```
warning: unnecessary structure name repetition
--> rustls/src/msgs/handshake.rs:1385:52
|
1385 | pub(crate) fn new(cert: CertificateDer<'a>) -> CertificateEntry<'a> {
| ^^^^^^^^^^^^^^^^^^^^ help: use the applicable keyword: `Self`
|
= help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#use_self
note: the lint level is defined here
--> rustls/src/lib.rs:310:5
|
310 | clippy::use_self,
| ^^^^^^^^^^^^^^^^
```
- before the handshake finishes
- after a `close_notify` before the handshake finishes
- after a `close_notify` after the handshake finishes
- `read_tls` artificial EOF after `close_notify`
We deny warnings in CI (during clippy runs), which seems sufficient.
Denying lints is annoying during development especially when working
on a release branches (after the lints have gotten more precise).
In practice this test is more noisy than useful. This commit relaxes it
to only check that the builder types/intermediate states are debug, but
not that the debug representation is a byte-for-byte match to an
expected value.
The `HpkeSuite` type is small enough to be a candidate for `Copy`. The
`HpkePublicKey` type should be `Debug` and `Clone` so we can easily use
it for GREASE ECH configurations.
Fixes warnings generated with nightly when generating cargo docs of the
form:
```
error: unexpected `cfg` condition name: `bench`
--> rustls/src/lib.rs:305:31
|
305 | #![cfg_attr(not(any(read_buf, bench)), forbid(unstable_features))]
| ^^^^^
|
= help: consider using a Cargo feature instead or adding `println!("cargo::rustc-check-cfg=cfg(bench)");` to the top of the `build.rs`
= note: see <https://doc.rust-lang.org/nightly/cargo/reference/build-scripts.html#rustc-check-cfg> for more information about checking conditional configuration
```
We also need to apply this suggestion for `read_buf`, because of
a workaround documented for another upstream rust issue.
Note, because our MSRV is 1.63 we have to add the new `build.rs`
directives with the prefix `cargo:` instead of `cargo::` as described in
the warning output, or we get a new error of the form:
```
error: the `cargo::` syntax for build script output instructions was added in Rust 1.77.0, but the minimum supported Rust version of `rustls v0.23.5 (/home/daniel/Code/Rust/rustls/rustls)` is 1.63.
See https://doc.rust-lang.org/cargo/reference/build-scripts.html#outputs-of-the-build-script for more information about build script outputs.
```
When building with `--no-default-features --features ring` there are
a couple clippy warnings produced:
```
$ cargo check --manifest-path=rustls/Cargo.toml --no-default-features --features=ring
error: struct `Hmac` is never constructed
--> rustls/src/crypto/ring/hmac.rs:16:19
|
16 | pub(crate) struct Hmac(&'static ring_like::hmac::Algorithm);
| ^^^^
|
= note: `-D dead-code` implied by `-D warnings`
= help: to override `-D warnings` add `#[allow(dead_code)]`
error: struct `Key` is never constructed
--> rustls/src/crypto/ring/hmac.rs:32:8
|
32 | struct Key(ring_like::hmac::Key);
| ^^^
```
This is fixed in this branch by conditionally compiling the
`crypto/ring/hmac.rs` mod based on whether we're building tests, or have
the tls-12 feature enabled.
In TLS1.2, this actually means ECDSA_SHA512. If the peer selects
that, we get caught out depending on the curve of the public key
because we don't support (for example) `ECDSA_NISTP256_SHA512`.
Reducing the preference of this improves matters, because a
peer that respects our priority will only select that if nothing
else is possible (which includes the cases that SHA256 and SHA384
are not supported, in which case we are hosed, but also if the
version is TLS1.3 and public key is on P521).
We're seeing more of our deps move to this MSRV or higher (e.g.
`webpki`, `rustls-platform-verifier`) and it's shipped in Debian stable.
Time to move our MSRV to 1.63.
This allows callers to see if their handshake was Resumed,
Full, or Full-with-HelloRetryRequest (which, broadly, are the
three "cost" levels for handshakes).
This is exposed as soon as it is known for sure.