Comments (9)
@djc , my use case is quite generic and very broad. I want to be able to replace the libssl.so.3 and associated headers on Linux (I generally use an OpenWrt-based system) with a rustls implementation to allow for use of rustls without changing every application that may use OpenSSL. For me, the aim is to reduce potential CVEs on customer equipment that are often appearing from OpenSSL and C-based TLS implementations.
For example, add support for curl/ wget/ mosquitto/ any higher level TLS application without having to change the code AT ALL from the OpenSSL implementations. It should be zero effort for the maintainers of other packages to use rustls once it is used in the distro they are building for.
It becomes more complicated when other engines are used (like pkcs#11 or whatver) in OpenSSL though, but TLS for curl-like tools without additional application development would be ideal.
from rustls-openssl-compat.
Work has already started on this -- in private for now. Will discuss if/when we can open it up.
Note that we do already have the rustls-ffi crate that offers a C API for rustls.
from rustls-openssl-compat.
Good question! We have two initial targets: curl and nginx (both unmodified binaries, from ubuntu 22.04 packages). curl works in a basic sense (the dynamic linker is happy and it can fetch google.com); nginx is still in progress.
from rustls-openssl-compat.
Good to hear @djc . Propose we leave this open for comment etc when that is opened up. Certainly I'm keen to help on that if I can.
from rustls-openssl-compat.
@djc great to hear! Yes please open this up. Exactly when - decision use yours.
from rustls-openssl-compat.
@SimonTate @mouse07410 can you talk a bit about your respective use cases (assuming they're not the same)? This will help us prioritize our work and consider your perspectives.
from rustls-openssl-compat.
(FWIW, are you aware that curl already allows compilation with rustls via rustls-ffi? This has been experimental because there are a few open issues -- if you're interested in that would be a great way to contribute.)
from rustls-openssl-compat.
@djc , yeah I'm aware of that and will take more of a look at the issues. Thanks for the reminder 😄
For this - are you/ people working on this starting with a specific application linking with a rustls based .so? Would be great to build up the functionality of the compatibility layer by enabling applications of increasing complexity (imo).
from rustls-openssl-compat.
cpu transferred this issue from rustls/rustls now
The compat repository is now public, so I've moved this issue over here.
from rustls-openssl-compat.
Related Issues (9)
- Adopt rustls-ffi arc_castable!, box_castable!, ref_castable! macros
- Support certificate validation callback
- Extend authentication key support
- Respect direct manipulation of `X509_STORE`
- Client session caching support is minimal HOT 1
- Implement SSL_CONF_*
- (Question) How programs use it? HOT 1
- unsupported:_SSL_CTX_set_info_callback when start nginx HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rustls-openssl-compat.