Skip to content

Consider an upgrade to security-framework 3.x #339

New issue
New issue
Open
Open
Consider an upgrade to security-framework 3.x#339
@opara-tor

Description

@opara-tor
opara-tor
opened on Sep 28, 2025

I see that there's already an MR open to upgrade the security-framework version, but figured it would be useful to have a tracking issue open for this in case there's a reason to hold off from upgrading to security-framework 3.x.

Anyways, I think it would be useful to consider upgrading from security-framework 2.x to 3.x, which has some bug fixes. For example security-framework 3.5.1 has a bug fix that allows native-tls to be used with buffered connections on Mac OS, such as those used by the Arti project. Below I've added a slightly modified version of the native-tls example which fails to run correctly with the latest native-tls version 0.2.14 on Mac OS, but does work if the security-framework dependency version is updated to 3.5.1.

Click to show example 
use native_tls::TlsConnector;
use std::io::{Read, Write};
use std::net::TcpStream;
use std::io::BufWriter;

fn main() {
    let connector = TlsConnector::new().unwrap();

    let stream = TcpStream::connect("google.com:443").unwrap();
    // add a buffered writer
    let stream = BufferedTcpStream::new(stream);
    let mut stream = connector.connect("google.com", stream).unwrap();

    stream.write_all(b"GET / HTTP/1.0\r\n\r\n").unwrap();
    let mut res = vec![];
    stream.read_to_end(&mut res).unwrap();
    println!("{}", String::from_utf8_lossy(&res));
}

/// Small wrapper around a `TcpStream` to provide buffered writes.
#[derive(Debug)]
struct BufferedTcpStream {
    reader: TcpStream,
    writer: BufWriter<TcpStream>,
}

impl BufferedTcpStream {
    fn new(tcp: TcpStream) -> Self {
        Self {
            writer: BufWriter::with_capacity(500, tcp.try_clone().unwrap()),
            reader: tcp,
        }
    }
}

impl Read for BufferedTcpStream {
    fn read(&mut self, buf: &mut [u8]) -> std::io::Result<usize> {
        self.reader.read(buf)
    }
}

impl Write for BufferedTcpStream {
    fn write(&mut self, buf: &[u8]) -> std::io::Result<usize> {
        self.writer.write(buf)
    }

    fn flush(&mut self) -> std::io::Result<()> {
        self.writer.flush()
    }
}
$ cargo run
thread 'main' panicked at src/main.rs:12:62:
called `Result::unwrap()` on an `Err` value: Failure(Error { code: -9806, message: "connection closed via error" })
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Edit: This would also close #335.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions