This drastically improve the debuggability of the network parts, by
moving the task of encrypting/decrypting TLS packets from userland to
the kernel. This makes them appear in clear in strace as sendto() and
recvfrom().
I introduced a new tls-rust-ktls feature which depends on both rustls
and ktls, but isn’t enabled by default since it probably isn’t available
on every computer. It requires the tls kernel module to be loaded,
which then can offload encryption/decryption to dedicated hardware if
available.
I have tested this change on Linux 6.11 on a rk3588.
This allows to detect and handle dying streams without getting stuck
forever.
Timeouts are always wrong, though, so we put the burden of choosing the
right values (mostly) on the creator of a stream.
Update tokio_rustls, idna, webpki_roots.
https://github.com/rustls/rustls/releases/tag/v%2F0.22.0
> ConfigBuilder::with_safe_defaults - calls to this can simply be deleted since safe defaults are now implicit.
> OwnedTrustAnchor - use rustls_pki_types::TrustAnchor instead, and replace from_subject_spki_name_constraints with direct assignment to the struct fields.
`RootCertStore::add_trust_anchors` seems to be removed too.
Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>
Paths are already patched in the workspace's [patch.crates-io] block.
Not sure why this was added in the first place.
Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>
Nightly rust complains about `cfg(..)` tests against undeclared
features and other unknown cfgs. They need to be explicitly declared
now.
The nightly/stable features don't exist, so I removed them and
substitutes the currently correct number for the single test where they
were used.
The `xmpprs_doc_build` cfg flag is now declared as expectable.
rxml 0.10.0 (and earlier) had a bug which caused it to reject valid XML
documents if an UTF-8 sequence straddled the token size boundary (8192
bytes by default) of a text event.
hickory-resolver’s MSRV is 1.67, those super old toolchain versions
wouldn’t build a recent version of tokio-xmpp anyway.
This effectively reverts 52a2d962ee.
This was causing a memory corruption on closing tags for elements with a
name longer than 24 bytes. I haven’t investigated why smartstring < 1
had this bug, but it got fixed in 1.0.0 so let’s use that.
It can be done directly using `jid = { version = "*", features =
["stringprep"] }` even though jid is imported from another lib.
Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>
