Support native-tls

2024-10-01 09:21:53 +00:00 · 2023-03-04 21:05:57 +13:00 · 2023-03-04 21:05:57 +13:00 · 1eedfa1800
commit 1eedfa1800
parent d83c502245
3 changed files with 154 additions and 4 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1823,6 +1823,19 @@ dependencies = [
 "tokio-rustls",
 ]

+[[package]]
+name = "hyper-tls"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905"
+dependencies = [
+ "bytes",
+ "hyper",
+ "native-tls",
+ "tokio",
+ "tokio-native-tls",
+]
+
 [[package]]
 name = "iana-time-zone"
 version = "0.1.53"
@ -2209,6 +2222,24 @@ dependencies = [
 "getrandom",
 ]

+[[package]]
+name = "native-tls"
+version = "0.2.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e"
+dependencies = [
+ "lazy_static",
+ "libc",
+ "log",
+ "openssl",
+ "openssl-probe",
+ "openssl-sys",
+ "schannel",
+ "security-framework",
+ "security-framework-sys",
+ "tempfile",
+]
+
 [[package]]
 name = "ndk"
 version = "0.7.0"
@ -2458,6 +2489,51 @@ version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"

+[[package]]
+name = "openssl"
+version = "0.10.45"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b102428fd03bc5edf97f62620f7298614c45cedf287c271e7ed450bbaf83f2e1"
+dependencies = [
+ "bitflags",
+ "cfg-if",
+ "foreign-types",
+ "libc",
+ "once_cell",
+ "openssl-macros",
+ "openssl-sys",
+]
+
+[[package]]
+name = "openssl-macros"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "openssl-probe"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
+
+[[package]]
+name = "openssl-sys"
+version = "0.9.80"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "23bbbf7854cd45b83958ebe919f0e8e516793727652e27fda10a8384cfc790b7"
+dependencies = [
+ "autocfg",
+ "cc",
+ "libc",
+ "pkg-config",
+ "vcpkg",
+]
+
 [[package]]
 name = "orbclient"
 version = "0.3.42"
@ -2851,10 +2927,12 @@ dependencies = [
 "http-body",
 "hyper",
 "hyper-rustls",
+ "hyper-tls",
 "ipnet",
 "js-sys",
 "log",
 "mime",
+ "native-tls",
 "once_cell",
 "percent-encoding",
 "pin-project-lite",
@ -2864,6 +2942,7 @@ dependencies = [
 "serde_json",
 "serde_urlencoded",
 "tokio",
+ "tokio-native-tls",
 "tokio-rustls",
 "tokio-util",
 "tower-service",
@ -3045,6 +3124,15 @@ dependencies = [
 "winapi-util",
 ]

+[[package]]
+name = "schannel"
+version = "0.1.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "713cfb06c7059f3588fb8044c0fad1d09e3c01d225e25b9220dbfdcf16dbb1b3"
+dependencies = [
+ "windows-sys 0.42.0",
+]
+
 [[package]]
 name = "scoped-tls"
 version = "1.0.1"
@ -3119,6 +3207,29 @@ dependencies = [
 "zeroize",
 ]

+[[package]]
+name = "security-framework"
+version = "2.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a332be01508d814fed64bf28f798a146d73792121129962fdf335bb3c49a4254"
+dependencies = [
+ "bitflags",
+ "core-foundation",
+ "core-foundation-sys",
+ "libc",
+ "security-framework-sys",
+]
+
+[[package]]
+name = "security-framework-sys"
+version = "2.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "31c9bb296072e961fcbd8853511dd39c2d8be2deb1e17c6860b1d30732b323b4"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
 [[package]]
 name = "semver"
 version = "1.0.16"
@ -3568,6 +3679,16 @@ dependencies = [
 "syn",
 ]

+[[package]]
+name = "tokio-native-tls"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2"
+dependencies = [
+ "native-tls",
+ "tokio",
+]
+
 [[package]]
 name = "tokio-rustls"
 version = "0.23.4"
@ -3587,8 +3708,10 @@ checksum = "54319c93411147bced34cb5609a80e0a8e44c5999c93903a81cd866630ec0bfd"
 dependencies = [
 "futures-util",
 "log",
+ "native-tls",
 "rustls",
 "tokio",
+ "tokio-native-tls",
 "tokio-rustls",
 "tungstenite",
 "webpki",
@ -3718,6 +3841,7 @@ dependencies = [
 "http",
 "httparse",
 "log",
+ "native-tls",
 "rand",
 "rustls",
 "sha1",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -10,9 +10,12 @@ default-run = "gossip"
 edition = "2021"

 [features]
-default = []
+default = ["rustls-tls"]
 lang-cjk = []

+native-tls = [ "reqwest/native-tls", "tungstenite/native-tls", "tokio-tungstenite/native-tls"]
+rustls-tls = [ "reqwest/rustls-tls", "tungstenite/rustls-tls-webpki-roots", "tokio-tungstenite/rustls-tls-webpki-roots"]
+
 [dependencies]
 async-recursion = "1.0"
 async-trait = "0.1"
@ -39,7 +42,7 @@ parking_lot = "0.12"
 qrcode = { git = "https://github.com/mikedilger/qrcode-rust" }
 rand = "0.8"
 regex = "1.7"
-reqwest = { version = "0.11", default-features=false, features = ["brotli", "deflate", "gzip", "json", "rustls-tls-webpki-roots"] }
+reqwest = { version = "0.11", default-features=false, features = ["brotli", "deflate", "gzip", "json"] }
 rusqlite = { version = "0.28", features = ["bundled", "chrono", "serde_json"] }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
@ -49,8 +52,8 @@ time = { version = "0.3", features = [ "formatting" ] }
 tokio = { version = "1", features = ["full"] }
 tracing = "0.1"
 tracing-subscriber = { version = "0.3", features = [ "std", "env-filter" ] }
-tokio-tungstenite = { version = "0.18", features = [ "rustls-tls-webpki-roots" ] }
-tungstenite = { version = "0.18", features = [ "rustls-tls-webpki-roots" ] }
+tokio-tungstenite = { version = "0.18", default-features = false, features = [ "connect", "handshake" ] }
+tungstenite = { version = "0.18", default-features = false }
 zeroize = "1.5"

 # Force scrypt to build with release-like speed even in dev mode
--- a/README.md
+++ b/README.md
@ -151,6 +151,29 @@ $ strip ./target/release/gossip
 $ ./target/release/gossip
 ````

+## Compile Options
+
+### TLS
+
+Gossip uses rustls by default. This is an SSL library in rust, which gets compiled into the binary, meaning we won't have issues trying to find your system SSL library or system CA certificates. It also means:
+
+- Gossip will fail to negotiate SSL with servers that don't have any strong ciphersuites. This is a feature, but not one that everybody wants.
+- Gossip may not compile on hardware that the `ring` crypto library does not yet support.
+
+If you wish to switch to your native TLS provider, use the following compile options:
+
+````
+  --no-default-features --features=native-tls
+````
+
+### Chinese, Japanese and Korean character sets
+
+Gossip by default does not include the CJK font because it is larger than all other languages put together, and most gossip users don't recognize those characters. If you do recognize such characters, you can compile in that font with:
+
+````
+  --features=lang-cjk
+````
+
 ## Technology Involved

 - Rust Language