search

librespot-org / librespot

Open Source Spotify client library
MIT License
4.52k stars 544 forks source link

Add support for native tls #1158

Open jirutka opened 1 year ago

jirutka commented 1 year ago

Can you please add support for native tls, i.e. allow linking against system-provided TLS library?

Rustls can't be built as a shared library, so it's always statically linked (bundled) into the application binary. So instead of having one system TLS library that can be independently patched for a vulnerability, you end up with who-knows-how-many binaries with different versions of the TLS library bundled inside. It doesn't matter if the library is written in C or Rust, it is still prone to various types of bugs, and in the case of a crypto library, they can lead to critical vulnerabilities. Also, rustls is not written purely in Rust, it is built on top of ring, which is written in assembly and C. Another problem is that ring only supports a limited set of CPU architectures (e.g. ppc64le is not supported).

roderickvd commented 1 year ago

Feel free to submit a PR. As with other project, let’s make it feature-gated to give users the choice.