webpki
hyper
Our great sponsors
webpki | hyper | |
---|---|---|
6 | 97 | |
451 | 13,821 | |
- | 1.8% | |
8.0 | 9.2 | |
2 months ago | 2 days ago | |
Rust | Rust | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
webpki
-
Struggling with the OpenSSL Crate
Beyond that, various things like the ScyllaDB driver are using OpenSSL because WebPKI doesn't support validating connections to IP addresses (as opposed to DNS names) and RusTLS currently delegates to WebPKI.
-
What Is Rust's Hole Purpose?
There's a JIT framework in Rust: https://github.com/bytecodealliance/wasmtime
There's a library for doing full X.509 certificate parsing and verification: https://briansmith.org/rustdoc/webpki/
There's definitely some attempts at doing pure-Rust SSL, but I suspect a lot of them are also doing some sketchy things with crypto that shouldn't be trusted (getting constant-time stuff implemented properly is really challenging, and probably requires large amounts of assembly to guarantee correctness).
-
I think a major issue with the rust ecosystem is that it's full of unexpected design decisions
An issue was raised with webpki to support the IP addressees 5 years ago, and yet it's still not there. What do people use to overcome the fact that rustls can't do IP-based client connections because of it? My guess would be, they are switching to native-tls or openssl-tls.
-
Why is SSL such a pain?
Yes, rustls currently doesn't support certificates without hostnames (only an IP); this is actually an issue with the webpki crate, and work to solve it is ongoing (will hopefully land in a release in a few months or so).
-
Preparing Rustls for Wider Adoption
> Bundling this set with Firefox
I love that they did that; it was actually my idea (https://bugzilla.mozilla.org/show_bug.cgi?id=657228). I believe the list is pretty large and changes frequently and so they download it dynamically.
> short cut to a "Yes"
Do they really do that? That's awesome if so. Then they don't even need to ship the roots.
> I specifically don't like [...] saying "unknown issuer"
https://github.com/briansmith/webpki/issues/221
> If std::fs::File::open() gives me Result with an io:Error that claims "File not found" but the underlying OS file open actually failed due to a permission error, you can see why that's a problem right? Even if this hypothetical OS doesn't expose any specific errors, "File not found" is misleading.
A more accurate analogy: You ask to open "example.txt" without supplying the path, and there is no "example.txt" in the current working directory. You will get "file not found."
Regardless, I agree we could have a better name than UnknownIssuer for this error.
hyper
-
The Linux Kernel Prepares for Rust 1.77 Upgrade
> If you are equally picky and constrain yourself to parts of the ecosystem which care about binary size, you still have more options and can avoid size issues.
What's an example of this for, say, libcurl? On my system it has a tiny number of recursive dependencies, around a dozen. [0] Furthermore if I want to write a C program that uses libcurl I have to download zero bytes of data ... because it's a shared library that is already installed on my system, since so many programs already use it.
I don't really know the appropriate comparison for Rust. reqwest seems roughly comparable, but it's an HTTP client library, and not a general purpose network client like curl. Obviously curl can do a lot more. Even the list of direct dependencies for reqwest is quite long [1], and it's built on top of another http library [2] that has its own long list of dependencies, a list that includes tokio, no small library itself.
In terms of final binary size, the installed size of the curl package on my system, which includes both the command line tool and development dependencies for libcurl, is 1875.03 KiB.
[0] I'm excluding the dependency on the ca-certificates package, since this only provides the certificate chain for TLS and lots of programs rely on it.
[1] https://crates.io/crates/reqwest/0.11.24/dependencies
[2] https://crates.io/crates/hyper/0.14.28/dependencies
-
json-responder 1.1: dynamic path resolution
hyper-based HTTP server generating JSON responses. Written in Rust.
-
I pre-released my project "json-responder" written in Rust
tokio / hyper / toml / serde / serde_json / json5 / console
- How Turborepo is porting from Go to Rust
-
Signway - a pre-signed URLs gateway written in rust, specifically designed for allowing LLM based client apps to directly query OpenAI's api securely.
Using Rust here was immensely helpful, using libraries made by the community like https://github.com/hyperium/hyper really powered up the development of Signway, so glad to see this kind of awesome crates made public. Hope that it continues to be like that despite the current controversies.
-
Problem with YouTube embed thumbnail...
- Discord sends a slightly weird request by specifying content length (a bug in hyper we've not yet upgraded to fix, https://github.com/hyperium/hyper/commit/fb90d30c02d8f7cdc9a643597d5c4ca7a123f3dd)
- Hyper – A fast and correct HTTP implementation for Rust
What are some alternatives?
rust-native-tls
reqwest - An easy and powerful Rust HTTP Client
rustls - A modern TLS library in Rust
tokio - A runtime for writing reliable asynchronous applications with Rust. Provides I/O, networking, scheduling, timers, ...
rust-crypto - A (mostly) pure-Rust implementation of various cryptographic algorithms.
Warp - Warp is a modern, Rust-based terminal with AI built in so you and your team can build great software, faster.
rust-openssl - OpenSSL bindings for Rust
actix-web - Actix Web is a powerful, pragmatic, and extremely fast web framework for Rust.
schannel-rs - Schannel API-bindings for rust (provides an interface for native SSL/TLS using windows APIs)
Rocket - A web framework for Rust.
sodiumoxide - [DEPRECATED] Sodium Oxide: Fast cryptographic library for Rust (bindings to libsodium)
curl-rust - Rust bindings to libcurl