Closed Bug 1847188 Opened 1 year ago Closed 1 year ago

[wpt-sync] Sync PR 41337 - RFC: Switch to rustls and webpki-roots

Categories

(Testing :: web-platform-tests, task, P4)

Product:
Testing
Component:
web-platform-tests
Type:
task

Tracking

(firefox118 fixed)

Status:
RESOLVED FIXED
Milestone:
118 Branch
Tracking Flags:
Tracking Status
firefox118 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 41337 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/41337
Details from upstream follow.

Martin Robinson <mrobinson@igalia.com> wrote:

RFC: Switch to rustls and webpki-roots

This change replaces OpenSSL with rustls and also the manually curated CA certs file with webpki-roots (effectively the same thing, but as a crate).

Generally speaking the design of the network stack is the same. Changes:

  • Code around certificate overrides needed to be refactored to work with rustls so the various thread-safe list of certificates are refactored into CertificateErrorOverrideManager
  • hyper-rustls takes care of setting ALPN protocols for HTTP requests, so for WebSockets this is moved to the WebSocket code.
  • The default safe set of cypher suites is chosen, which seem to correspond to the "Modern" configuration from Mozilla's documentation. ^1 This can be adjusted later.
  • Instead of passing a string of PEM CA certificates around, an enum is used that includes parsed Certificates (or the default which reads them from webpki-roots).
  • Code for starting up an SSL server for testing is cleaned up a little, due to the fact that the certificates need to be overriden explicitly now. This is due to the fact that the webpki crate is more stringent with self-signed certificates than OpenSSL (CA certificates cannot used as end-entity certificates). ^2

Fixes #<!-- nolink -->7888.
Fixes #<!-- nolink -->13749.
Fixes #<!-- nolink -->26835.
Fixes #<!-- nolink -->29291.
Fixes #<!-- nolink -->28903.
Fixes #<!-- nolink -->18730.
Closes #<!-- nolink -->20783.
Closes #<!-- nolink -->18796.

<!-- Please describe your changes on the following line: -->

Reviewed in servo/servo#30025

Whiteboard: [wptsync downstream] → [wptsync downstream error]
Whiteboard: [wptsync downstream error] → [wptsync downstream]
The PR was not expected to affect any tests, but the try push wasn't a success. Check the try results for infrastructure issues
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/116edfddd398 [wpt PR 41337] - RFC: Switch to rustls and webpki-roots, a=testonly
Test result changes from PR not available.

https://hg.mozilla.org/mozilla-central/rev/116edfddd398

Status: NEW → RESOLVED
Closed: 1 year ago
status-firefox118: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 118 Branch
You need to log in before you can comment on or make changes to this bug.