[PR #3150] [MERGED] Upgrade rustls-platform-verifier to 0.6 #3596

New issue

Closed

opened 2026-03-16 11:52:20 +03:00 by kerem · 0 comments

kerem commented

2026-03-16 11:52:20 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/3150
Author: @djc
Created: 7/23/2025
Status: ✅ Merged
Merged: 7/24/2025
Merged by: @djc

Base: main ← Head: tls-config

📝 Commits (5)

19d11f0 resolver: move TLS config out of ResolverOpts
04a91f4 proto: inline H3ClientStreamBuilder::default() into H3ClientStream::builder()
45551cf proto: move Display impl down
530de69 proto: defer initialization of H3 rustls config
04e148e Upgrade rustls-platform-verifier to 0.6

📊 Changes

26 files changed (+196 additions, -121 deletions)

View changed files

📝 Cargo.lock (+7 -16)
📝 Cargo.toml (+1 -1)
📝 crates/proto/src/h2/h2_client_stream.rs (+1 -1)
📝 crates/proto/src/h3/h3_client_stream.rs (+22 -25)
📝 crates/proto/src/quic/quic_client_stream.rs (+1 -1)
📝 crates/proto/src/rustls/mod.rs (+3 -3)
📝 crates/recursor/src/recursor.rs (+5 -1)
📝 crates/recursor/src/recursor_dns_handle.rs (+16 -3)
📝 crates/resolver/README.md (+1 -1)
📝 crates/resolver/examples/custom_provider.rs (+5 -2)
📝 crates/resolver/examples/flush_cache.rs (+2 -1)
📝 crates/resolver/examples/global_resolver.rs (+1 -1)
📝 crates/resolver/examples/multithreaded_runtime.rs (+1 -0)
📝 crates/resolver/src/config.rs (+0 -11)
📝 crates/resolver/src/lib.rs (+3 -3)
📝 crates/resolver/src/name_server/connection_provider.rs (+32 -10)
📝 crates/resolver/src/name_server/mod.rs (+1 -1)
📝 crates/resolver/src/name_server/name_server.rs (+12 -1)
📝 crates/resolver/src/name_server/name_server_pool.rs (+15 -4)
📝 crates/resolver/src/resolver.rs (+55 -26)

...and 6 more files

📄 Description

rustls-platform-verifier 0.5 hid some fallibility in the internal implementation of the Verifier, which could cause errors to be implicitly ignored. I fixed this in 0.6, meaning that construction of the platform verifier is now explicitly fallible. This is a bit of a pain to deal with because the current setup was very much built around the infallibility of the certificate verifier construction. I think the approach in this PR does a decent job of keeping the public facing API the same, while adding some necessary complexity in rarely used API paths (notably the ConnectionProvider trait).

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/3150 **Author:** [@djc](https://github.com/djc) **Created:** 7/23/2025 **Status:** ✅ Merged **Merged:** 7/24/2025 **Merged by:** [@djc](https://github.com/djc) **Base:** `main` ← **Head:** `tls-config` --- ### 📝 Commits (5) - [`19d11f0`](https://github.com/hickory-dns/hickory-dns/commit/19d11f01bd1f38f8a2449ff6bcc581795d7d1291) resolver: move TLS config out of ResolverOpts - [`04a91f4`](https://github.com/hickory-dns/hickory-dns/commit/04a91f40a896c33a878e0068c34f14c09aaa06b5) proto: inline H3ClientStreamBuilder::default() into H3ClientStream::builder() - [`45551cf`](https://github.com/hickory-dns/hickory-dns/commit/45551cf26e6bdc751d7ab4676895f6e4ba0a03d7) proto: move Display impl down - [`530de69`](https://github.com/hickory-dns/hickory-dns/commit/530de691408ce82d1c6c9bae58f5009eace7f074) proto: defer initialization of H3 rustls config - [`04e148e`](https://github.com/hickory-dns/hickory-dns/commit/04e148e0314a52ce4a807c391e70353eea1da1e1) Upgrade rustls-platform-verifier to 0.6 ### 📊 Changes **26 files changed** (+196 additions, -121 deletions) <details> <summary>View changed files</summary> 📝 `Cargo.lock` (+7 -16) 📝 `Cargo.toml` (+1 -1) 📝 `crates/proto/src/h2/h2_client_stream.rs` (+1 -1) 📝 `crates/proto/src/h3/h3_client_stream.rs` (+22 -25) 📝 `crates/proto/src/quic/quic_client_stream.rs` (+1 -1) 📝 `crates/proto/src/rustls/mod.rs` (+3 -3) 📝 `crates/recursor/src/recursor.rs` (+5 -1) 📝 `crates/recursor/src/recursor_dns_handle.rs` (+16 -3) 📝 `crates/resolver/README.md` (+1 -1) 📝 `crates/resolver/examples/custom_provider.rs` (+5 -2) 📝 `crates/resolver/examples/flush_cache.rs` (+2 -1) 📝 `crates/resolver/examples/global_resolver.rs` (+1 -1) 📝 `crates/resolver/examples/multithreaded_runtime.rs` (+1 -0) 📝 `crates/resolver/src/config.rs` (+0 -11) 📝 `crates/resolver/src/lib.rs` (+3 -3) 📝 `crates/resolver/src/name_server/connection_provider.rs` (+32 -10) 📝 `crates/resolver/src/name_server/mod.rs` (+1 -1) 📝 `crates/resolver/src/name_server/name_server.rs` (+12 -1) 📝 `crates/resolver/src/name_server/name_server_pool.rs` (+15 -4) 📝 `crates/resolver/src/resolver.rs` (+55 -26) _...and 6 more files_ </details> ### 📄 Description rustls-platform-verifier 0.5 hid some fallibility in the internal implementation of the `Verifier`, which could cause errors to be implicitly ignored. I fixed this in 0.6, meaning that construction of the platform verifier is now explicitly fallible. This is a bit of a pain to deal with because the current setup was very much built around the infallibility of the certificate verifier construction. I think the approach in this PR does a decent job of keeping the public facing API the same, while adding some necessary complexity in rarely used API paths (notably the `ConnectionProvider` trait). --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>