Update backend dependencies #1120
Conversation
This was a fairly annoying update as it contains many breaking changes. And `ring` is annoying as usual by not providing a changelog. Now that rustls supports other crypto providers, maybe we can get rid of ring at some point. To be honest, I have not tested all code paths. I think it should work, but we should probably try loading a certificate and using TLS with the DB before the next release... or ideally before this PR is merged.
Both without breaking changes affecting us, luckily.
The dependency upgrades required that.
Wow, that was a painful update. There is still some work to be done: - At two places we create a client and `unwrap`. That client needs to be created only once during startup. - Syncing and all other HTTP client using things need to be tested. - Unix socket have to be tested (including proper output)
|
@geichelberger Do you have an easy way to test the two remaining test cases, i.e. |
|
I have nothing ready to use; why not just enable TLS for the Postgres container? |
|
"just" -> do you know something I don't? From Googling around it doesn't seem that straight forward to do that. |
|
|
|
If SSL is not enabled you get an error message: |
|
Oh it has a dummy cert built-in, cool. Thanks for the command. Now the |
|
The most crucial test case for |
|
Good point but yeah, I did indeed test that and it errored :D So that's a good sign. |
This finally updates all backend dependencies, including some big breaking changes. The most time was required by the
hyper 1.0update and the update of all the crypto related libraries.I don't think a normal code review is all too useful. At most a quick look. But more importantly I think is testing several things. Ideally this PR shouldn't be merged before we have checked all of this:
from_login_credentials = "opencast"HTTPfrom_login_credentials = "opencast"HTTPSdb.tls_mode = "on"db.tls_mode = "without-verify-cert"db.tls_mode = "off"