search

rapiz1 / rathole

A lightweight and high-performance reverse proxy for NAT traversal, written in Rust. An alternative to frp and ngrok.
Apache License 2.0
9.8k stars 488 forks source link

Use rustls for tls implementation #152

Closed sunng87 closed 9 months ago

sunng87 commented 2 years ago

This patch switches tls backend to rustls from openssl. This makes cross-compiling to arm and other architecture easier by not requiring openssl headers. Also the rustls implementation is more future promising in term of security and safety.

I will be using this branch in my own setup. If the change makes sense, I will finish some minor TODO items to improve the code quality.

Thank you for this excellent tool!

rapiz1 commented 2 years ago

Thanks for your contribution! Shifting to rustls has been on my mind for pretty long time. But there are two main blockers:

  1. rustls doesn't support cert for ip, which has been an issue for years, waiting for the maintainer to fix.

  2. Rummors are that rustls makes it harder to cross compile for minor platforms. E.g. mips. However, I've not checked whether rustls compile for all platforms that rathole currently supports

---Original--- From: "Ning @.> Date: Fri, Apr 8, 2022 23:19 PM To: @.>; Cc: @.***>; Subject: [rapiz1/rathole] Use rustls for tls implementation (PR #152)

This patch switches tls backend to rustls from openssl. This makes cross-compiling to arm and other architecture easier by not requiring openssl headers. Also the rustls implementation is more future promising in term of security and safety.

I will be using this branch in my own setup. If the change makes sense, I will finish some minor TODO items to improve the code quality.

Thank you for this excellent tool!

You can view, comment on, or merge this pull request online at:

  https://github.com/rapiz1/rathole/pull/152

Commit Summary

18d38c6 refactor: use rustls for tls implementation

File Changes

(3 files)

 M     Cargo.lock     (363)      

 M     Cargo.toml     (5)      

 M     src/transport/tls.rs     (127)

Patch Links:

https://github.com/rapiz1/rathole/pull/152.patch

https://github.com/rapiz1/rathole/pull/152.diff

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.***>

rapiz1 commented 2 years ago

I'm thinking about adding a compile flag ( features, in cargo's terms) to compile with rustls, instead of replacing openssl. We can use this as meditation since rustls doesn't fit all our requirements (see above). Are you still interested in this work?

sunng87 commented 2 years ago

@rapiz1 I'm no longer working on this. So feel free to pick it up for further development. Using feature flag for rustls makes a lot of sense. Thank you!

sunmy2019 commented 9 months ago

Interesting. I am struggling with rustls now. Glad to find this PR.

sunmy2019 commented 9 months ago

rustls 0.22 introducing some breaking changes that invalidates this code.

I am discovering how to fix. May take longer than I expected.

rapiz1 commented 9 months ago

merged via https://github.com/rapiz1/rathole/pull/330