-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to rustls 0.23 #3399
Upgrade to rustls 0.23 #3399
Conversation
22a380a
to
8351d62
Compare
8de5060
to
048e04c
Compare
Feels like the test matrix gets fairly extreme. IMO it doesn't really make sense to test the matrix of TLS implementations (x crypto providers) against all database versions, but that's sort of orthogonal. |
It is rather important, because it's caught incompatibilities that have crept in upstream: #3091 |
Oh, I could absolutely see testing recent versions of the databases against all TLS stacks (and potentially crypto providers), just not sure it's all that valuable to do this against the entire back catalog of database versions. |
It's not the entire back catalog, the policy is the oldest and newest actively supported versions. MariaDB is a bit of a special case because we added the If there are any versions that don't fit with this policy, it's just because the file hasn't been updated. As for testing Ring vs I don't care as much anymore about the number of CI passes as I used to. I'm perfectly happy to let Micro$oft foot the bill. |
Crypto providers might definitely have different cipher suites. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add a note about crypto providers to https://github.com/launchbadge/sqlx/blob/main/src/lib.md#tls-support?
Done. |
Upgrade rustls to 0.23.x. The tricky part here is that rustls since 0.22 exposes two
CryptoProvider
implementations here. So far I've exposed separate features for each, but this still runs the risk that a project that ends up with crates selecting rustls with different crypto providers picks an unexpected one. I guess there's not much of a solution for that, but open to feedback about what you think the right direction is for sqlx.