-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using custom TlsConnector #2
Comments
async-tungstenite uses async-tls if the "tls" feature is enabled. It's then used inside the Check the implementation of the Does that help? |
Thanks for the quick reply! Oh ok, so async-tungstenite use async-tls which in turn uses rusttls, instead tungstenite uses native-tls and does nor currently support rusttls. That is kind of confusing, and should maybe be called out explicitly in the docs. Anyway, thanks for clarifying that, I guess my next step is to look into how to pass a rusttls (The fact that we end up using rusttls instead of native-tls, is kind of annoying, since I fear I will have a much harder time getting this past appsec review, but right now I can focus on my prototype) |
Code is pretty terrible right now, since I just hammered till it worked, but this seems to work, in case it is useful to anyone else:
|
On 23 November 2019 15:13:59 EET, Paolo Borelli ***@***.***> wrote:
Thanks for the quick reply!
Oh ok, so async-tungstenite use async-tls which in turn uses rusttls,
instead tungstenite uses native-tls and does nor currently support
rusttls. That is kind of confusing, and should maybe be called out
explicitly in the docs.
rusttls support in async-tungstenite is fully optional and can easily be replaced with any other crate too :) all that is needed is a stream that impls AsyncRead and AsyncWrite.
Similarly in tungstenite it's completely optional and just there for some convenience API.
The reason for selecting async-tls was that it already works with just those traits. there's an issue already for also supporting native-tls in it. Based on tokio-tls that shouldn't be too much work either.
Anyway, thanks for clarifying that, I guess my next step is to look
into how to pass a rusttls `ClientConfig` to the
`async_tls::TlsConnector` so that I can accept self signed certs.
I would accept a PR to add some convenience function for this BTW.
(The fact that we end up using rusttls instead of native-tls, is kind
of annoying, since I fear I will have a much harder time getting this
past appsec review, but right now I can focus on my prototype)
If your company needs native-tls and nobody else did that by then, I'd be available for contracting for this. As said, shouldn't be much work :) I have that somewhere on my list but it will take a while until I get there probably.
…--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
|
Yeah, an option to use a custom client config would indeed be useful. Thanks! Proliferation of native-tls is not desirable. Having most code in safe Rust is an achievement. If needed, https://github.com/ctz/rustls-native-certs could be used instead of webpki-roots. |
While I generally agree with you that it would be nice to have a mature and battle-proven TLS stack in a memory-safe language, that's not where we are yet :) Also having each application ship their own TLS stack is also not optimal, even more so if it's a rather immature and new one. And there can be many non-technical reasons for preferring the platform's TLS stack too. |
That's done now, and you can also optionally build with native-tls instead of async-tls. You'd have to compile with e.g. |
Disclaimer: I am not convinced this is a problem with
async-tungstenite
itself, rather than just being the consequence of the in-flux state of the async ecosystem, but I figured I might as well file it at the "entry point" of my problem, since I could not think of a better alternative :-)I am trying to connect to a websocket server with a self-signed certificate.
Digging into things a little bit, I figured that I need to use the
client
api instead of the high levelconnect-async
, and use my ownTlsConnector
, see for instance (snapview/tungstenite-rs#84).Since this is the async version of tungstenite, I figured I would need an async TLS connector.
I also saw that tungstenite uses native-tls.
I found that https://github.com/dbcfd/tls-async is an async version of native-tls, but it does not seem active and currently does not compile.
On the other hand, there is https://github.com/async-rs/async-tls but that uses rust-tls, so I do not think I can use that with async-tungstenite,
Any suggestion?
The text was updated successfully, but these errors were encountered: