Skip to content

Commit

Permalink
Merge #135: Add use-rustls-ring feature
Browse files Browse the repository at this point in the history
8d71f95 feat: add use-rustls-ring feature (thunderbiscuit)

Pull request description:

  This PR adds the ability to build the client using the `ring` dependency for `rustls` instead of the new default `aws-lc-rs`.

  As of the [`0.23.0` release](https://github.com/rustls/rustls/releases/tag/v%2F0.23.0), rustls changed its default cryptography provider to [aws-lc-rs](https://crates.io/crates/aws-lc-rs). This new library is actually a set of bindings to a C library maintained by AWS, and they provide prebuilt bindings for [some platforms](https://aws.github.io/aws-lc-rs/platform_support.html) but not all. On these other platforms, the compilation step will attempt to build the bindings, requiring extra dependencies (CMake, libclang and others depending on the platform). This compilation step is what is currently breaking our Android and Swift builds for bdk-ffi. It is certainly possible to build the bindings (and the AWS docs on it are very nice), but for some reason I have not been able to make it work everywhere yet (local, CI, Windows).

  This PR enables us to use the previous default `ring` library for rustls. I basically have to turn off the default features on `rustls` and re-enable all of them _except_ for the `aws_lc_rs`. We also have a few feature-gated constructs in the library, for which I needed to add the new proposed `use-rustls-ring` feature in order to make all of this work for us. Let me know if there are maybe better ways to achieve this!

ACKs for top commit:
  oleonardolima:
    ACK 8d71f95
  notmandatory:
    ACK 8d71f95

Tree-SHA512: 5ea8bfac7a18700e32035518e9e8253252c8ff9064b011e14a060ac8ed7b478876ee408ce06a89af9e53de837ffa9a13fbe5030d12b48a76558fd4e8187e5651
  • Loading branch information
notmandatory committed Jul 31, 2024
2 parents 64c77ee + 8d71f95 commit 54797a0
Show file tree
Hide file tree
Showing 5 changed files with 48 additions and 14 deletions.
1 change: 1 addition & 0 deletions .github/workflows/cont_integration.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,3 +45,4 @@ jobs:
- run: cargo check --verbose --no-default-features --features=minimal,debug-calls
- run: cargo check --verbose --no-default-features --features=proxy,use-openssl
- run: cargo check --verbose --no-default-features --features=proxy,use-rustls
- run: cargo check --verbose --no-default-features --features=proxy,use-rustls-ring
5 changes: 3 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ serde_json = { version = "^1.0" }

# Optional dependencies
openssl = { version = "0.10", optional = true }
rustls = { version = "0.23", optional = true }
rustls = { version = "0.23", optional = true, default-features = false }
webpki-roots = { version = "0.25", optional = true }

byteorder = { version = "1.0", optional = true }
Expand All @@ -41,5 +41,6 @@ default = ["proxy", "use-rustls"]
minimal = []
debug-calls = []
proxy = ["byteorder", "winapi", "libc"]
use-rustls = ["webpki-roots", "rustls"]
use-rustls = ["webpki-roots", "rustls/default"]
use-rustls-ring = ["webpki-roots", "rustls/ring", "rustls/logging", "rustls/std", "rustls/tls12"]
use-openssl = ["openssl"]
18 changes: 14 additions & 4 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,22 @@ extern crate log;
#[cfg(feature = "use-openssl")]
extern crate openssl;
#[cfg(all(
any(feature = "default", feature = "use-rustls"),
any(
feature = "default",
feature = "use-rustls",
feature = "use-rustls-ring"
),
not(feature = "use-openssl")
))]
extern crate rustls;
extern crate serde;
extern crate serde_json;

#[cfg(any(feature = "use-rustls", feature = "default"))]
#[cfg(any(
feature = "default",
feature = "use-rustls",
feature = "use-rustls-ring"
))]
extern crate webpki_roots;

#[cfg(any(feature = "default", feature = "proxy"))]
Expand All @@ -51,7 +59,8 @@ mod batch;

#[cfg(any(
all(feature = "proxy", feature = "use-openssl"),
all(feature = "proxy", feature = "use-rustls")
all(feature = "proxy", feature = "use-rustls"),
all(feature = "proxy", feature = "use-rustls-ring")
))]
pub mod client;

Expand All @@ -66,7 +75,8 @@ pub use api::ElectrumApi;
pub use batch::Batch;
#[cfg(any(
all(feature = "proxy", feature = "use-openssl"),
all(feature = "proxy", feature = "use-rustls")
all(feature = "proxy", feature = "use-rustls"),
all(feature = "proxy", feature = "use-rustls-ring")
))]
pub use client::*;
pub use config::{Config, ConfigBuilder, Socks5Config};
Expand Down
30 changes: 25 additions & 5 deletions src/raw_client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,11 @@ use bitcoin::{Script, Txid};
use openssl::ssl::{SslConnector, SslMethod, SslStream, SslVerifyMode};

#[cfg(all(
any(feature = "default", feature = "use-rustls"),
any(
feature = "default",
feature = "use-rustls",
feature = "use-rustls-ring"
),
not(feature = "use-openssl")
))]
use rustls::{
Expand Down Expand Up @@ -286,7 +290,11 @@ impl RawClient<ElectrumSslStream> {
}

#[cfg(all(
any(feature = "default", feature = "use-rustls"),
any(
feature = "default",
feature = "use-rustls",
feature = "use-rustls-ring"
),
not(feature = "use-openssl")
))]
mod danger {
Expand Down Expand Up @@ -336,13 +344,21 @@ mod danger {
}

#[cfg(all(
any(feature = "default", feature = "use-rustls"),
any(
feature = "default",
feature = "use-rustls",
feature = "use-rustls-ring"
),
not(feature = "use-openssl")
))]
/// Transport type used to establish a Rustls TLS encrypted/authenticated connection with the server
pub type ElectrumSslStream = StreamOwned<ClientConnection, TcpStream>;
#[cfg(all(
any(feature = "default", feature = "use-rustls"),
any(
feature = "default",
feature = "use-rustls",
feature = "use-rustls-ring"
),
not(feature = "use-openssl")
))]
impl RawClient<ElectrumSslStream> {
Expand Down Expand Up @@ -451,7 +467,11 @@ impl RawClient<ElectrumProxyStream> {
Ok(stream.into())
}

#[cfg(any(feature = "use-openssl", feature = "use-rustls"))]
#[cfg(any(
feature = "use-openssl",
feature = "use-rustls",
feature = "use-rustls-ring"
))]
/// Creates a new TLS client that connects to `target_addr` using `proxy_addr` as a socks proxy
/// server. The DNS resolution of `target_addr`, if required, is done through the proxy. This
/// allows to specify, for instance, `.onion` addresses.
Expand Down
8 changes: 5 additions & 3 deletions src/types.rs
Original file line number Diff line number Diff line change
Expand Up @@ -315,8 +315,7 @@ pub enum Error {
CouldntLockReader,
/// Broken IPC communication channel: the other thread probably has exited
Mpsc,

#[cfg(feature = "use-rustls")]
#[cfg(any(feature = "use-rustls", feature = "use-rustls-ring"))]
/// Could not create a rustls client connection
CouldNotCreateConnection(rustls::Error),

Expand All @@ -340,7 +339,10 @@ impl Display for Error {
Error::SslHandshakeError(e) => Display::fmt(e, f),
#[cfg(feature = "use-openssl")]
Error::InvalidSslMethod(e) => Display::fmt(e, f),
#[cfg(feature = "use-rustls")]
#[cfg(any(
feature = "use-rustls",
feature = "use-rustls-ring",
))]
Error::CouldNotCreateConnection(e) => Display::fmt(e, f),

Error::Message(e) => f.write_str(e),
Expand Down

0 comments on commit 54797a0

Please sign in to comment.