From 16d7e5915d10355cf465165bf1c0c6e3cfbb223f Mon Sep 17 00:00:00 2001 From: Toby Lawrence Date: Tue, 2 Apr 2024 14:55:27 -0400 Subject: [PATCH] Add feature flag for enabling FIPS. (#268) --- .github/workflows/build.yml | 7 +++++++ Cargo.toml | 1 + README.md | 25 +++++++++++++++++++++++++ 3 files changed, 33 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 05a7f0d..9012a2d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -72,10 +72,17 @@ jobs: RUST_BACKTRACE: 1 - name: cargo test (debug; all features) + if: runner.os == 'Linux' run: cargo test --all-features env: RUST_BACKTRACE: 1 + - name: cargo test (debug; all features, excluding FIPS) + if: runner.os != 'Linux' + run: cargo test --features aws-lc-rs,http1,http2,webpki-tokio,native-tokio,ring,tls12,logging + env: + RUST_BACKTRACE: 1 + - name: cargo build (debug; no default features) run: cargo build --no-default-features diff --git a/Cargo.toml b/Cargo.toml index 6508406..b58b474 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -42,6 +42,7 @@ native-tokio = ["rustls-native-certs"] ring = ["rustls/ring"] tls12 = ["tokio-rustls/tls12", "rustls/tls12"] logging = ["log", "tokio-rustls/logging", "rustls/logging"] +fips = ["aws-lc-rs", "rustls/fips"] [[example]] name = "client" diff --git a/README.md b/README.md index 274b47f..5e25e0f 100644 --- a/README.md +++ b/README.md @@ -35,3 +35,28 @@ cargo run --example server ```bash cargo run --example client "https://docs.rs/hyper-rustls/latest/hyper_rustls/" ``` + +## Crate features + +This crate exposes a number of features to add support for different portions of `hyper-util`, +`rustls`, and other dependencies. + +| Feature flag | Enabled by default | Description | +| ------------ | ------------------ | ----------- | +| `aws-lc-rs` | **yes** | Enables use of the [AWS-LC][aws-lc-rs] backend for [`rustls`][rustls] | +| `http1` | **yes** | Enables HTTP/1 support in [`hyper-util`][hyper-util] | +| `http2` | **no** | Enables HTTP/2 support in [`hyper-util`][hyper-util] | +| `webpki-tokio` | **no** | Uses a compiled-in set of root certificates trusted by Mozilla (via [`webpki-roots`][webpki-roots]) | +| `native-tokio` | **yes** | Use the platform's native certificate store at runtime (via [`rustls-native-certs`][rustls-native-certs]) | +| `ring` | **no** | Enables use of the [`ring`][ring] backend for [`rustls`][rustls] | +| `tls12` | **yes** | Enables support for TLS 1.2 (only TLS 1.3 supported when disabled) | +| `logging` | **yes** | Enables logging of protocol-level diagnostics and errors via [`log`][log] | +| `fips` | **no** | Enables support for using a FIPS 140-3 compliant backend via AWS-LC (enables `aws-lc-rs` feature) | + +[aws-lc-rs]: https://docs.rs/aws-lc-rs +[rustls]: https://docs.rs/rustls +[hyper-util]: https://docs.rs/hyper-util +[webpki-roots]: https://docs.rs/webpki-roots +[rustls-native-certs]: https://docs.rs/rustls-native-certs +[ring]: https://docs.rs/ring +[log]: https://docs.rs/log