mrustc VS rustls

No, you don't. Existential proof: mrustc ignores lifetimes. Just flat out simply ignores. It changes some corner-cases related to HRBT, yet rustc compiled by mrustc works (that's BTW mrustc exist: to bootsrap the rustc compiler).

Incidentally C++ is the only way to bootstrap rust without rust today.

https://github.com/thepowersgang/mrustc

Well, there is mrustc[0], a Rust compiler that doesn't include a borrow-checker, so it's possible to compile (at least some versions of) Rust without a borrow checker, though it might not result in the most optimized code.

AFAIK there are some optimization like the infamous `noalias` optimization (which took several tries to get turned on[1]) that uses information established during borrow checking.

I'm also not sure what the relation with NLL (non-lexical lifetimes) is, where I would assume you would need at least a primitive borrow-checker to establish some information that the backend might be interested in. Then again, mrustc compiles Rust versions that have NLL features without a borrow-checker, so it's again probably more on the optimization side than being essential.

[0]: https://github.com/thepowersgang/mrustc

[1]: https://stackoverflow.com/a/57259339

> Maybe another memory safe language, but Rust has severe bootstrapping issues which is a hard sell for distros that care about source to binary transparency.

It is possible to bootstrap rustc from just GCC relatively easily, although it's a little bit time consuming.

You can use mrustc to bootstrap Rust 1.54: https://github.com/thepowersgang/mrustc

And from then you can go through each version all the way to the current 1.72. (Each new Rust version officially needs the previous one to compile.)

Have you tried this route : https://github.com/thepowersgang/mrustc ?

Mrustc supports Rust 1.54.0 today

There are three. The official one, mrustc (no borrow checker, but can essentially compile the official rustc) and GCC (can't really compile anything substantial yet). Only rustc is production-ready though.

That probably depends on what you mean by problematic. Having an ever increasing chain of dependencies isn’t the most desirable situation so there has been some work to trim the bootstrap chain. In 2018, when the blogpost I linked above was written, mrustc was used to bootstrap rust 1.19.0; now mrustc can bootstrap rust 1.54.0 so the chain to recent versions is much shorter than if all those intervening versions back through 1.19.0 needed to be built. https://github.com/thepowersgang/mrustc

The RustTLS project is currently setting up their own CI benchmarking workflow, so I think that you could find some inspiration there: https://github.com/rustls/rustls/issues/1385 and https://github.com/rustls/rustls/issues/1205.

I also studied this question on FFI several weeks ago in terms of "rewrite part of the system in Rust". Unexpected results could be semantic issues (e.g., different error handling methods) or security issues (FFI could be a soundness hole). I suggest going through the issues of libraries that have started rewriting work such as rust-openssl or rustls (This is the one trying to rewrite in whole rust rather than using FFI; however, you will not be able to find the mapping function in the C version and compare them). I hope this helps!

Now for rust implementation of tls. Certificates can be loaded in two ways. * Finds and loads certificates using OS specific tools3 * Uses a rust implementation of webpki4 for loading with certificates5

> Ring is mostly C/Assembly

Crypto needs to be written in Assembly to ensure that operations take a constant time, regardless of input. Writing it in a high level language like C or Rust opens you up to the compiler "optimising" routines and making them no longer constant time.

But you already knew this. And you also knew that the security audit (https://github.com/rustls/rustls/blob/master/audit/TLS-01-re...) of ring was favourable

> No issues were found with regards to the cryptographic engineering of rustls or its underlying ring library. A recommendation is provided in TLS-01-001 to optionally supplement the already solid cryptographic library with another cryptographic provider (EverCrypt) with an added benefit of formally verified cryptographic primitives. Overall, it is very clear that the developers of rustls have an extensive knowledge on how to correctly implement the TLS stack whilst avoiding the common pitfalls that surround the TLS ecosystem. This knowledge has translated reliably into an implementation of exceptional quality.

You said

> a standard library with feature flags and editions would make rust ridiculously much more productive

What's the difference between opting into a library with a feature flag and opting in with a line in Cargo.toml? Let's say you want to use the de-facto regex library. Would it really be ridiculously productive if you said you wanted the "regex" feature flag instead of the "regex" crate?

I do agree that the standard library does need a versioning story so they can remove long deprecated functions. Where it gets complicated is if a new method is reintroduced using the same name in a later edition.

I used the commands listed in the .sh file here: https://github.com/rustls/rustls/tree/main/test-ca to generate keys/certs for a server and a client (with IP.1 records for SANs). I have added the local root CA to the trust store of each VM.

This is great news, this was our single biggest annoyance with rustls. One of our cloud providers choses to issue their hosted postgres instances with TLS certificates with IP addresses. Unusual, but valid per the spec, so why not. Apparently a practise that's also popular in kubernetes settings, so I'm somewhat surprised it took 5 years to close the issue, but now I can finally recommend people to use rustls without mentioning any gotchas.

I believe it is more relevant than you think: servers running in containers, web assembler tasks running in browsers, embedded devices and kernels with total control of the system, all have the ability to do something more sensible than plain out SIGABRT or similar, and in many the case is not that the complete system is falling down. For example RustTLS is looking into allowing fallible allocators and as a pretty general-purpose library that seems like a nice feature. I do wish ulimit -v worked in a sensible manner with applications.