You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(hpx): add OpenSSL TLS backend with full feature parity to BoringSSL
Add a complete OpenSSL TLS backend as an alternative to BoringSSL, enabling
TLS support on platforms where BoringSSL is unavailable. The backend mirrors
the existing BoringSSL implementation with session caching, SNI, ALPN,
hostname verification, mTLS, and keylog support.
Key changes:
- New openssl module with SslConnector-based TLS setup, sharded LRU session
cache, and Tower Service implementations for Uri, ConnectRequest, and
EstablishedConn
- TlsVersion Hash impl uses discriminant matching instead of format!() to
avoid heap allocation on the hot path
- setup_ssl now applies tls_sni and verify_hostname settings for Service<Uri>
- set_bool! macro explicitly discards set_options return value
- unsafe block in setup_ssl2 annotated with # Safety comment
- CertificateCompressionAlgorithm placeholder derives Debug/Clone/Copy with
clarifying docs
- HandshakeConfigBuilder methods marked #[must_use]
- Cert store rebuild documented with API limitation rationale
- Identity add_to_tls implemented for openssl::ssl::SslConnectorBuilder
- PEM extraction helpers shared between boring and openssl backends
- Integration test for mTLS with combined PEM identity
0 commit comments