docs: document version of crustls dependency

This also pins a specific release in the Travis test so future
API-breaking changins in crustls won't break curl builds.

Add RUSTLS documentation to release tarball.

Enable running tests for rustls, minus FTP tests (require
connect_blocking, which rustls doesn't implement) and 313 (requires CRL
handling).

Closes #6763

diff --git a/.travis.yml b/.travis.yml
index 1153bd59dd2ade6ceeefa103967ceef224d4e25f..69df43d0037fa9e81d2d397854e202136ea764e1 100644 (file)
--- a/.travis.yml
+++ b/.travis.yml
@@ -125,7 +125,7 @@ jobs:
         - libbrotli-dev
         - libzstd-dev
   - env:
-    - T=debug RUSTLS="yes" C="--with-rustls=$HOME/crust --without-ssl" NOTESTS=1
+    - T=debug-rustls RUSTLS_VERSION="v0.4.0" C="--with-rustls=$HOME/crust --without-ssl"
     addons:
       apt:
         <<: *common_apt

diff --git a/docs/Makefile.am b/docs/Makefile.am
index 5318ce206dd8467cd8fceff721aecb2b6d1b17ef..b98c51e29d643cfb533c1e285047246b94b0cc01 100644 (file)
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -80,6 +80,7 @@ EXTRA_DIST =                                    \
  PARALLEL-TRANSFERS.md                          \
  README.md                                      \
  RELEASE-PROCEDURE.md                           \
+ RUSTLS.md                                      \
  ROADMAP.md                                     \
  SECURITY-PROCESS.md                            \
  SSL-PROBLEMS.md                                \

diff --git a/docs/RUSTLS.md b/docs/RUSTLS.md
new file mode 100644 (file)
index 0000000..39d96ab
--- /dev/null
+++ b/docs/RUSTLS.md
@@ -0,0 +1,26 @@
+# Rustls
+
+[Rustls is a TLS backend written in Rust.](https://docs.rs/rustls/). Curl can
+be built to use it as an alternative to OpenSSL or other TLS backends. We use
+the [crustls C bindings](https://github.com/abetterinternet/crustls/). This
+version of curl depends on version v0.4.0 of crustls.
+
+# Building with rustls
+
+First, [install Rust](https://rustup.rs/).
+
+Next, check out, build, and install the appropriate version of crustls:
+
+    % cargo install cbindgen
+    % git clone https://github.com/abetterinternet/crustls/ -b v0.4.0
+    % cd crustls
+    % make
+    % make DESTDIR=${HOME}/crustls-built/ install
+
+Now configure and build curl with rustls:
+
+    % git clone https://github.com/curl/curl
+    % cd curl
+    % ./buildconf
+    % ./configure --without-ssl --with-rustls=${HOME}/crustls-built
+    % make

diff --git a/scripts/travis/before_script.sh b/scripts/travis/before_script.sh
index 181b2e286f230b9e413d59393752ae3eddbd2144..96825f0ab9e1ecebc21cd4424099926f8003a7ae 100755 (executable)
--- a/scripts/travis/before_script.sh
+++ b/scripts/travis/before_script.sh
@@ -126,9 +126,9 @@ if [ "$TRAVIS_OS_NAME" = linux -a "$QUICHE" ]; then
   ln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) deps/boringssl/src/lib/
 fi
 
-if [ "$TRAVIS_OS_NAME" = linux -a "$RUSTLS" ]; then
+if [ "$TRAVIS_OS_NAME" = linux -a "$RUSTLS_VERSION" ]; then
   cd $HOME
-  git clone --depth=1 --recursive https://github.com/abetterinternet/crustls.git
+  git clone --depth=1 --recursive https://github.com/abetterinternet/crustls.git -b "$RUSTLS_VERSION"
   curl https://sh.rustup.rs -sSf | sh -s -- -y
   source $HOME/.cargo/env
   cargo install cbindgen

diff --git a/scripts/travis/script.sh b/scripts/travis/script.sh
index 9a35affead8d7733fb0014cbc739b71a0f1aa8fe..0cb5df1fdd4d11a7ea319860376ddd2f4b482967 100755 (executable)
--- a/scripts/travis/script.sh
+++ b/scripts/travis/script.sh
@@ -70,6 +70,12 @@ if [ "$T" = "debug-mesalink" ]; then
   make "TFLAGS=-n !313 !410 !3001" test-nonflaky
 fi
 
+if [ "$T" = "debug-rustls" ]; then
+  ./configure --enable-debug --enable-werror $C
+  make
+  make "TFLAGS=HTTPS !313" test-nonflaky
+fi
+
 if [ "$T" = "novalgrind" ]; then
   ./configure --enable-werror $C
   make