-
-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use rustls as an TLS engine #199
Comments
has there been any progress on this? |
Nope, not yet, but there's an upstream issue to add support for it in the curl crate here: alexcrichton/curl-rust#341 |
Would really love this - this would make for a great performance improvement! |
Add the ability to opt-in to using rustls as the TLS engine for HTTPS requests with a `unstable-rustls-tls` crate feature. Based on upstream work in alexcrichton/curl-rust#374. See #199.
The first step for this has at long last landed, as the upstream curl crate now has a Our work on Isahc's end is not finished though, as rustls does not use the operating system's trusted root certificates by default which is going to be an expected feature for Isahc (though potientially behind a separate crate feature). I'll keep the list of remaining tasks up-to-date in the issue description from here on out for more granular tracking. In the meantime, you can now enable the |
Adding "breaking" label to this, since the way Isahc 1.0 is configured, the native TLS engine is always enabled with no way of opting-out. We need to offer rustls and the native TLS engines as separate features that can be enabled or disabled, which is a breaking change. 2.0 is likely going to be a soon(ish) release anyway (a few months away probably) so seems like a good time to make rustls support part of that effort. |
Hello, is there a tracking issue for the 2.0 release? I am looking forward to seeing this feature-flag stabilized. Thanks! |
There is no tracking issue, but there's a milestone here: https://github.com/sagebind/isahc/milestone/13. There is no due date for version 2.0, it'll be ready when it is ready. |
Any update on this? |
@lcmgh Nope, sorry. I am currently taking a break from open-source work while I deal with some time-consuming projects in my personal life. It may be autumn this year before I can resume working on this. But thanks for your interest! I still plan on pushing this to the finish line, despite delays. |
Offer rustls as an optional TLS engine. The default behavior will remain to use the system-native TLS engine, but users should be able to opt-in to using rustls just with crate features.
Remaining work:
CURLOPT_CAINFO_BLOB
to rustls backend in curl. Support merged, waiting for curl 7.82.0 release on 2022-03-02.CURLOPT_CAINFO_BLOB
support since root certs aren't available as PEM files by default on all operating systems, so we can't simply useCURLOPT_CAINFO
.rustls-tls
. This will be available in the upcoming 2.0 release.The text was updated successfully, but these errors were encountered: