This patch implements a feature needed for ACME - the problem being that some certificates need to be fetched from IO engines (e.g. S3 buckets) or generated via proof of ownership challenges, however rustls uses blocking logic on the certificate resolve method and hence would lock up the thread. This is especially apparent in tokio-rustls which such blocking code would also freeze up the tokio shared thread pool.
The motivations for the choices in this patch are:
minimize the impact to the external API, with forwards compatibility.
do not add an async runtime to rustls itself
minimize the amount of code changes as much as possible but while still giving the needed functionality.
This patch implements a feature needed for ACME - the problem being that some certificates need to be fetched from IO engines (e.g. S3 buckets) or generated via proof of ownership challenges, however
rustls
uses blocking logic on the certificate resolve method and hence would lock up the thread. This is especially apparent intokio-rustls
which such blocking code would also freeze up thetokio
shared thread pool.The motivations for the choices in this patch are:
rustls
itselfThe dependent library needs to be upstream before this one: https://github.com/rustls/rustls/pull/1309