@exFalso @rollo-b2c2 the answer in this case is to use hyper directly, with rustls rather than going through tonics. Or using a custom acceptor/connector. We removed it from the public API so that we can upgrade it without making breaking releases. |
No description provided.