From 3995c22414d9103f1816bdf50d718cafea7e1cba Mon Sep 17 00:00:00 2001 From: James Roberts <82052595+contrast-jproberts@users.noreply.github.com> Date: Fri, 2 Feb 2024 12:08:15 -0500 Subject: [PATCH] Use async-native-tls for websockets (#7254) This change switches from using async_tungstenite::async_tls to async_tungstenite::async_std with the async-native-tls feature. The previous feature, async_tls, used async-tls which wraps rustls. rustls bundles webpki-roots, which is a copy of Mozilla's root certificates. These certificates are used by default, and manual configuration is required to support custom certificates, such as those required by web security gateways in enterprise environments. Instead of introducing a new configuration option to Zed, async-native-tls integrates with the platform-native certificate store to support enterprise environments out-of-the-box. For MacOS, this adds support for Security.framework TLS. This integration is provided through openssl-sys, which is also the SSL certificate provider for isahc, the library underlying Zed's HTTP client. Making websockets and HTTP communications use the same SSL provider should keep Zed consistent operations and make the project easier to maintain. Release Notes: - Fixed WebSocket communications using custom TLS certificates ([#4759](https://github.com/zed-industries/zed/issues/4759)). --- Cargo.lock | 77 +++++++++---------------------------- crates/client/Cargo.toml | 2 +- crates/client/src/client.rs | 2 +- 3 files changed, 20 insertions(+), 61 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5d735cac63be106491a2619f3d9485336f06a159..b5751e0560dfe3ee59e89c0e9bd1a63838274436 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -441,6 +441,18 @@ dependencies = [ "event-listener", ] +[[package]] +name = "async-native-tls" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e9e7a929bd34c68a82d58a4de7f86fffdaf97fb2af850162a7bb19dd7269b33" +dependencies = [ + "async-std", + "native-tls", + "thiserror", + "url", +] + [[package]] name = "async-net" version = "1.7.0" @@ -570,19 +582,6 @@ version = "4.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fbb36e985947064623dbd357f727af08ffd077f93d696782f3c56365fa2e2799" -[[package]] -name = "async-tls" -version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f23d769dbf1838d5df5156e7b1ad404f4c463d1ac2c6aeb6cd943630f8a8400" -dependencies = [ - "futures-core", - "futures-io", - "rustls 0.19.1", - "webpki", - "webpki-roots 0.21.1", -] - [[package]] name = "async-trait" version = "0.1.73" @@ -600,7 +599,8 @@ version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5682ea0913e5c20780fe5785abacb85a411e7437bf52a1bedb93ddb3972cb8dd" dependencies = [ - "async-tls", + "async-native-tls", + "async-std", "futures-io", "futures-util", "log", @@ -6731,19 +6731,6 @@ dependencies = [ "rustix 0.38.30", ] -[[package]] -name = "rustls" -version = "0.19.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35edb675feee39aec9c99fa5ff985081995a06d594114ae14cbe797ad7b7a6d7" -dependencies = [ - "base64 0.13.1", - "log", - "ring", - "sct 0.6.1", - "webpki", -] - [[package]] name = "rustls" version = "0.21.7" @@ -6752,7 +6739,7 @@ checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8" dependencies = [ "ring", "rustls-webpki", - "sct 0.7.0", + "sct", ] [[package]] @@ -6895,16 +6882,6 @@ dependencies = [ "sha2 0.9.9", ] -[[package]] -name = "sct" -version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b362b83898e0e69f38515b82ee15aa80636befe47c3b6d3d89a911e78fc228ce" -dependencies = [ - "ring", - "untrusted", -] - [[package]] name = "sct" version = "0.7.0" @@ -7626,7 +7603,7 @@ dependencies = [ "paste", "percent-encoding", "rust_decimal", - "rustls 0.21.7", + "rustls", "rustls-pemfile", "serde", "serde_json", @@ -7640,7 +7617,7 @@ dependencies = [ "tracing", "url", "uuid 1.4.1", - "webpki-roots 0.24.0", + "webpki-roots", ] [[package]] @@ -9138,6 +9115,7 @@ dependencies = [ "http", "httparse", "log", + "native-tls", "rand 0.8.5", "sha-1 0.9.8", "thiserror", @@ -9845,25 +9823,6 @@ dependencies = [ "wasm-bindgen", ] -[[package]] -name = "webpki" -version = "0.21.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b8e38c0608262c46d4a56202ebabdeb094cef7e560ca7a226c6bf055188aa4ea" -dependencies = [ - "ring", - "untrusted", -] - -[[package]] -name = "webpki-roots" -version = "0.21.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aabe153544e473b775453675851ecc86863d2a81d786d741f6b76778f2a48940" -dependencies = [ - "webpki", -] - [[package]] name = "webpki-roots" version = "0.24.0" diff --git a/crates/client/Cargo.toml b/crates/client/Cargo.toml index 9bf04caa71140357b978326e1a4881edc8c6315e..f405b1a74d7558a0030f8e5174f9b47334fa2906 100644 --- a/crates/client/Cargo.toml +++ b/crates/client/Cargo.toml @@ -27,7 +27,7 @@ sum_tree = { path = "../sum_tree" } anyhow.workspace = true async-recursion = "0.3" -async-tungstenite = { version = "0.16", features = ["async-tls"] } +async-tungstenite = { version = "0.16", features = ["async-std", "async-native-tls"] } futures.workspace = true image = "0.23" lazy_static.workspace = true diff --git a/crates/client/src/client.rs b/crates/client/src/client.rs index dc95d0ca67a2d47fd15ce16dd0ebbb95346294f8..ff8adc96607b854b2345a5b2b9fa25f8088d6bec 100644 --- a/crates/client/src/client.rs +++ b/crates/client/src/client.rs @@ -1040,7 +1040,7 @@ impl Client { rpc_url.set_scheme("wss").unwrap(); let request = request.uri(rpc_url.as_str()).body(())?; let (stream, _) = - async_tungstenite::async_tls::client_async_tls(request, stream).await?; + async_tungstenite::async_std::client_async_tls(request, stream).await?; Ok(Connection::new( stream .map_err(|error| anyhow!(error))