search

paritytech / cachepot

cachepot is `sccache` with extra sec, which in turn is `ccache` with cloud storage
https://cachepot.cc
Apache License 2.0
171 stars 13 forks source link

dist: Replace openssl with pure Rust libraries for cert generation #67

Closed Xanewok closed 3 years ago

Xanewok commented 3 years ago

Last change split from https://github.com/paritytech/sccache/tree/legacy-rebased. This also includes an extra commit which upgrades rsa to 0.4 (see commit for rationale; we can skip that commit for now).

Ideally this is something that we'd like to upstream (see https://github.com/mozilla/sccache/pull/879 for previous attempt).

Xanewok commented 3 years ago

Timeouts are gone, now we actually fail to connect due to SSL/cert error :upside_down_face: 

error trying to connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1924: (unable to get local issuer certificate), caused by: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1924: (unable to get local issuer certificate), caused by: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1924:
Xanewok commented 3 years ago

Dist tests are finally green now :tada:

drahnr commented 3 years ago

The only downside with introducing rsa to v0.4 is, we now have two versions in the dependency graph: v0.4 and v0.3. That's ok for now, but as soon as we can, we should unify to one version.

Xanewok commented 3 years ago

Should we update our upstream PR with what the fixed/refreshed version from here?

drahnr commented 3 years ago

We probably should eventually, but that's not a pressing thing imho.