rustls allows the choice of ring or aws-lc-rs as the cryptographic
library implementation. This is enabled/selected via Cargo feature
flags. We have plugins directly or indirectly depending on rustls
like quinn, aws and spotify. In the presence of multiple plugins,
selecting different implementations as the default, rustls can
panic.
The safest way to avoid this is by using builder_with_provider
and selecting a provider explicitly.
See below issues for further discussion and clarifications.
https://github.com/rustls/rustls/issues/1877https://github.com/seanmonstar/reqwest/pull/2225
While at it, also specify features explicitly for quinn and rustls.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/1878>
The certificate chain was incorrectly being passed the private key instead
of certificate. With rustls 0.23.11 version, this error was being caught
and reported. As stated in the 0.23.11 release, it has a new feature
"API for determining whether a CertifiedKey's certificate and private key
matches: keys_match(). This is called from existing fallible functions
that accept a private key and certificate (for example, with_single_cert())
so these functions now detect this misconfiguration."
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/1666>
We now check if the peer actually supports Datagram and refusing to
proceed if it does not. Since the datagram size can actually change
over the lifetime of a connection according to variation in path MTU
estimate, also check buffer size before trying to send.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/1613>
It would be possible that there is no cancellable yet when unlock() is
called, then a new future is executed and it wouldn't have any
information that it is not supposed to run at all.
To solve this remember if unlock() was called and reset this in
unlock_stop().
Also actually implement unlock() / unlock_stop() for the sink, and don't
cancel in stop() as unlock() / unlock_stop() would've been called before
that already.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/1602>
