Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

backport BSD support for rel-0.1 #61

Merged
merged 6 commits into from
Jan 15, 2024
Merged

backport BSD support for rel-0.1 #61

merged 6 commits into from
Jan 15, 2024

Conversation

cpu
Copy link
Member

@cpu cpu commented Jan 15, 2024
edited

This branch backports a few changes from main targetting the rel-0.1 branch. This will unblock preparing a 0.1.1 release that adds BSD support.

@cpu
proj: relax cfg gates to allow FreeBSD
5ada6aa 
This commit relaxes the cfg gates that previously were Linux specific to
allow Unix generally. Care is taken to ensure we still handle
MacOS/iOS/Android specially where required.

FreeBSD in CI seems to be unable to use openssl-probe to find the system
CA bundle, so we also add a BSD-specific dev-dependency on webpki-roots
and update the real world verification suite to conditionally use the
`Verifier::new_with_extra_roots` constructor to provide extra CA certs
from webpki-roots.

It might be possible to fix the FreeBSD runner so that openssl-probe
works (e.g. by `curl`ing a CA bundle into a different location, or
setting the `SSL_CERT_FILE` env var) but this approach has the benefit
of adding coverage for `new_with_extra_roots`.
@cpu
ci: add FreeBSD cargo test job
bdb42b3 
Since GitHub actions doesn't offer FreeBSD runners we follow the Quinn
project's lead and use `vmactions/freebsd-vm@v1` to run a FreeBSD VM on
the runner, and our tests within the VM.
@cpu cpu self-assigned this Jan 15, 2024
@complexspaces
Copy link
Collaborator

Do we also want to cherry-pick back the documentation fixes made in #57 and #54 as well? Otherwise the documentation for 0.1.1 will be broken on docs.rs too.

@cpu
Copy link
Member Author

cpu commented Jan 15, 2024

Do we also want to cherry-pick back the documentation fixes

Good thinking. I'll pull those in.

cpu and others added 4 commits January 15, 2024 12:05
@cpu
docs: fix broken ServerCertVerifier link
94371a6
@cpu
docs: clarify Linux certificate store
bff4a5b 
Previously webpki-roots was used unconditionally on Linux. This changed
so that webpki-roots can be used on an opt-in basis with the
`Verifier::new_with_extra_roots`. This commit clarifies this point in
the README table describing platform support.
@complexspaces @cpu
Fix incorrect platform-specific Verifier documentation
e705783
@complexspaces @cpu
Fix README extra roots documentation on other OSes
eee47ad
@cpu cpu merged commit ab78c95 into rustls:rel-0.1 Jan 15, 2024
14 checks passed
@cpu cpu deleted the cpu-0.1.1-bsd branch January 15, 2024 17:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djc djc djc approved these changes

@complexspaces complexspaces complexspaces approved these changes

Assignees

@cpu cpu

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@cpu @complexspaces @djc