Update dependencies (rustls and axum-server)

[tmpfs]

Hi,

I would like to integrate this into a project that uses a newer version of rustls and axum-server so I am trying to update the dependencies.

I am working through the changes here:

https://github.com/rustls/rustls/releases/tag/v%2F0.22.0

But am not sure what to do about OwnedTrustAnchor, do you think you could take a look and advise.

This is the error:

error[E0433]: failed to resolve: could not find `OwnedTrustAnchor` in `rustls`
  --> src/config.rs:54:21
   |
54 |             rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
   |                     ^^^^^^^^^^^^^^^^ could not find `OwnedTrustAnchor` in `rustls`

Thanks 🙏

Edit, a reminder for myself, I am using this to step through the compiler errors:

cargo run --example low_level_axum --features axum -- -d localhost

[tmpfs]

Ok so the OwnedTrustAnchor problem is resolved; now I just need to figure out the correct way to use the new CertificateDer and PrivateKeyDer types.

[tmpfs]

@Frando and @dignifiedquire - this now compiles and it appears to be behaving the same as before but would appreciate a review.

The assumption i make is that we should be using Pkcs8 (and the new PrivatePkcs8KeyDer type in pki_types) to do the conversion to PrivateKeyDer - is that correct?

It's also worth noting that I had to change the behavior of the reqwest client to use it's own version of rustls as it has not been upgraded to rustls@0.22 yet, failing to do so would yield a TLS backend error as it would call use_preconfigured_tls() with an incompatible client config (different versions of rustls). This means we could also do some cleanup of ClientConfig in parts of the code as its no longer being used in https_helper.

[dignifiedquire]

this removes the ability to pass the client config, which is not good, we should wait until reqwest is updated and we can pass it along again

[dignifiedquire]

looks like this is part of seanmonstar/reqwest#2059

[dignifiedquire]

The assumption i make is that we should be using Pkcs8 (and the new PrivatePkcs8KeyDer type in pki_types) to do the conversion to PrivateKeyDer - is that correct?

This looks correct asfaict

[tmpfs]

Thanks for taking a look @dignifiedquire , I am already subscribed to that reqwest issue as I also need that to land to settle on http/hyper v1.

Will update this PR once that lands and revert to use_preconfigured_tls().

[tmpfs]

Hi @dignifiedquire,

We now have a compatible version of reqwest available so I have updated to 0.12 and restored the call to use_preconfigured_tls() however I get this error when I run the example:

Unknown TLS backend passed to `use_preconfigured_tls`

The reqwest docs clearly indicate this can happen when a TLS backend version mismatch occurs however running cargo tree -i rustls shows only the v0.22.2 version of rustls in the dependency tree so I am not sure where I am going wrong here.

This is the code that is failing to execute correctly:

https://docs.rs/reqwest/latest/src/reqwest/async_impl/client.rs.html#1592-1602

Just not sure why the downcast is failing. Any ideas?

[tmpfs]

Oops, I wasn't passing --features=axum when inspecting the dependency tree.

Unfortunately, axum-server@0.6.0 uses rustls@0.21.x so we are now blocked waiting for this issue to be resolved: programatik29/axum-server#103

[tmpfs]

Wow, the version of rustls used by reqwest is already out of date so we now need to wait for:

seanmonstar/reqwest#2225

And:

programatik29/axum-server#112

[dignifiedquire]

Sigh..this release cycle of rustls is really painful. Thanks for keeping track of this