-
Notifications
You must be signed in to change notification settings - Fork 597
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improving webpki verifier CRL support ergonomics #1552
Conversation
Codecov Report
@@ Coverage Diff @@
## main #1552 +/- ##
==========================================
- Coverage 96.42% 96.41% -0.01%
==========================================
Files 75 75
Lines 15536 15524 -12
==========================================
- Hits 14980 14968 -12
Misses 556 556
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
Would it be Hard to stack #1547 on top of this one instead of the other way around? |
I don't think it would be too hard, but it does mean that it can't be merged until the webpki parts land and we cut a new alpha (neither very big blockers). Do you feel strongly? #1547 has a +1 from Ctz so it feels closer to being mergeable than this and the webpki PR it uses. |
It seems like the proper order to me just because it means there will be a bunch of churn from porting the code added in #1547 to the new webpki API. But if you prefer to merge #1547 first I can definitely live with that. In that case I will probably skip doing another round on #1547 and check back in with the rebased version of this. |
I think 264bae2 is the sum of the churn and it seems pretty minimal to me.
Ok, that sounds good to me. I'm happy to revisit parts from #1547 if you find anything outside the scope of the rebased content. |
Okay, that doesn't seem too bad! |
264bae2
to
1540e1a
Compare
Rebased on |
Leaving a reminder here: it'd be nice to get a new Rustls alpha after this lands so I can rework the FFI side in rustls/rustls-ffi#341. |
1540e1a
to
b31a413
Compare
@djc This is ready for a once-over now if you're interested. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you want to bump the rustls alpha version so you can continue moving downstream into -ffi?
f57ba4b
to
c12ce0f
Compare
@ctz This could use a 🔍 from you when you have a chance. Thanks! |
This version of webpki improves CRL ergonomics. Notable changes: * use `with_status_policy builder` fn The upstream crate added a more ergonomic interface we can use in place of having to keep around a mutable builder and doing our own matching. * avoid CRL dyn trait hurdles The upstream crate made working with CRLs easier by replacing the `CertRevocationList` trait with an `enum` representation. Notably this makes working with the `Vec<OwnedCertRevocationList>` that the webpki verifier builders and verifiers hold much easier: we no long have to do as many contortions to convert to a `&[&dyn CertRevocationList]`.
c12ce0f
to
3c58a24
Compare
Description
This branch updates Rustls to use the rustls-webpki v0.102.0-alpha.6 crate. This version of webpki improves CRL ergonomics (see rustls/webpki#203).
Since the changes in this alpha are breaking, I've taken the update & resolved the breaking changes in one commit to keep everything building and testing cleanly.
use
with_status_policy builder
fnThe upstream crate added a more ergonomic interface we can use in place of having to keep around a mutable builder and doing our own matching.
avoid CRL dyn trait hurdles
The upstream crate made working with CRLs easier by replacing the
CertRevocationList
trait with anenum
representation.Notably this makes working with the
Vec<OwnedCertRevocationList>
that the webpki verifier builders and verifiers hold much easier: we no long have to do as many contortions to convert to a&[&dyn CertRevocationList]
.TODO
Cargo.toml
patch