-
-
Notifications
You must be signed in to change notification settings - Fork 205
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure Transport is deprecated. #310
Comments
Agreed. I've been seeing numerous crash and bug reports coming from Secure Transport -- it randomly throws permission errors for no discernable reason (possibly JAMF), and a user with nix installed is seeing Secure Transport in a crash report. |
How would that be implemented in a way that conforms to the native-tls APIs? In particular, the implementation needs to support a arbitrary stream under the TLS implementation. |
To help Googleability of this issue -- this is a crash report that results from the interaction of Secure Transport + nix macOS.
|
@sfackler If possible, could we get native openssl (aka LibreSSL) support on MacOS instead? |
It's possible, but not really "native" then anymore. |
I understand. It's stretching the limits of the word for sure, but a modern LibreSSL has been installed by default in /usr/lib for a while and it solves some of the deprecation issues. |
IIRC Apple does not want anyone linking to that and stopped shipping headers back when they switched from OpenSSL 0.9.8 to LibreSSL. |
I tried to understand the state of LibreSSL support -- apparently Apple stopped shipping the OpenSSL headers but continued to update and maintain the LibreSSL binary itself. TBH it's not clear what the state of this library is. It's possible that it's stable, but it's also possible that it exists purely to satisfy older MacOS apps and scripts that expect the openssl command-line tool. drduh/macOS-Security-and-Privacy-Guide#356 OTOH, the Network.framework looks somewhat challenging to program against but not necessarily a bad fit. |
native-tls on Apple platform uses Secure Transport via security-framework crate, however it is already deprecated and unsupported.
Apple is asking for a move to the Network framework instead. I don't know if it is in this crate or in a sub-crate, implementation must be migrated.
The text was updated successfully, but these errors were encountered: