mirror of
https://github.com/RustPython/RustPython.git
synced 2026-06-02 19:39:49 +09:00
30ae48b24b
* Modularize rustls as work towards providers `rustls`'s architecture is very clean and trait-driven. There are many providers for `rustls` including the built-in `aws-lc-rs` and `ring` as well as backends for `boringssl`, `graviola`, `openssl`, `mbedtls`, etc. This commit removes the hard dependency on `aws-lc-rs` and adds support for `ring`. It works towards #7059 as well. * Clean up rustls features * Remove ring as an explicit feature * ssl-rustls is the default and implies aws-lc * Support custom rustls crypto providers The new feature, `ssl-rustls-no-provider`, enables custom rustls providers. By default, `aws-lc-rs` is enabled which matches the old behavior and keeps backward compatibility. I wrote a new type that abstracts what we need from crypto providers. CryptoExt encapsulates the ticketer as well as cipher suites and KX groups. I wrote fallbacks to help select a reasonable default if a provider is missing features (they all seem to support the same things though). I also wrote an example to show how to actually use custom providers. * Fix duplicate VERIFY_X509 constants and unused imports in ssl module Remove duplicate VERIFY_X509_STRICT/VERIFY_X509_PARTIAL_CHAIN definitions from compat.rs (already defined in _ssl module with #[pyattr]). Remove unused imports: ClientConnection, ServerConnection. * no-provider as default * Fix CI failures: openssl build, wasm target, cargo-shear - Update openssl.rs to use renamed sock_wait/SockWaitKind and add vm parameter - Add skip_ssl for wasm32-wasip2 target (aws-lc-sys cannot build for wasm) - Remove unused workspace dependency aws-lc-rs - Fix foreign-types-shared version to match openssl's dependency (0.1) - Restore Cargo.lock from upstream/main --------- Co-authored-by: Jeong, YunWon <jeong@youknowone.org>