tor-rtcompat: Add support for a rustls backend (!260) · Merge requests · The Tor Project / Core / Arti

Nick Mathewson requested to merge nickm/arti:rustls_v2 into main Jan 24, 2022

Building on the earlier refactoring of !251 (merged), this branch moves native_tls usage into its own module, and adds rustls support as well.

There were some difficulties here: see commit messages and comments for details. Notably:

The x509-signature crate rejects our old dummy unit-testing certificate, so I had to make a new one. It wasn't possible to mimic real Tor x509 certs from the command line, so I had to kludge some C code together.
OpenSSL 1.1 and Rustls had different ideas about whether you can use RSA-PSS with TLS 1.2.

This branch isn't the last word on rustls: I will want to refactor the APIs used to create all these Runtimes (#301 (closed)) and make native_tls optional (#300 (closed)). ~~I'll open new tickets for those once this is done.~~

Closes #86 (closed)

Edited Jan 25, 2022 by Nick Mathewson

tor-rtcompat: Add support for a rustls backend

Merge request reports