From 2b28a6e503cfe48b255f6425fedb13657b236f9c Mon Sep 17 00:00:00 2001 From: richarddavison <89518095+richarddavison@users.noreply.github.com> Date: Fri, 10 May 2024 07:59:10 +0200 Subject: [PATCH] Prepare v0.1.13-beta (#372) --- CHANGELOG.md | 19 ++++++++++++++----- Cargo.lock | 4 ++-- llrt/Cargo.toml | 2 +- llrt_core/Cargo.toml | 2 +- llrt_core/src/environment.rs | 1 + llrt_core/src/modules/net/mod.rs | 32 ++++++++++++++++---------------- 6 files changed, 35 insertions(+), 25 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 755bbc1b2a..42428f201a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,14 @@ -- Fix JSON.stringify of undefined values -- Implemeted some fs sync APIs -- Updated dependencies -- Remove `assert` in favor of `expect` for testing -- Minor fixes +- Added URL as a module +- Added navigator.userAgent +- Implemented AbortController/AbortSignal +- Port Lambda Runtime Interface Client to Rust (perf improvement) +- Increase fetch compat (abort signal, response encoding/decompression, redirect handling) +- Implemented DOMException +- Dependency updates +- Bundle @aws-sdk/client-cognito-identity-provider +- HTTP/2 support +- Expose crypto on global this +- Bug fixes + +Full list of changes: +https://github.com/awslabs/llrt/compare/v0.1.12-beta...v0.1.13-beta diff --git a/Cargo.lock b/Cargo.lock index 32be1aa819..b29aed1fd5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -882,7 +882,7 @@ dependencies = [ [[package]] name = "llrt" -version = "0.1.12-beta" +version = "0.1.13-beta" dependencies = [ "chrono", "llrt_core", @@ -894,7 +894,7 @@ dependencies = [ [[package]] name = "llrt_core" -version = "0.1.12-beta" +version = "0.1.13-beta" dependencies = [ "async-trait", "base64-simd", diff --git a/llrt/Cargo.toml b/llrt/Cargo.toml index d899328935..a11d8f3846 100644 --- a/llrt/Cargo.toml +++ b/llrt/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "llrt" -version = "0.1.12-beta" +version = "0.1.13-beta" edition = "2021" license-file = "LICENSE" diff --git a/llrt_core/Cargo.toml b/llrt_core/Cargo.toml index 152f7c446c..a4edc245e4 100644 --- a/llrt_core/Cargo.toml +++ b/llrt_core/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "llrt_core" -version = "0.1.12-beta" +version = "0.1.13-beta" edition = "2021" license-file = "LICENSE" diff --git a/llrt_core/src/environment.rs b/llrt_core/src/environment.rs index 3bd7eca549..4b31e2896b 100644 --- a/llrt_core/src/environment.rs +++ b/llrt_core/src/environment.rs @@ -3,6 +3,7 @@ pub const ENV_LLRT_NET_ALLOW: &str = "LLRT_NET_ALLOW"; pub const ENV_LLRT_NET_DENY: &str = "LLRT_NET_DENY"; pub const ENV_LLRT_NET_POOL_IDLE_TIMEOUT: &str = "LLRT_NET_POOL_IDLE_TIMEOUT"; pub const ENV_LLRT_HTTP_VERSION: &str = "LLRT_HTTP_VERSION"; +pub const ENV_LLRT_TLS_VERSION: &str = "LLRT_TLS_VERSION"; //log pub const ENV_LLRT_LOG: &str = "LLRT_LOG"; diff --git a/llrt_core/src/modules/net/mod.rs b/llrt_core/src/modules/net/mod.rs index dafff48014..a1e5197eb2 100644 --- a/llrt_core/src/modules/net/mod.rs +++ b/llrt_core/src/modules/net/mod.rs @@ -17,7 +17,7 @@ use rquickjs::{ module::{Declarations, Exports, ModuleDef}, Ctx, Result, }; -use rustls::{crypto::ring, ClientConfig, RootCertStore}; +use rustls::{crypto::ring, version, ClientConfig, RootCertStore}; use tracing::warn; use webpki_roots::TLS_SERVER_ROOTS; @@ -46,17 +46,13 @@ pub static HTTP_CLIENT: Lazy, Full>> Lazy::new(|| { let pool_idle_timeout: u64 = get_pool_idle_timeout(); + let builder = hyper_rustls::HttpsConnectorBuilder::new() + .with_tls_config(TLS_CONFIG.clone()) + .https_or_http(); + let https = match env::var(environment::ENV_LLRT_HTTP_VERSION).as_deref() { - Ok("1.1") => hyper_rustls::HttpsConnectorBuilder::new() - .with_tls_config(TLS_CONFIG.clone()) - .https_or_http() - .enable_http1() - .build(), - _ => hyper_rustls::HttpsConnectorBuilder::new() - .with_tls_config(TLS_CONFIG.clone()) - .https_or_http() - .enable_all_versions() - .build(), + Ok("1.1") => builder.enable_http1().build(), + _ => builder.enable_all_versions().build(), }; Client::builder(TokioExecutor::new()) @@ -72,11 +68,15 @@ pub static TLS_CONFIG: Lazy = Lazy::new(|| { root_certificates.roots.push(cert) } - ClientConfig::builder_with_provider(ring::default_provider().into()) - .with_safe_default_protocol_versions() - .unwrap() - .with_root_certificates(root_certificates) - .with_no_client_auth() + let builder = ClientConfig::builder_with_provider(ring::default_provider().into()); + + match env::var(environment::ENV_LLRT_TLS_VERSION).as_deref() { + Ok("1.3") => builder.with_safe_default_protocol_versions(), + _ => builder.with_protocol_versions(&[&version::TLS12]), //Use TLS 1.2 by default to increase compat and keep latency low + } + .unwrap() + .with_root_certificates(root_certificates) + .with_no_client_auth() }); pub struct NetModule;