fix(features): don't enable rustls/default from rustls-ring#220
Open
EddieHouston wants to merge 1 commit into
Open
fix(features): don't enable rustls/default from rustls-ring#220EddieHouston wants to merge 1 commit into
EddieHouston wants to merge 1 commit into
Conversation
"rustls/ring" (without ?) also activates the crate's explicit `rustls`
feature, which enables rustls/default, i.e. the aws-lc-rs provider. So
use-rustls-ring ends up enabling both crypto providers on rustls, and any
crate in the same binary relying on the process-default provider panics
("exactly one of aws-lc-rs and ring"). Use the ?/ syntax so rustls-ring
stays ring-only.
Fixes bitcoindevkit#219
Contributor
Author
|
same zeroize MSRV as seen in #219 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #219.
The
rustls-ringfeature used"rustls/ring"(without?), which also activates the crate's explicitrustlsfeature, and that feature enablesrustls/default, i.e. the aws-lc-rs provider. So a downstream asking foruse-rustls-ring(expecting ring only) ended up with both providers enabled on rustls:With both providers compiled in, any crate in the same binary relying on rustls's process-default provider panics on first TLS use ("exactly one of aws-lc-rs and ring"). electrum-client itself is unaffected (it selects its provider explicitly), but we hit this in lwk after bumping electrum-client 0.21 -> 0.25: the shared rustls went from ring-only to ring + aws-lc-rs and an unrelated tokio-tungstenite connection started panicking.
Before (on master,
--no-default-features --features use-rustls-ring):After:
The default (
rustls/aws-lc) feature path is unchanged. Note this is behavior-visible for any downstream that unintentionally relied on the leak to get aws-lc-rs while only enablinguse-rustls-ring; they would need to enable the aws-lc provider themselves.