The default value is 'false', which is a change from upstream
rustls-platform-verifier, but consistent with the general platform
recommendations for certificate verification on Android, including
OkHttp's behavior.
Rather than embedding a server certificate inside every sender
certificate, future sender certificates will be able to reference
their server certificate by ID as long as all receivers have a version
of libsignal containing that certificate.
This change also handles the sender ACI being represented as bytes
instead of a string.
The "fingerprint" / safety number operations *are* tied to the
"protocol" in that they provide a way to verify identity keys, but
they are also completely distinct from the message handling that the
rest of SignalProtocolError is used for.
- Java: This distinction is already made, just reworded
- Node: We include "protocol errors" in IoError here, where retrying
probably won't help, but it won't really be harmful either.
- Swift: Automatically retryable errors are now enumerated; other
errors are still described as "manually retryable". (Also, fixed a
redundant error message format call.)
Before
> I libsignal: rust/bridge/shared/types/src/net.rs:132: Initializing connection manager for Staging...
After
> [11:03:32.956965 libsignal] I rust/bridge/shared/types/src/net.rs:132: Initializing connection manager for Staging...
- Use a local frame for bridge_io when completing futures
- Use a local frame for ChatListener callbacks
- Use AutoLocal for exception formatting callbacks
Improvements included in this first iteration:
- Nullable/non-nullable!
- ObjectHandle typealias for Long
- Fixed handling for CompletableFuture<Void> (previously translated
without generics at all in some cases)
Co-authored-by: Alex Bakon <akonradi@signal.org>
Previously, we used a per-project directory glob for Kotlin and Java
sources, which (1) was overly general, (2) ran afoul of Gradle's rules
about "if you look in a directory you must depend on it", and (3)
required us to make a fake subproject in the shared/ folder because
Spotless doesn't like sources outside the project directory.
Now, we delay complete evaluation of the root project until
subprojects are complete, and then add a single Spotless operation at
the top level that uses the subprojects' compile tasks to find exactly
the files to format.
Essentially, promotes "decide whether an HTTP status is interesting"
up to the generic "enclave" handling instead of being CDS-specific,
and then propagates the new case all the way out to apps.
The same error is being used both for timeouts and for "all attempts
failed"; if we're going to coalesce them (reasonable, given that the
only option in either case is "retry" or "don't"), "all attempts
failed" is a less misleading choice.
This changes the particular enum case in Swift from connectionTimedOut
to connectionFailed. Java continues to use NetworkException and
TypeScript the IoError code.
