extrawurst
commented
10 months ago Switching to rustls would be nice but since it keeps being dependent on libgit2 it will not be rust-only then by a long shot
Open ajalexei opened 10 months ago
extrawurst
commented
10 months ago Switching to rustls would be nice but since it keeps being dependent on libgit2 it will not be rust-only then by a long shot
ajalexei
commented
10 months ago Thanks a prompt reply.
Hmm, I overlooked that -- where is the libgit2 hidden? A quick look at the dependencies only gives ring that has some C-code.
extrawurst
commented
10 months ago It’s coming in via the git2 crate
ajalexei
commented
10 months ago Thanks. However "cargo tree (--features ring,tls12,aws_lc-rs)" does not list any git related crates for the rustls 0.22.2 release. What am I missing?
extrawurst
commented
8 months ago here is the upstream issue: https://github.com/rust-lang/git2-rs/issues/623#issuecomment-1956957013
Shnatsel
commented
8 months ago It’s coming in via the git2 crate
Not as much "coming" as "people keep asking for it but it's unlikely to happen" given that the upstream libgit2 is barely maintained.
In order to migrate cargo audit to rustls we ported it to gitoxide. It also spared us some memory safety vulnerabilities, e.g. CVE-2024-24575 and CVE-2024-24577.
extrawurst
commented
8 months ago given that the upstream libgit2 is barely maintained
I think you mean git2-rs, right? libgit2 is highly active and git2-rs is just a wrapper so there is not much maintenance needed.
we ported it to gitoxide
I whish this was an option for gitui too, but for that its just not feature complete enough yet. but maybe the over-the-wire-features from gitoxide while using git2-rs for the rest would be an option
I wonder whether
library might be a viable substitute/alternative for openssl dependence?
This would make gitui completely implemented in rust without any external dependencies.