Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #6306 +/- ##
=======================================
Coverage 89.81% 89.82%
=======================================
Files 376 376
Lines 102447 102447
Branches 102447 102447
=======================================
+ Hits 92017 92019 +2
+ Misses 6850 6843 -7
- Partials 3580 3585 +5 ☔ View full report in Codecov by Sentry. |
jmartinesp
force-pushed
the
fix/rustls-with-android
branch
from
cbd1f9a to
eea7063
Compare
| #[cfg(target_os = "android")] | ||
| builder.on_thread_start(|| { | ||
| android_platform::android_attach_current_thread_permanently() | ||
| .expect("Failed to attach thread"); | ||
| }); |
There was a problem hiding this comment.
Since we have access to the JavaVM now, it seems like it's recommended to use this method to attach JVM threads to Rust ones according to uniffi.
jmartinesp
force-pushed
the
fix/rustls-with-android
branch
2 times, most recently
from
10f9f6b to
29298ab
Compare
|
Thank you but no thank you, you don't want me reviewing this 😅 |
poljar
left a comment
poljar
left a comment
There was a problem hiding this comment.
Ok, I think all of this is making sense to me. Obviously I trust you that you checked that this actually works.
Note self-signed certificates will no longer work with these changes on Android, and providing them in ClientBuilder::add_root_certificates will make most requests fail. This can be handled separately.
This will be mostly done on the EXA side? I remember pushing a PR there which used this method to add custom certs, and now we can just use the system cert store for this, right?
Now you made me anxious and I'll have to quadruple-check it!
Yeah, I think we'll just stop providing these custom certs manually in |
jmartinesp
force-pushed
the
fix/rustls-with-android
branch
from
6feb4eb to
0918b5a
Compare
It turns out on Android, rustls needs [a custom setup](https://github.com/rustls/rustls-platform-verifier#android) and adding the `rustls-platform-verifier-android` library that's [not available on Maven](rustls/rustls-platform-verifier#115). Then, from the Android clients we'd need to call some exposed JNI function so we can provide a JVM context from where Rust can take the `Application` component and access its contents to read its credentials storage. Thanks to some tricks we can use `libloading` to simulate this call from Rust itself and properly initialise the platform verifier. Note self-signed certificates will no longer work with these changes on Android, and providing them in `ClientBuilder::add_root_certificates` will make most requests fail. This can be handled separately.
jmartinesp
force-pushed
the
fix/rustls-with-android
branch
from
0918b5a to
c49ad73
Compare
3 participants
It turns out on Android, rustls needs a custom setup and adding the
rustls-platform-verifier-androidlibrary that's not available on Maven.Then, from the Android clients we'd need to call some exposed JNI function so we can provide a JVM context from where Rust can take the
Applicationcomponent and access its contents to read its credentials storage. Thanks to some tricks we can uselibloadingto simulate this call from Rust itself and properly initialise the platform verifier.Note self-signed certificates will no longer work with these changes on Android, and providing them in
ClientBuilder::add_root_certificateswill make most requests fail. This can be handled separately.CHANGELOG.mdfiles.Signed-off-by: