rustls_{server/client}_config_builder_new_custom() parameters #203
Comments
@kevinburke provided a PR to support default cipher suites by passing NULL in the appropriate position: #165. Right now that's blocked on a redesign. Instead of NULL (which isn't clear to the reader of the code what it does), I'd like to have a global constant array RUSTLS_DEFAULT_CIPHER_SUITES and RUSTLS_DEFAULT_CIPHER_SUITES_LEN, so it's clear at the call site. Though perhaps our new rustls_default_cipher_suites_get() could do the same, if we can guarantee that its returned pointers are contiguous in memory (I'd have to check). We'll also need the same treatment for protocol versions.
I think for this we need to add a list of supported_tls_versions or similar, and guarantee it is in sorted order.
There will be an error returned from rustls_{client,server}_config_builder_new_custom. We should document that. According to https://docs.rs/rustls/0.20.0/src/rustls/builder.rs.html#211-239, the error kind will be "General." We should file an upstream ticket to get a more specific error for that case. |
|
Thanks for clarifying. I think passing NULL for default is quite common in a C API, but I have no qualms with passing any other constant you prefer. |
As I see it, the new
rustls_client_config_builder_new_customandrustls_server_config_builder_new_customrequire specification of protocols and ciphersuites and panic if one is NULL.Questions:
Thanks for your help.
The text was updated successfully, but these errors were encountered: