Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove openssl dependency - use Rustls for acme / letsencrypt #192

Closed
2 tasks done
joepio opened this issue Oct 21, 2021 · 5 comments
Closed
2 tasks done

Remove openssl dependency - use Rustls for acme / letsencrypt #192

joepio opened this issue Oct 21, 2021 · 5 comments
Labels
good first issue Good for newcomers
Milestone
v1.0.0

Comments

@joepio
Copy link
Member

joepio commented Oct 21, 2021
edited
Loading

I think (although I'm not entirely sure) that OpenSSL is the only runtime dependency of atomic-server. It's required only for the HTTPS setup process, which is currently done using acme_lib.

I've had some issues with openssl as a dependency. It makes compiling harder, and i've had that binaries didn't run because of OpenSSL version mismatches. Not fun.

Options:

Fix current implementation acme_lib

acme_lib works fine, but it has a bunch of dependencies on OpenSSL for crypto stuff. This could be fixed, with ring for example. But it's not easy - lots of PEM dependencies, which ring doesnt support (see issue in acme-lib)

rustls-acme

  • easy to understand API
  • still maintained

async-acme

  • Lots of options (rustls / tokio) that minimize deps issues
  • No maintenence in a year

acme-micro

Uses openssl, so no

instant_acme (my favorite atm)

  • Uses rustls and ring (which I use, too)
  • Actively maintained
  • No HTTP01 support as of now, but is being worked on

(current implementation)

I made the https and https_init optional features. Not a real solution!

Custom implementation

Poem has a custom implementation

future-io-utils also

  • Make HTTPS optional, allows for non-OpenSSL required builds
  • Use Rustls for initialization (rustls-acme / async-acme)
joepio added a commit that referenced this issue Oct 25, 2021
@joepio
Make HTTPS optional #192
3ada0fe
@joepio joepio mentioned this issue Nov 25, 2021
Closed
4 tasks
@joepio joepio added the good first issue Good for newcomers label Dec 11, 2021
@jonassmedegaard
Copy link

rustls-acme uses async-std which is currently used very little (see #366). Maybe a better option is async-acme?

@jonassmedegaard
Copy link

rustls-acme also causes duplicate older branches of ureqand rustls to be pulled in, because it depends on unstable 0.x APIs and haven't been updated for some time.

@joepio
Copy link
Member Author

joepio commented Apr 3, 2022

async-acme looks even better indeed!

@jonassmedegaard
Copy link

until this issue is solved, it might make sense to consider acme-micro which seems a (somewhat) more actively maintained fork of acme_lib.

@jonassmedegaard jonassmedegaard mentioned this issue Apr 7, 2022
Closed
@joepio joepio mentioned this issue Feb 2, 2023
Closed
@joepio
Copy link
Member Author

joepio commented Feb 2, 2023

This issue just got a bit more important. My own CI pipeline broke because of openssl version mismatch. I didn't know that could happen. It even makes running the docker container impossible.

@joepio joepio added this to the v1.0.0 milestone Feb 2, 2023
joepio added a commit that referenced this issue Feb 2, 2023
@joepio
#192 #574 make openssl optional
c567b79
@joepio joepio changed the title Remove openssl dependency - use Rustls Remove openssl dependency - use Rustls for acme / letsencrypt Feb 4, 2023
joepio added a commit that referenced this issue Feb 4, 2023
@joepio
#192 #574 make openssl optional
4804569
joepio added a commit that referenced this issue Feb 4, 2023
@joepio
#192 #574 make openssl optional
117b550
This was referenced Feb 8, 2023
Open
Open
joepio added a commit that referenced this issue Feb 8, 2023
@joepio
- Replace acme_lib with instant-acme, drop OpenSSL dependency #192
8e01e28
@joepio joepio mentioned this issue Feb 8, 2023
Merged
3 tasks
joepio added a commit that referenced this issue Feb 8, 2023
@joepio
Remove openssl #192
03623d3
@joepio joepio mentioned this issue Feb 8, 2023
Closed
4 tasks
joepio added a commit that referenced this issue Feb 8, 2023
@joepio
#192 https setup docs
0586167
joepio added a commit that referenced this issue Feb 8, 2023
@joepio
#192 https setup docs
5adb462
@joepio joepio mentioned this issue Feb 9, 2023
Merged
4 tasks
joepio added a commit that referenced this issue Feb 9, 2023
@joepio
Add staging CI #589
563d28e 
Try on push

Try develop


#192 https setup docs


try again

add environments

fix yml

Try nested job

try again

Require secrets

remote_host

fix inputs

Add remote host for production
joepio added a commit that referenced this issue Feb 10, 2023
@joepio
Add https-dns option #192
065748f
joepio added a commit that referenced this issue Feb 10, 2023
@joepio
Add https-dns option #192
6fc885e
@joepio joepio closed this as completed Feb 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers
Projects
None yet
Milestone
v1.0.0
Development

No branches or pull requests
2 participants
@jonassmedegaard @joepio