Skip to content

tor-rtcompat: Add support for a rustls backend

Nick Mathewson requested to merge nickm/arti:rustls_v2 into main

Building on the earlier refactoring of !251 (merged), this branch moves native_tls usage into its own module, and adds rustls support as well.

There were some difficulties here: see commit messages and comments for details. Notably:

  • The x509-signature crate rejects our old dummy unit-testing certificate, so I had to make a new one. It wasn't possible to mimic real Tor x509 certs from the command line, so I had to kludge some C code together.
  • OpenSSL 1.1 and Rustls had different ideas about whether you can use RSA-PSS with TLS 1.2.

This branch isn't the last word on rustls: I will want to refactor the APIs used to create all these Runtimes (#301 (closed)) and make native_tls optional (#300 (closed)). I'll open new tickets for those once this is done.

Closes #86 (closed)

Edited by Nick Mathewson

Merge request reports

Loading