Skip to content

Commit b5a1ea3

Browse files
committed
Almost a complete rewrite of rustls integration
Main changes: * Now it contains understandable connection state machine instead of a handful of entangled variables. * OID and NID mappings are generated from OpenSSL data files. Some mappings are still hardcoded but those are much smaller than before and are actually testable. * OpenSSL-compatible cipher list string (`man openssl-ciphers`) is parsed correctly (I hope so). * Difference between socket IO and buffered IO handling is minimal. Please check the module-level doc comment in crates/stdlib/src/rustls.rs for additional information. What is missing: * ssl timeout support. Normal socket timeouts still work just fine but Python's ssl module implementation handles timeouts for whole SSL/TLS operations, like handshake. This does not break anything and just makes timeouts imprecise so I believe that proper timeouts can be implemented later. * Socket IO still uses _socket.socket.send/recv instead of methods of the socket object itself. Otherwise everything hangs and this must be investigated. * See other TODO items in crates/stdlib/src/rustls.rs
1 parent 3f5cb40 commit b5a1ea3

14 files changed

Lines changed: 5334 additions & 9469 deletions

File tree

Cargo.lock

Lines changed: 33 additions & 236 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ threading = ["rustpython-vm/threading", "rustpython-stdlib/threading"]
2424
sqlite = ["rustpython-stdlib/sqlite"]
2525
ssl = ["host_env"]
2626
ssl-rustls = ["ssl", "rustpython-stdlib/ssl-rustls"]
27-
ssl-rustls-aws-lc = ["ssl-rustls", "dep:rustls", "rustls/aws_lc_rs"]
27+
ssl-rustls-aws-lc = ["ssl-rustls", "dep:rustls", "rustls/aws_lc_rs", "rustpython-stdlib/ssl-rustls-aws-lc"]
2828
ssl-rustls-aws-lc-fips = ["ssl-rustls-aws-lc", "rustls/fips"]
2929
ssl-openssl = ["ssl", "rustpython-stdlib/ssl-openssl"]
3030
ssl-openssl-vendor = ["ssl-openssl", "rustpython-stdlib/ssl-openssl-vendor"]
@@ -197,7 +197,6 @@ ruff_source_file = { package = "rustpython-ruff_source_file", version = "0.15.8"
197197
# ruff_text_size = { git = "https://github.com/astral-sh/ruff.git", rev = "c2a8815842f9dc5d24ec19385eae0f1a7188b0d9" }
198198
# ruff_source_file = { git = "https://github.com/astral-sh/ruff.git", rev = "c2a8815842f9dc5d24ec19385eae0f1a7188b0d9" }
199199

200-
der = { version = "0.8", features = ["alloc", "oid", "pem", "zeroize"] }
201200
phf = { version = "0.13.1", default-features = false, features = ["macros"]}
202201
adler32 = "1.2.0"
203202
approx = "0.5.1"
@@ -273,7 +272,6 @@ optional = "0.5"
273272
parking_lot = "0.12.3"
274273
paste = "1.0.15"
275274
pbkdf2 = "0.13"
276-
pem-rfc7468 = "1.0"
277275
pkcs8 = "0.11"
278276
proc-macro2 = "1.0.105"
279277
psm = "0.1"
@@ -287,9 +285,9 @@ result-like = "0.5.0"
287285
rustix = { version = "1.1", features = ["event", "param", "system"] }
288286
rustls = { version = "0.23.39", default-features = false }
289287
rustls-graviola = "0.3"
290-
rustls-native-certs = "0.8"
291-
rustls-pemfile = "2.2"
288+
rustls-pki-types = { version = "1.14.1", default-features = false }
292289
rustls-platform-verifier = "0.7"
290+
webpki = { package = "rustls-webpki", version = "0.103.13", default-features = false }
293291
rustyline = "18"
294292
serde = { version = "1.0.225", default-features = false, features = ["alloc", "derive"] }
295293
serde_bytes = { version = "0.11.19", default-features = false, features = ["std"] }
@@ -327,9 +325,7 @@ windows-sys = "0.61.2"
327325
wasm-bindgen = "0.2.106"
328326
wasm-bindgen-futures = "0.4"
329327
web-sys = "0.3"
330-
webpki-roots = "1.0"
331328
which = "8"
332-
x509-cert = "0.2.5"
333329
x509-parser = "0.18"
334330
xml = "1.3"
335331
writeable = "0.6"

crates/stdlib/Cargo.toml

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -19,12 +19,14 @@ sqlite = ["dep:libsqlite3-sys"]
1919
# SSL backends
2020
ssl = ["host_env"]
2121
ssl-rustls = ["__ssl-rustls", "rustls/custom-provider"]
22+
ssl-rustls-aws-lc = ["ssl-rustls", "rustls/aws_lc_rs"]
23+
ssl-rustls-fips = ["ssl-rustls-aws-lc", "rustls/fips"]
2224
ssl-openssl = ["ssl", "openssl", "openssl-sys", "foreign-types-shared", "openssl-probe"]
2325
ssl-openssl-vendor = ["ssl-openssl", "openssl/vendored"]
2426
tkinter = ["dep:tk-sys", "dep:tcl-sys", "dep:widestring"]
2527
flame-it = ["flame"]
2628

27-
__ssl-rustls = ["ssl", "rustls", "rustls-native-certs", "rustls-pemfile", "rustls-platform-verifier", "x509-cert", "x509-parser", "der", "pem-rfc7468", "webpki-roots", "oid-registry", "pkcs8"]
29+
__ssl-rustls = ["ssl", "rustls", "rustls-pki-types", "rustls-platform-verifier", "webpki", "x509-parser", "oid-registry", "pkcs8", "serde", "rustpython-vm/serde"]
2830

2931
[dependencies]
3032
# rustpython crates
@@ -116,16 +118,13 @@ foreign-types-shared = { workspace = true, optional = true }
116118

117119
# Rustls dependencies (optional, for ssl-rustls feature)
118120
rustls = { workspace = true, default-features = false, features = ["std", "tls12"], optional = true }
119-
rustls-native-certs = { workspace = true, optional = true }
120-
rustls-pemfile = { workspace = true, optional = true }
121+
rustls-pki-types = { workspace = true, optional = true }
121122
rustls-platform-verifier = { workspace = true, optional = true }
122-
x509-cert = { workspace = true, features = ["pem", "builder"], optional = true }
123+
webpki = { workspace = true, optional = true }
123124
x509-parser = { workspace = true, optional = true }
124-
der = { workspace = true, optional = true }
125-
pem-rfc7468 = { workspace = true, features = ["alloc"], optional = true }
126-
webpki-roots = { workspace = true, optional = true }
127-
oid-registry = { workspace = true, features = ["x509", "pkcs1", "nist_algs"], optional = true }
128-
pkcs8 = { workspace = true, features = ["encryption", "pkcs5", "pem"], optional = true }
125+
pkcs8 = { workspace = true, features = ["encryption", "pkcs5"], optional = true }
126+
oid-registry = { workspace = true, optional = true }
127+
serde = { workspace = true, optional = true }
129128

130129
[target.'cfg(not(any(target_os = "android", target_arch = "wasm32")))'.dependencies]
131130
libsqlite3-sys = { workspace = true, features = ["bundled"], optional = true }
@@ -141,6 +140,7 @@ system-configuration = { workspace = true }
141140

142141
[dev-dependencies]
143142
insta = { workspace = true }
143+
rustls = { workspace = true, default-features = false, features = ["aws_lc_rs", "std", "tls12"] }
144144
rustpython-pylib = { workspace = true, features = [ "freeze-stdlib" ] }
145145

146146

crates/stdlib/src/lib.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,7 @@ mod openssl;
131131
not(target_arch = "wasm32"),
132132
feature = "__ssl-rustls"
133133
))]
134+
#[path = "rustls.rs"]
134135
pub mod ssl;
135136

136137
#[cfg(all(feature = "ssl-openssl", feature = "__ssl-rustls", not(clippy)))]

0 commit comments

Comments
 (0)