Skip to content

Commit c9b3f70

Browse files
authored
Add experimental support for rustls (#374)
* Add experimental support for rustls This adds experimental support for using rustls as a TLS backend for curl. This is made possible by the upstream rustls support recently merged into master. As such, this branch also updates the bundled curl version to the bleeding edge. We need to use a fork of the crustls wrapper layer for now in order to depend on it in an ideal way. I will work on upstreaming these changes before this can be merged. There's still some things that will need to be solved before we make this available for everyone, but I am already able to run a sample program with HTTPS successfully under rustls, which is very promising! * Formatting * Formatting * Add feature to readme * Use upstream version of crustls * Update to latest main * Update to bleeding edge * Add rustls test to CI * Bump to 0.8.2, disable bundled log capture * Use rustls-ffi version from Crates.io
1 parent a9ea4b0 commit c9b3f70

File tree

7 files changed

+45
-0
lines changed

7 files changed

+45
-0
lines changed

Cargo.toml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ ssl = ["openssl-sys", "openssl-probe", "curl-sys/ssl"] # OpenSSL/system TLS back
4444
mesalink = ["curl-sys/mesalink"] # MesaLink TLS backend
4545
http2 = ["curl-sys/http2"]
4646
spnego = ["curl-sys/spnego"]
47+
rustls = ["curl-sys/rustls"]
4748
static-curl = ["curl-sys/static-curl"]
4849
static-ssl = ["curl-sys/static-ssl"]
4950
force-system-lib-on-osx = ['curl-sys/force-system-lib-on-osx']
@@ -57,6 +58,10 @@ ntlm = ["curl-sys/ntlm"]
5758
name = "atexit"
5859
harness = false
5960

61+
[[example]]
62+
name = "https"
63+
path = "examples/https.rs"
64+
6065
[[example]]
6166
name = "ssl_proxy"
6267
path = "examples/ssl_proxy.rs"

README.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -123,6 +123,9 @@ libcurl and the system-wide SSL library. Some of this behavior can be customized
123123
with various Cargo features:
124124

125125
- `ssl`: Enable SSL/TLS support using the platform-default TLS backend. On Windows this is [Schannel], on macOS [Secure Transport], and [OpenSSL] (or equivalent) on all other platforms. Enabled by default.
126+
- `rustls` Enable SSL/TLS support via [Rustls], a well-received alternative TLS backend written in Rust. Rustls is always statically linked. Disabled by default.
127+
128+
Note that Rustls support is experimental within Curl itself and may have significant bugs, so we don't offer any sort of stability guarantee with this feature.
126129
- `mesalink`: Enable SSL/TLS support via [MesaLink], an alternative TLS backend written in Rust based on [Rustls]. MesaLink is always statically linked. Disabled by default.
127130
- `http2`: Enable HTTP/2 support via libnghttp2. Disabled by default.
128131
- `static-curl`: Use a bundled libcurl version and statically link to it. Disabled by default.

ci/run.sh

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@ set -ex
55
cargo test --target $TARGET --no-run
66
# First test with no extra protocols enabled.
77
cargo test --target $TARGET --no-run --features static-curl
8+
# Then with rustls TLS backend.
9+
cargo test --target $TARGET --no-run --features rustls,static-curl
810
# Then with all extra protocols enabled.
911
cargo test --target $TARGET --no-run --features static-curl,protocol-ftp,ntlm
1012
if [ -z "$NO_RUN" ]; then

curl-sys/Cargo.toml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,11 @@ optional = true
3030
default-features = false
3131
features = ["client_apis", "error_strings", "tls13", "aesgcm", "chachapoly", "x25519", "ecdh", "ecdsa", "verifier"]
3232

33+
[dependencies.rustls-ffi]
34+
version = "0.8"
35+
optional = true
36+
features = ["no_log_capture"]
37+
3338
[target.'cfg(all(unix, not(target_os = "macos")))'.dependencies]
3439
openssl-sys = { version = "0.9", optional = true }
3540

@@ -47,6 +52,7 @@ cc = "1.0"
4752
default = ["ssl"]
4853
ssl = ["openssl-sys"]
4954
http2 = ["libnghttp2-sys"]
55+
rustls = ["rustls-ffi"]
5056
static-curl = []
5157
static-ssl = ["openssl-sys/vendored"]
5258
spnego = []

curl-sys/build.rs

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -274,6 +274,10 @@ fn main() {
274274
} else {
275275
cfg.define("HAVE_UNIX", None);
276276
}
277+
} else if cfg!(feature = "rustls") {
278+
cfg.define("USE_RUSTLS", None)
279+
.file("curl/lib/vtls/rustls.c")
280+
.include(env::var_os("DEP_RUSTLS_FFI_INCLUDE").unwrap());
277281
} else if cfg!(feature = "ssl") {
278282
if windows {
279283
// For windows, spnego feature is auto on in case ssl feature is on.

curl-sys/lib.rs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,8 @@ extern crate libz_sys;
1010
extern crate mesalink;
1111
#[cfg(link_openssl)]
1212
extern crate openssl_sys;
13+
#[cfg(feature = "rustls")]
14+
extern crate rustls_ffi;
1315

1416
use libc::c_ulong;
1517
use libc::{c_char, c_double, c_int, c_long, c_short, c_uint, c_void, size_t, time_t};

examples/https.rs

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
//! Simple HTTPS GET
2+
//!
3+
//! This example is a Rust adaptation of the [C example of the same
4+
//! name](https://curl.se/libcurl/c/https.html).
5+
6+
extern crate curl;
7+
8+
use curl::easy::Easy;
9+
use std::io::{stdout, Write};
10+
11+
fn main() -> Result<(), curl::Error> {
12+
let mut curl = Easy::new();
13+
14+
curl.url("https://example.com/")?;
15+
curl.write_function(|data| {
16+
stdout().write_all(data).unwrap();
17+
Ok(data.len())
18+
})?;
19+
20+
curl.perform()?;
21+
22+
Ok(())
23+
}

0 commit comments

Comments
 (0)