diff --git a/Cargo.lock b/Cargo.lock index faeba7026..22b6b0c93 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -212,6 +212,7 @@ dependencies = [ "thiserror", "tls-api", "tls-api-native-tls", + "tls-api-openssl", "tokio", "tor-error", "tor-rtcompat", @@ -3441,6 +3442,21 @@ dependencies = [ "tokio", ] +[[package]] +name = "tls-api-openssl" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "82155f245c99a3b652627f32abeacd4eae9e0fec996c1090df121e01379d28f3" +dependencies = [ + "anyhow", + "openssl", + "openssl-sys", + "thiserror", + "tls-api", + "tls-api-test", + "tokio", +] + [[package]] name = "tls-api-test" version = "0.9.0" diff --git a/crates/arti-hyper/Cargo.toml b/crates/arti-hyper/Cargo.toml index f9f4977cb..b21df9a0a 100644 --- a/crates/arti-hyper/Cargo.toml +++ b/crates/arti-hyper/Cargo.toml @@ -43,8 +43,12 @@ tokio = { package = "tokio", version = "1.7", features = [ tor-error = { path = "../tor-error", version = "0.4.0" } tor-rtcompat = { path = "../tor-rtcompat", version = "0.8.0", features = ["tokio"] } +[target.'cfg(target_vendor="apple")'.dev-dependencies] +tls-api-openssl = "0.9.0" + [dev-dependencies] tracing-subscriber = "0.3.0" + [package.metadata.docs.rs] all-features = true rustdoc-args = ["--cfg", "docsrs"] diff --git a/crates/arti-hyper/README.md b/crates/arti-hyper/README.md index 14fcb96e6..47b64edb3 100644 --- a/crates/arti-hyper/README.md +++ b/crates/arti-hyper/README.md @@ -10,4 +10,9 @@ to connect to Tor and make a single HTTP\[S] request. [`hyper.rs`]: +## Warning + +On `apple-darwin` targets only the `tls-api-openssl` tls implementation is working. +If you get a issue related to tls failure, please refer to issue [#715](https://gitlab.torproject.org/tpo/core/arti/-/issues/715). + License: MIT OR Apache-2.0 diff --git a/crates/arti-hyper/examples/hyper.rs b/crates/arti-hyper/examples/hyper.rs index ef2dd2288..ad9939ad8 100644 --- a/crates/arti-hyper/examples/hyper.rs +++ b/crates/arti-hyper/examples/hyper.rs @@ -13,7 +13,16 @@ use arti_hyper::*; use anyhow::Result; use arti_client::{TorClient, TorClientConfig}; use hyper::Body; -use tls_api::{TlsConnector, TlsConnectorBuilder}; +use tls_api::{TlsConnector as TlsConnectorTrait, TlsConnectorBuilder}; + +// On apple-darwin targets there is an issue with the native and rustls +// tls implementation so this makes it fall back to the openssl variant. +// +// https://gitlab.torproject.org/tpo/core/arti/-/issues/715 +#[cfg(not(target_vendor = "apple"))] +use tls_api_native_tls::TlsConnector; +#[cfg(target_vendor = "apple")] +use tls_api_openssl::TlsConnector; #[tokio::main] async fn main() -> Result<()> { @@ -40,7 +49,7 @@ async fn main() -> Result<()> { // (This takes a while to gather the necessary consensus state, etc.) let tor_client = TorClient::create_bootstrapped(config).await?; - let tls_connector = tls_api_native_tls::TlsConnector::builder()?.build()?; + let tls_connector = TlsConnector::builder()?.build()?; // The `ArtiHttpConnector` lets us make HTTP requests via the Tor network. let tor_connector = ArtiHttpConnector::new(tor_client, tls_connector);