SergioBenitez
commented
2 years ago The main reason was because the way ring compiled did not allow two versions of the library to coexist in a single binary. See https://github.com/briansmith/ring/issues/535#issuecomment-309839961 and https://github.com/briansmith/ring/issues/575 for more. This may or may not be a contemporary issue: I sincerely cannot tell from the issue trail whether this was resolved. But, in general, the way ring is constructed brings about a lot of compilation difficulties that a library that is better integrated with Rust's and Cargo's tooling doesn't. Even now, the majority of the front-page issues on ring's issue tracker are about compilation failures, all of which are inherited by libraries (like cookie) that depend on ring. I didn't feel this was a worthwhile compromise.
Given the above, I chose to move over to the rust-crypto libraries, performing a security review on before incorporating into cookie. When all checked out, I migrated cookie to the relevant parts of the suite.
I hope this answers your question. If it doesn't, please feel free to re-open this issue.
@SergioBenitez curious if there's any additional details or rationale you can share around this?