update rustls v0.20 -> v0.21

[cpu]

Description

This branch updates rustls-platform-verifier to use the recently released rustls 0.21.0, both as a direct dependency and through upgrades to relevant transitive deps reqwest, hyper-rustls, and tokio-rustls).

Details

Most notable for this codebase, the rustls::Error::InvalidCertificateData has been removed and replaced
by InvalidCertificate and a number of CertificateError sub-variants.

Now that the upstream InvalidCertificate error offers a way to specify what went wrong with more granularity we're able to trim all of the error_messages consts, choosing instead to return the more specific upstream error types. For the case where invalid extensions are detected we define our own error type to use consistently across verifiers.

In all other circumstances where we want to return an InvalidCertificate error with some platform specific error message we
use the InvalidCertificate(CertificateError::Other) variant with the error message, re-purposing the invalid_certificate helper for constructing an Arc over a Box with the error message.

We also have to take some special care when asserting the equality of errors, handling the case where looking at a CertificateError::Other specially, since it can box a dyn error that can't be compared directly without downcasting the error to a concrete type.

Remaining work

• wait for update rustls v0.20.7 -> v0.21.0  tokio-rs/tls#137 to be merged
• wait for tokio-rustls v0.24.0 to be published to crates.io
• remove Cargo.toml patch for tokio-rustls
• wait for hyper-rustls v0.24.0 w/ rustls 0.21.0 + tokio-rustls 0.24.0 hyper-rustls#199 to be merged
• wait for hyper-rustls 0.24.0 to be published to crates.io
• remove Cargo.toml patch for hyper-rustls
• wait for deps: update rustls v0.20.1 -> v0.21.0 seanmonstar/reqwest#1791 to be merged
• wait for reqwest 0.11.18 to be published to crates.io
• remove Cargo.toml patch for reqwest
• get this PR approved.

[cpu]

@complexspaces I think this is ready for an initial review now. I'm happy to make adjustments if any parts are still off the mark. My familiarity with this crate is still very low :-)

[cpu]

cpu force-pushed the cpu-rustls-0.21.0-prep branch from 6d613c9 to 0cdc9d2

Since Rustls restored PartialEq on the error type I was able to drop the debug assertion match helper. We're back to using assert_eq! with a small helper for coarsely matching the CertificateError::Other case. PR description updated accordingly.

[complexspaces]

Overall this looks pretty good, my only real concern is how the EKU errors aren't being exactly tested for anymore.

[cpu]

@complexspaces I think this is ready for another review pass when you have a chance. There's no big rush because we still have a few other dependencies that need to be updated so we can remove the Cargo patches here.

[complexspaces]

I have one last thing, but otherwise this looks good. Now its just a matter of the rest of the ecosystem catching up :)

[cpu]

cpu force-pushed the cpu-rustls-0.21.0-prep branch from cf59e4b to dda43b4

Rebased on main and fixed the Cargo.toml conflict.

Now its just a matter of the rest of the ecosystem catching up :)

Slowly but surely :-) I updated the README with a rough checklist of things we're waiting on.

[complexspaces]

Thanks for the list, that's pretty helpful 👍

[cpu]

Haven't forgotten about this PR :-) Things are moving again and I'm hopeful we'll be able to tie a bow on this in the next week or two.

[complexspaces]

No worries at all, I've been following along with the other releases that are leading up to this.

[cpu]

@complexspaces All set! 🚀

[complexspaces]

Thanks again for handling this!