track upstream Rustls 0.22.x alpha changes. (#341)

* deps: use rustls/webpki/rustls-pemfile alphas.

rustls 0.21.5 -> 0.22.0-alpha.4
webpki 0.101.0 -> 0.102.0-alpha.6
rustls-pemfile 1.0.3 -> 2.0.0-alpha.1

adds rustls-pki-types 0.2.1

* error: track upstream removal of cert SCT support.

This commit removes the error handling related to certificate SCTs. The
upstream Rustls project removed embedded SCT support in 0.22.x.

* client: WebPkiVerifier -> WebPkiServerVerifier.

* client: fixes for updated verifier traits.

The upstream traits no longer have any default fn implementations,
because they relied on webpki/*ring* and Rustls is making that optional.

In this branch we're continuing to keep a webpki/*ring* dep. and so can
reconstitute the default fns by deferring to the webpki impls as
appropriate.

* use danger modules for dangerous bits

This commit updates several imports that were once provided when the
`dangerous_configuration` feature was enabled to use their new homes in
specific `danger` modules. The upstream feature flag was removed and
these new `danger` modules are always available.

* fix ALL_CIPHER_SUITES, DEFAULT_CIPHER_SUITES imports

Both the `ALL_CIPHER_SUITES` and `DEFAULT_CIPHER_SUITES` symbols are now
specific to a crypto provider. Since for the time being rustls-ffi will
stick with using *ring* for the crypto provider this commit updates the
imports to use the symbols provided by `rustls::crypto::ring` instead of
the crate root.

* switch to pki-types

This commit updates rustls-ffi to use the shared pki-types crate,
similar to the upstream rustls projects.

* builder for root_cert_store

This commit implements a builder pattern for `root_cert_store` so that
we can have a path to both a mutable root cert store while trust anchors
are being added, and a const root cert store suitable for an `Arc` once
completed.

* rework client cert verifiers w/ builder API

This commit reworks the rustls-ffi API for client certificate validation
to track the new builder based API that landed in Rustls
rustls/rustls#1368

* implement Debug where required by upstream bounds

The upstream Rustls project has added `Debug` bounds to many traits. This
commit updates rustls-ffi implementations to derive `Debug`, or
implement it by hand, as required.

* cipher: adjust to provider-specific cipher suite imports

The upstream rustls crate moved the `cipher_suite` module and
defines into provider specific packages.

Since rustls-ffi is presently hardcoded to use the *ring*-based crypto
provider this commit updates the cipher suite references to use
`rustls::crypto::ring::cipher_suite` in place of `rustls::cipher_suite`.

* error: ClientCertVerifierBuilderError -> VerifierBuilderError

This commit updates references to `ClientCertVerifierBuilderError` to
track the upstream rename to `VerifierBuilderError`.

* update import of rustls::sign::any_supported_type

This re-export was removed and instead we need to use
`rustls::crypto::ring::sign::any_supported_type` since this is
a property of the *ring* specific crypto provider.

* add builder for server cert verifier, root builder from file

* Implement a builder pattern and built representation for the webpki
  server cert verifier.
* Update the client config builder to consume a built server cert
  verifier.
* Update the roots builder to support loading roots from a file in
  addition to pem buffer.

* regenerate rustls.h

* update client for server cert verifier builder

* revocation status and unknown status control w/ verifier builders

* control root hint subjects w/ client verifier builder

* cbindgen update for comment tweaks

Author: cpu

Cargo.lock

@@ -23,11 +23,12 @@ read_buf = ["rustls/read_buf"]
 
 [dependencies]
 # Keep in sync with RUSTLS_CRATE_VERSION in build.rs
-rustls = { version = "=0.21.9", features = [ "dangerous_configuration" ] }
-rustls-webpki = "0.101.0"
+rustls = { version = "=0.22.0-alpha.4", features = [ "ring" ]}
+rustls-webpki = "0.102.0-alpha.6"
+pki-types = { package = "rustls-pki-types", version = "0.2.1", features = ["std"] }
 libc = "0.2"
 sct = "0.7"
-rustls-pemfile = "1.0.3"
+rustls-pemfile = { version = "2.0.0-alpha.1" }
 log = "0.4.17"
 
 [lib]

Cargo.toml

@@ -3,7 +3,7 @@ use std::io::Write;
 use std::{env, fs, path::PathBuf};
 
 // Keep in sync with Cargo.toml.
-const RUSTLS_CRATE_VERSION: &str = "0.21.9";
+const RUSTLS_CRATE_VERSION: &str = "0.22.0-alpha.4";
 
 fn main() {
     let out_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap());