-
Notifications
You must be signed in to change notification settings - Fork 154
Strict encryption option #412, hostname_in_certificate option #340, t… #413
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from 1 commit
2634e8c
5bff405
702d9bc
2ff4766
51f71f6
59c6483
478e770
e839e4e
30f0569
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -14,17 +14,22 @@ pub(crate) async fn create_tls_stream<S: AsyncRead + AsyncWrite + Unpin + Send>( | |
| ) -> crate::Result<TlsStream<S>> { | ||
| let mut builder = TlsConnector::new(); | ||
|
|
||
| #[cfg(not(feature = "tds80"))] | ||
| { | ||
| builder = builder.max_protocol_version(Some(async_native_tls::Protocol::Tlsv12)); | ||
| } | ||
|
olback marked this conversation as resolved.
Outdated
Comment on lines
+17
to
+19
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧩 Analysis chain🌐 Web query:
💡 Result: In use async_native_tls::TlsConnector;
let tls = TlsConnector::new()
.request_alpns(&["h2", "http/1.1"]);
Sources: 🏁 Script executed: #!/bin/bash
# Check Cargo.toml for async-native-tls dependency and alpn feature
find . -name "Cargo.toml" -type f | head -5 | xargs -I {} sh -c 'echo "=== {} ===" && grep -A 5 "async-native-tls" {}'Repository: prisma/tiberius Length of output: 304 🏁 Script executed: #!/bin/bash
# Find the TDS_ALPN_PROTOCOL_NAME constant definition
rg "TDS_ALPN_PROTOCOL_NAME" -B 2 -A 2Repository: prisma/tiberius Length of output: 1053 🏁 Script executed: #!/bin/bash
# Check if there are any feature flags or default settings that might enable alpn
rg "alpn" -i --type tomlRepository: prisma/tiberius Length of output: 41 🏁 Script executed: #!/bin/bash
# Check async-native-tls documentation or source for default features
# Search for any build script or conditional compilation related to alpn
rg "request_alpns" -B 5 -A 5 src/client/tls_stream/native_tls_stream.rsRepository: prisma/tiberius Length of output: 429 Add missing The code at lines 17-19 calls [dependencies.async-native-tls]
version = "0.5"
features = ["runtime-async-std"]Update to: [dependencies.async-native-tls]
version = "0.5"
features = ["runtime-async-std", "alpn"]Without this feature flag, the 🤖 Prompt for AI Agents |
||
|
|
||
| match &config.trust { | ||
| TrustConfig::CaCertificateLocation(path) => { | ||
| if let Ok(buf) = fs::read(path) { | ||
| let cert = match path.extension() { | ||
| Some(ext) | ||
| if ext.to_ascii_lowercase() == "pem" | ||
| || ext.to_ascii_lowercase() == "crt" => | ||
| if ext.eq_ignore_ascii_case("pem") | ||
| || ext.eq_ignore_ascii_case("crt") => | ||
| { | ||
| Some(Certificate::from_pem(&buf)?) | ||
| } | ||
| Some(ext) if ext.to_ascii_lowercase() == "der" => { | ||
| Some(ext) if ext.eq_ignore_ascii_case("der") => { | ||
| Some(Certificate::from_der(&buf)?) | ||
| } | ||
| Some(_) | None => return Err(Error::Io { | ||
|
|
@@ -56,5 +61,7 @@ pub(crate) async fn create_tls_stream<S: AsyncRead + AsyncWrite + Unpin + Send>( | |
| } | ||
| } | ||
|
|
||
| Ok(builder.connect(config.get_host(), stream).await?) | ||
| Ok(builder | ||
| .connect(config.get_hostname_in_certificate(), stream) | ||
| .await?) | ||
| } | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Document the breaking change in default features.
Changing the default feature set from
tds73totds80is a breaking change for downstream users. Users who relied on the previous defaults will now automatically receive TDS 8.0 behavior, including:EncryptionLevel::Strictsupport (requires TLS handshake with ALPN)Users who need the previous behavior must explicitly opt out of default features and select
tds73in theirCargo.toml:This change should be prominently documented in the CHANGELOG/release notes with migration guidance.
Note: Since
tds80 = ["tds73"], the tds80 feature is additive and preserves tds73 behavior while enabling additional functionality. However, the new code paths (Strict encryption, ALPN negotiation) may introduce behavioral differences that users should be aware of.🤖 Prompt for AI Agents