Skip to content

Remove openssl dependency - use Rustls for acme / letsencrypt #192

New issue
New issue
Closed
Closed
Remove openssl dependency - use Rustls for acme / letsencrypt#192
Labels
good first issueGood for newcomers
Milestone
 
v1.0.0
@joepio

Description

@joepio
joepio
opened on Oct 21, 2021

I think (although I'm not entirely sure) that OpenSSL is the only runtime dependency of atomic-server. It's required only for the HTTPS setup process, which is currently done using acme_lib.

I've had some issues with openssl as a dependency. It makes compiling harder, and i've had that binaries didn't run because of OpenSSL version mismatches. Not fun.

Options:

Fix current implementation acme_lib

acme_lib works fine, but it has a bunch of dependencies on OpenSSL for crypto stuff. This could be fixed, with ring for example. But it's not easy - lots of PEM dependencies, which ring doesnt support (see issue in acme-lib)

rustls-acme

  • easy to understand API
  • still maintained

async-acme

  • Lots of options (rustls / tokio) that minimize deps issues
  • No maintenence in a year

acme-micro

Uses openssl, so no

instant_acme (my favorite atm)

  • Uses rustls and ring (which I use, too)
  • Actively maintained
  • No HTTP01 support as of now, but is being worked on

(current implementation)

I made the https and https_init optional features. Not a real solution!

Custom implementation

Poem has a custom implementation

future-io-utils also

  • Make HTTPS optional, allows for non-OpenSSL required builds
  • Use Rustls for initialization (rustls-acme / async-acme)

Metadata

Metadata

Assignees

No one assigned

    Labels

    good first issueGood for newcomers

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions