Add the ssl stdlib module #1823
Conversation
a61f0ed to
a37c9c8
Compare
|
Okay, I think this is in half-decent shape now. If anyone has experience with openssl, I'd love to hear any ideas about why certificate verification isn't working. |
|
Nevermind, certificate verification does work, just not with |
80dd6ff to
6281f9c
Compare
| @@ -89,6 +91,8 @@ subprocess = "0.2.2" | |||
| num_cpus = "1" | |||
| socket2 = { version = "0.3", features = ["unix"] } | |||
| rustyline = "6.0" | |||
| openssl = "0.10" | |||
There was a problem hiding this comment.
Have we considered something pure rust? Maybe RusTLS?
There was a problem hiding this comment.
I looked into it, but _ssl's API pretty directly corresponds to OpenSSL's API; I don't think it would be guaranteed that everything we needed would be present in rustls.
95e92fe to
509ac5a
Compare
509ac5a to
5b7ee53
Compare
5b7ee53 to
1486b65
Compare
277ac0b to
d10714d
Compare
|
Is this good to merge? |
vm/src/stdlib/ssl.rs
Outdated
| #[pymethod] | ||
| fn set_ciphers(&self, cipherlist: PyStringRef, vm: &VirtualMachine) -> PyResult<()> { | ||
| let ciphers = cipherlist.as_str(); | ||
| if ciphers.contains('0') { |
There was a problem hiding this comment.
probably ciphers.contains(0 as char)?
There was a problem hiding this comment.
😳 yep, I meant '\0'
There was a problem hiding this comment.
having a test for this method call will be good to ensure this is correctly working
|
Also, would it be best to vendor openssl by using the |
|
I have no idea about |
d10714d to
7051b25
Compare
|
I think I'll look into vendoring-only-on-windows by contributing something to rust-openssl, I don't think it's possible otherwise, and it works for now. |
This fails on my PC without the |
This is all VERY flaky, with many uses of unsafe. I'm not sure if this is a good idea at this point, but it does work,
albeit not certificate verification. EDIT: certificate verification does work, just not withgoogle.com. @palaviv what's the deal? 😄