-
Notifications
You must be signed in to change notification settings - Fork 260
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add flags to avoid Cryptonite/X509 #871
Conversation
I understand your pain. I have no objection. To my quick check, the code itself is high quality. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a minor comment about the CPP variable, but otherwise have no issue, the motivation here makes perfect sense.
@@ -15,8 +16,13 @@ import Data.Function (on) | |||
import qualified Data.Text as T | |||
import Data.Ord | |||
import qualified Data.ByteString as S | |||
#ifdef USE_CRYPTONITE |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you could use the build in Cabal macros for this instead. There's definitely MIN_VERSION_cryptonite
, but I think there may be others too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
MIN_VERSION_cryptonite
seems to work perfectly here, so I have force-pushed revised commits that use this instead. Thank you for the review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I'll defer to @kazu-yamamoto on merging. Thanks!
Merged. Thank you for your contribution. If you would like to have a new release, please let me know. |
@kazu-yamamoto Thank you for the merge. Yes, a release would be very nice, since that would allow me to run CI for 9.2 without using |
Many warp users use a reverse proxy for TLS termination. But before this PR,
the warp library had an unconditional dependency on the x509 library. The x509
library has a big dependency footprint, which would be irrelevant for these
users. Another problem with the x509 dependency is that it depends on
Cryptonite, which is updated slowly, and is still not available for GHC 9.2.
The wai-app-static library also depends on Cryptonite, but only for computing
MD5 hashes. It seems excessive to depend on this very large library for just a
single hash function. So this PR adds a flag to enable compilation with a
different, also very well-trusted library.
Because both of these newly added flags are enabled by default, it means that a
user that isn't carefully reading the warp/wai-app-static release notes will
not notice any disruption. People that try to upgrade to GHC 9.2 after this PR
is merged may notice that the client certificates are no longer available. But
that is not so bad, since it only happens while upgrading their compiler, which
commonly introduces all kinds of breaking changes. So I don't consider it a big
detraction.
Tested using the following
cabal.project
:packages: wai-app-static warp
cabal test all -f -cryptonite -f -x509 -w ghc-9.2.1
cabal test all -f cryptonite -f x509 -w ghc-9.0.2