Version bumps

[okjodom]

• bump rustls from 0.19.0 to 0.21.0 and tonic from 0.6.2 to 0.10.0. Tonic related dependencies are also bumped
  • Tonic v0.7 introduced a breaking change removing direct tonic transport configuration with rustls::ClientConfig, reason being that tonic needs to avoid version lock with rustls, i.e changes in rustls APIs should not break tonic. The recommended workaround is to directly use hyper and tonic, avoiding tonic::transport
• bump rust edition from 2018 to 2021 to fix tonic-lnd codegen
• extra: update and fix examples
• extra: bump msrv to 1.65.0

[Kixunil]

Oh, crap, removing config is terrible.

[okjodom]

@sr-gi I believe we cracked it! Please take a look at the latest iteration in PR 🥳

[okjodom]

Additional concerns with this version bump:

• Regarding cert verification, I went with a simple check to see if provided cert is an end entity, but I feel like we should have more robust verification.
• Should we redefine msrv?

cc @Kixunil

[sr-gi]

tACK 0a13823

I cannot believe that just packing the Client and Interceptor in an InterceptedService service did the trick. So happy :DD

[sr-gi]

reACK 90637b1

[sr-gi]

This is the only part I'm not 100% sure about, it would be good to double-check for a cert that is signed by letsencrypt

[okjodom]

I've dropped this custom validation after checking against letsencrypt certs and seeing failures. My tests were inconclusive though. Some of the failures seemed expected, i.e when I passed a certificate that was not provided by server to client

Maybe it's best to consider the whole custom validation changes as follow up improvement

[sr-gi]

How did you manage to create the letsencytp cert for LND? I'll give it a go tomorrow and if we cannot get far we can just leave it as it was and tackle it down the line

[okjodom]

Let's test it together tomorrow

[dpc]

I'm a bit out of context here, but on my level of understanding LGTM. Please ping me once you want to land and there are no outstanding issues, if you need someone to approve.

[douglaz]

Perhaps we need to review the cert verification in future but LGTM for now

[sr-gi]

For context, I think we could create our own custom certificate verifier based on: briansmith/webpki#127, which allows self-signed certs, and then pass it to rustls via with_custom_certificate_verifier

[sr-gi]

For context, I think we could create our own custom certificate verifier based on: briansmith/webpki#127, which allows self-signed certs, and then pass it to rustls via with_custom_certificate_verifier

I think this may actually be harder than I though. It requires copying a lot of functionality from webpky given most of it is not public. I think we should, at least, verify that the end_entity cert is within the ones presented.