Support using mbedtls #142
Conversation
|
macOS build failed, seems unrelated to this change |
| @@ -20,7 +24,10 @@ tempfile = "3.0" | |||
| [target.'cfg(target_os = "windows")'.dependencies] | |||
| schannel = "0.1.16" | |||
|
|
|||
| [target.'cfg(not(any(target_os = "windows", target_os = "macos", target_os = "ios")))'.dependencies] | |||
| [target.'cfg(feature = "mbedtls")'.dependencies] | |||
There was a problem hiding this comment.
You can't cfg on features in the dependency section.
If this is designed for SGX, should it just be filtered to that target_os?
| where | ||
| S: io::Read + io::Write | ||
| { | ||
| // If any of the ? fail then memory leaks ... |
| None | ||
| }; | ||
|
|
||
| unsafe { |
There was a problem hiding this comment.
I'm not sure I'm on board with this much unsafe code for just establishing a TLS connection. Why can't the mbedtls crate provide a safe interface?
There was a problem hiding this comment.
The current Rust API for MbedTLS doesn't take ownership of anything. So if you run your entire server on a single stack, no unsafe is needed. However, if you want to do something else, you need self-referential structs.
| if self.session != ::std::ptr::null_mut() { | ||
| Box::from_raw(self.session); | ||
| } | ||
| Box::from_raw(self.socket); |
There was a problem hiding this comment.
Why do these all need to be raw pointers if they're treated as owned data?
1 similar comment
Mbedtls is somewhat easier to use in certain situations where no OS facilities are present, such as bare metal or in SGX enclaves. This PR allows building native-tls with mbedtls as an alternative to OpenSSL.