mgoldenberg
b65e450813
**Note:** _this pull request has a companion pull request in the [`complement-crypto`](https://github.com/matrix-org/complement-crypto/pull/229) repository, which must be merged in conjunction with this one._ _Before merging, this should be tested in conjunction with the Element X iOS client to ensure that TLS v1.3 is working properly._ @stefanceriu has agreed to work on this. ## Overview The primary change in this pull request upgrades the `reqwest` dependency to its latest version, which defaults to using `rustls` with support for `rustls-platform-verifier` instead of `native-tls` (see [`reqwest@0.13.0`](https://github.com/seanmonstar/reqwest/releases/tag/v0.13.0)). The benefit here is that `rustls` supports TLS v1.3 on all platforms, whereas [`native-tls` does not](https://github.com/sfackler/rust-native-tls/pull/278). Additionally, this pull request makes `rustls` the default TLS implementation in all the crates in this repository. This will be particularly helpful with element-hq/element-x-ios#786. ## Changes - `reqwest` bumped to `0.13.1` - The API for adding/replacing certificates has changed a bit, so this required some updating in `HttpSettings::make_client` - `oauth2-reqwest` added in favor of `oauth2/reqwest` - This is required in order to be compatible with `reqwest^0.13` - _**`oauth2-reqwest` is currently in alpha release, so it probably makes sense to let this stabilize a bit.**_ For details, see https://github.com/ramosbugs/oauth2-rs/issues/333#issuecomment-3906712203. - `getrandom` bumped to `0.3.4` - This is required in order to be compatible with `oauth2@5.1.0` - `proptest` bumped to `1.9.0` - This is required in order to be compatible with `getrandom@0.3.4` - Make `rustls` the default TLS implementation ## Questions ### Mirror feature flag names? A number of feature flags have been replaced in the dependencies above. 1. _**`reqwest/rustls-tls` => `reqwest/rustls`**_ - this is simply a name change, but is semantically identical (see [`reqwest@0.13.0`](https://github.com/seanmonstar/reqwest/releases/tag/v0.13.0)). 2. _**`getrandom/js` => `getrandom/wasm_js`**_ - the semantics here have changed slightly, but it seems to just make it easier to enable the `wasm_js` backend (see [`getrandom@0.3.4`](https://github.com/rust-random/getrandom/blob/master/CHANGELOG.md#major-change-to-wasm_js-backend)). At any rate, I have updated references to these flags in each of the various `Cargo.toml` files, but have not changed the names of our exposed features to mimic those in the dependencies. Any thoughts or preferences on whether to mirror those names? That would, of course, result in a breaking change. ### Default to using `rustls`? Deprecate `native-tls`? Now that the dependencies have all been bumped, we can use `rustls` on all platforms. Should this be the new default given that `native-tls` will very likely never support TLS v1.3 on Apple devices? And should `native-tls` be deprecated as a result? **UPDATE:** _The consensus here seems to be that we should default to using `rustls`, but that `native-tls` should still be available._ --- Fixes #5800. - [ ] Public API changes documented in changelogs (optional) Signed-off-by: Michael Goldenberg <m@mgoldenberg.net> --------- Signed-off-by: Michael Goldenberg <m@mgoldenberg.net>
Matrix Rust SDK
The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust.
Development of the SDK is proudly sponsored and maintained by Element. Element uses the SDK in their next-generation mobile apps Element X on iOS and Android and has plans to introduce it to the web and desktop clients as well.
The SDK is also the basis for multiple Matrix projects and we welcome contributions from all.
Purpose
The SDK takes care of the low-level details like encryption, syncing, and room state, so you can focus on your app's logic and UI. Whether you're writing a small bot, a desktop client, or something in between, the SDK is designed to be flexible, async-friendly, and ready to use out of the box.
Project structure
The Matrix Rust SDK is made up of several crates that build on top of each other. The following crates are expected to be usable as direct dependencies:
- matrix-sdk-ui – A high-level client library that makes it easy to build full-featured UI clients with minimal setup. Check out our reference client, multiverse, for an example.
- matrix-sdk – A mid-level client library, ideal for building bots, custom clients, or higher-level abstractions. You can find example usage in the examples directory.
- matrix-sdk-crypto – A standalone encryption state machine with no network I/O, providing end-to-end encryption support for Matrix clients and libraries. See the crypto tutorial for a step-by-step introduction.
All other crates are effectively internal-only and only structured as crates for organizational purposes and to improve compilation times. Direct usage of them is discouraged.
Status
The library is considered production ready and backs multiple client implementations such as Element X [1] [2], Fractal and iamb. Client developers should feel confident to build upon it.
Bindings
The higher-level crates of the Matrix Rust SDK can be embedded in other environments such as Swift, Kotlin, JavaScript, and Node.js. Check out the bindings/ directory to learn more about how to integrate the SDK into your language of choice.