From 2e444a17d4ae3976ea69865dd2a63ba0fb40267f Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Tue, 16 Mar 2021 17:09:47 -0700 Subject: docs: document version of crustls dependency This also pins a specific release in the Travis test so future API-breaking changins in crustls won't break curl builds. Add RUSTLS documentation to release tarball. Enable running tests for rustls, minus FTP tests (require connect_blocking, which rustls doesn't implement) and 313 (requires CRL handling). Closes #6763 --- .travis.yml | 2 +- docs/Makefile.am | 1 + docs/RUSTLS.md | 26 ++++++++++++++++++++++++++ scripts/travis/before_script.sh | 4 ++-- scripts/travis/script.sh | 6 ++++++ 5 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 docs/RUSTLS.md diff --git a/.travis.yml b/.travis.yml index 1153bd59d..69df43d00 100644 --- a/.travis.yml +++ b/.travis.yml @@ -125,7 +125,7 @@ jobs: - libbrotli-dev - libzstd-dev - env: - - T=debug RUSTLS="yes" C="--with-rustls=$HOME/crust --without-ssl" NOTESTS=1 + - T=debug-rustls RUSTLS_VERSION="v0.4.0" C="--with-rustls=$HOME/crust --without-ssl" addons: apt: <<: *common_apt diff --git a/docs/Makefile.am b/docs/Makefile.am index 5318ce206..b98c51e29 100644 --- a/docs/Makefile.am +++ b/docs/Makefile.am @@ -80,6 +80,7 @@ EXTRA_DIST = \ PARALLEL-TRANSFERS.md \ README.md \ RELEASE-PROCEDURE.md \ + RUSTLS.md \ ROADMAP.md \ SECURITY-PROCESS.md \ SSL-PROBLEMS.md \ diff --git a/docs/RUSTLS.md b/docs/RUSTLS.md new file mode 100644 index 000000000..39d96ab60 --- /dev/null +++ b/docs/RUSTLS.md @@ -0,0 +1,26 @@ +# Rustls + +[Rustls is a TLS backend written in Rust.](https://docs.rs/rustls/). Curl can +be built to use it as an alternative to OpenSSL or other TLS backends. We use +the [crustls C bindings](https://github.com/abetterinternet/crustls/). This +version of curl depends on version v0.4.0 of crustls. + +# Building with rustls + +First, [install Rust](https://rustup.rs/). + +Next, check out, build, and install the appropriate version of crustls: + + % cargo install cbindgen + % git clone https://github.com/abetterinternet/crustls/ -b v0.4.0 + % cd crustls + % make + % make DESTDIR=${HOME}/crustls-built/ install + +Now configure and build curl with rustls: + + % git clone https://github.com/curl/curl + % cd curl + % ./buildconf + % ./configure --without-ssl --with-rustls=${HOME}/crustls-built + % make diff --git a/scripts/travis/before_script.sh b/scripts/travis/before_script.sh index 181b2e286..96825f0ab 100755 --- a/scripts/travis/before_script.sh +++ b/scripts/travis/before_script.sh @@ -126,9 +126,9 @@ if [ "$TRAVIS_OS_NAME" = linux -a "$QUICHE" ]; then ln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) deps/boringssl/src/lib/ fi -if [ "$TRAVIS_OS_NAME" = linux -a "$RUSTLS" ]; then +if [ "$TRAVIS_OS_NAME" = linux -a "$RUSTLS_VERSION" ]; then cd $HOME - git clone --depth=1 --recursive https://github.com/abetterinternet/crustls.git + git clone --depth=1 --recursive https://github.com/abetterinternet/crustls.git -b "$RUSTLS_VERSION" curl https://sh.rustup.rs -sSf | sh -s -- -y source $HOME/.cargo/env cargo install cbindgen diff --git a/scripts/travis/script.sh b/scripts/travis/script.sh index 9a35affea..0cb5df1fd 100755 --- a/scripts/travis/script.sh +++ b/scripts/travis/script.sh @@ -70,6 +70,12 @@ if [ "$T" = "debug-mesalink" ]; then make "TFLAGS=-n !313 !410 !3001" test-nonflaky fi +if [ "$T" = "debug-rustls" ]; then + ./configure --enable-debug --enable-werror $C + make + make "TFLAGS=HTTPS !313" test-nonflaky +fi + if [ "$T" = "novalgrind" ]; then ./configure --enable-werror $C make -- cgit v1.2.1