What does HackerNews think of rustls-ffi?

Use rustls from languages other than Rust

Language: Rust

OpenSSL 1.1.1 End of Life | Sep 2023
Expand Context ↕
I think GnuTLS is probably the second most popular TLS library, after openssl.

Though actually, maybe, firefox's NSS is now that I think about it a second more. Firefox is at least some fraction of C-library-based ssl traffic out there.

I'll also mentions s2n and rustls-ffi for completeness as C libraries, though the former isn't widely used, and the latter is very experimental still. https://github.com/aws/s2n-tls and https://github.com/rustls/rustls-ffi respectively.
Rustls TLS Library 0.21.0 Released with New Features | Mar 2023
There is a C API for anyone who wants to use Rustls from C:

https://github.com/rustls/rustls-ffi/

OpenSSL 3.0.7 fixes X.509 email address buffer overflows | Nov 2022
Expand Context ↕
No need to wait, at least for TLS https://github.com/rustls/rustls-ffi
OpenSSL 3.0.7 Published | Nov 2022
Reminder that rustls exists as a pretty mature TLS implementation in safe Rust (thus systematically avoiding issues like this). Thanks to Brian Smith for creating the webpki crate which was thoroughly engineered from the start to avoid stuff like this.

rustls has C bindings these days: https://github.com/rustls/rustls-ffi

I've started work on Python bindings too, with the idea that it probably wouldn't be crazy hard to do something that can pass as an `ssl.SSLSocket`. Please sponsor me on GitHub if that's something you'd like to use (https://github.com/sponsors/djc).

Note, we're aware that by far the biggest impediment to adopting rustls is the lack of support for IP addresses in certificates (we currently need a DNS name). This work is funded and should be completed in the next few months.