Skip to content

Upgrade to rustls-platform-verifier 0.6 #303

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 6, 2025
Merged

Upgrade to rustls-platform-verifier 0.6 #303

merged 2 commits into from
Jun 6, 2025

Conversation

djc
Copy link
Member

@djc djc commented Jun 5, 2025
edited
Loading

Proposed release notes

  • Seal the ConfigBuilderExt trait. This is an extension trait used to offer a more convenient server verifier configuration API. This is technically a breaking change, but we think it is unlikely that anyone has actually implemented this trait.
  • Upgrade to rustls-platform-verifier 0.6. Because the platform verifier is now initializing its root certificate store on some platforms eagerly (on initialization rather than on first use), infallible API for setting up the platform verifier has been deprecated in favor of newly added fallible API.

@djc djc requested review from cpu and ctz June 5, 2025 12:46
djc
djc commented Jun 5, 2025
View reviewed changes
src/config.rs
/// See the documentation for [rustls-platform-verifier] for more details.
///
/// [rustls-platform-verifier]: https://docs.rs/rustls-platform-verifier
#[cfg(feature = "rustls-platform-verifier")]
Copy link
Member Author

@djc djc Jun 5, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is technically not semver compatible, since we didn't seal our extension trait. It seems unlikely that anyone actually implemented it?

Should we consider deprecating with_native_roots() to try and get more people to use the platform verifier?

ctz
ctz approved these changes Jun 5, 2025
View reviewed changes
Copy link
Member

@ctz ctz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to seal ConfigBuilderExt? I think that would make this a non-breaking change.

@djc
Copy link
Member Author

djc commented Jun 5, 2025

Do we want to seal ConfigBuilderExt? I think that would make this a non-breaking change.

In the future, yes -- sealing it would be breaking now.

@djc djc force-pushed the platform-verifier-0.6 branch from 97d6f1c to bd42b90 Compare June 6, 2025 09:07
@djc djc requested a review from ctz June 6, 2025 09:08
djc added 2 commits June 6, 2025 11:11
@djc
Seal ConfigBuilderExt extension trait
e1931ee 
This is technically semver-breaking, but we think it's unlikely that
anyone has actually implemented the trait.
@djc
Upgrade to rustls-platform-verifier 0.6
60cfcc2
@djc djc force-pushed the platform-verifier-0.6 branch from bd42b90 to 60cfcc2 Compare June 6, 2025 09:11
@djc djc enabled auto-merge June 6, 2025 09:28
@djc djc disabled auto-merge June 6, 2025 09:29
@djc djc merged commit aff7441 into main Jun 6, 2025
20 of 22 checks passed
@djc djc deleted the platform-verifier-0.6 branch June 6, 2025 09:29
@djc
Copy link
Member Author

djc commented Jun 6, 2025

  • Published hyper-rustls v0.27.7 at registry crates-io
  • [new tag] v/0.27.7 -> v/0.27.7
  • Release notes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ctz ctz ctz approved these changes

@cpu cpu Awaiting requested review from cpu

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@djc @ctz