~nickbp/kapiti#5: 
Implement DNS-over-TLS client

Likely depends on #3 for base TCP support

Status
REPORTED
Submitter
~nickbp
Assigned to
No-one
Submitted
4 months ago
Updated
4 months ago
Labels
Low Priority

~nickbp 4 months ago

Per the above commit, this is blocked on TLS support for IP endpoints in Rust, which are commonly used for DoT (meanwhile DoH is often given as a hostname so we support DoH). See also these multiyear issues:

Another solution could be to just punt on the lack of IP endpoint support and tell people to use hostname DoT endpoints, but TLS support in Rust still seems really unstable, so digging into using a TLS library directly could end up creating its own headaches. For example I'm currently hitting compatibility problems with webpki 0.21.4 -> 0.22.0 where it's renaming some types (why?) and thereby causing issues with async_rustls.

Given this I'm going to mark this low priority. If someone really cares about DoT someday then maybe it'll be worth the headache of TLS with Rust.

~nickbp referenced this from #27 4 months ago

~nickbp 4 months ago*

An alternate solution may be to just abandon rustls entirely and use async-native-tls instead. We were previously getting errors like http2 error: protocol error: frame with invalid size due to lack of support for ALPN when using it in the hyper-based filter download client.

That support may be fixed as of rust-native-tls 0.2.7: https://github.com/sfackler/rust-native-tls/pull/194

However async-native-tls is still on rust-native-tls 0.2.3: https://github.com/async-email/async-native-tls/blob/master/Cargo.toml#L18

Register here or Log in to comment, or comment via email.