This PR removes the openssl dependency in favor of rustls. The benefits to doing this are:
Less unsafe: openssl relies on the openssl-sys FFI crate, which wraps unsafe FFIs with no added soundness guarantees, afaik. rustls is written in Rust and provides no unsafe features by default.
No openssl-sys: Linux, macOS and other UNIX-users have to install a dev-package for the openssl library in order to compile chorus. This PR changes that, improving portability
No openssl, in general: OpenSSL has a long history of implementation defects. Naturally, removing the OpenSSL dependency in favor of a modern and safe replacement changes this.
Note, that with this PR, certificates are no longer provided by the system, but rather by the webpki_roots crate, which "is a crate containing Mozilla's root certificates for use with the webpki or rustls crates.". A feature could be added in the future to choose between rustls+webpki and rustls+native_certs (likely re-introducing openssl as a dependency),
This PR removes the
openssl
dependency in favor ofrustls
. The benefits to doing this are:unsafe
:openssl
relies on theopenssl-sys
FFI crate, which wrapsunsafe
FFIs with no added soundness guarantees, afaik.rustls
is written in Rust and provides nounsafe
features by default.openssl-sys
: Linux, macOS and other UNIX-users have to install a dev-package for the openssl library in order to compile chorus. This PR changes that, improving portabilityNote, that with this PR, certificates are no longer provided by the system, but rather by the
webpki_roots
crate, which "is a crate containing Mozilla's root certificates for use with the webpki or rustls crates.". A feature could be added in the future to choose between rustls+webpki and rustls+native_certs (likely re-introducing openssl as a dependency),