From d9c05a1579d88f928ef3fef6866119d0872aef5b Mon Sep 17 00:00:00 2001 From: Igor Novgorodov Date: Wed, 4 Sep 2024 21:45:06 +0200 Subject: [PATCH] hyper-rustls: add ring Rustls backend & use it by default (#140) --- .github/workflows/ci.yml | 6 ++---- Cargo.toml | 19 ++++++++++++++---- derive/Cargo.toml | 3 ++- src/lib.rs | 42 ++++++++++++++++++++++++++++++++-------- 4 files changed, 53 insertions(+), 17 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e066c51..41f1b52 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,7 @@ env: RUSTFLAGS: -Dwarnings RUSTDOCFLAGS: -Dwarnings RUST_BACKTRACE: 1 - MSRV: 1.67.0 + MSRV: 1.70.0 jobs: build: @@ -32,9 +32,6 @@ jobs: - run: rustup toolchain install ${{ env.MSRV }} --profile minimal - run: rustup override set ${{ env.MSRV }} - run: rustup show active-toolchain -v - # cargo from toolchain v1.67 doesn't choose versions based on MSRV, - # so we downgrade tokio because since v1.39 it requires rustc >=1.70. - - run: cargo update -p tokio --precise 1.38.1 - run: cargo build - run: cargo build --no-default-features - run: cargo build --features uuid,time @@ -60,6 +57,7 @@ jobs: - run: cargo clippy --all-targets --no-default-features - run: cargo build --all-targets --features native-tls - run: cargo build --all-targets --features rustls-tls + - run: cargo build --all-targets --features rustls-tls-aws - run: cargo clippy --all-targets --all-features test: diff --git a/Cargo.toml b/Cargo.toml index f5a0f44..9672043 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,7 +9,8 @@ homepage = "https://clickhouse.com" license = "MIT OR Apache-2.0" readme = "README.md" edition = "2021" -rust-version = "1.67.0" # update `derive/Cargo.toml` and CI if changed +# update `derive/Cargo.toml` and CI if changed +rust-version = "1.70.0" [lints.rust] rust_2018_idioms = { level = "warn", priority = -1 } @@ -57,7 +58,8 @@ uuid = ["dep:uuid"] time = ["dep:time"] lz4 = ["dep:lz4_flex", "dep:cityhash-rs"] native-tls = ["dep:hyper-tls"] -rustls-tls = ["dep:hyper-rustls"] +rustls-tls = ["dep:hyper-rustls", "dep:rustls", "hyper-rustls?/ring"] +rustls-tls-aws = ["dep:hyper-rustls", "dep:rustls", "hyper-rustls?/aws-lc-rs"] [dependencies] clickhouse-derive = { version = "0.2.0", path = "derive" } @@ -70,7 +72,14 @@ http-body-util = "0.1.2" hyper = "1.4" hyper-util = { version = "0.1.6", features = ["client-legacy", "http1"] } hyper-tls = { version = "0.6.0", optional = true } -hyper-rustls = { version = "0.27.2", features = ["webpki-roots"], optional = true } +rustls = { version = "0.23", default-features = false, optional = true } +hyper-rustls = { version = "0.27.2", default-features = false, features = [ + "http1", + "http2", + "native-tokio", + "tls12", + "webpki-roots", +], optional = true } url = "2.1.1" futures = "0.3.5" futures-channel = "0.3.30" @@ -78,7 +87,9 @@ static_assertions = "1.1" sealed = "0.5" sha-1 = { version = "0.10", optional = true } serde_json = { version = "1.0.68", optional = true } -lz4_flex = { version = "0.11.3", default-features = false, features = ["std"], optional = true } +lz4_flex = { version = "0.11.3", default-features = false, features = [ + "std", +], optional = true } cityhash-rs = { version = "=1.0.1", optional = true } # exact version for safety uuid = { version = "1", optional = true } time = { version = "0.3", optional = true } diff --git a/derive/Cargo.toml b/derive/Cargo.toml index e0b86ec..d1129c1 100644 --- a/derive/Cargo.toml +++ b/derive/Cargo.toml @@ -7,7 +7,8 @@ repository = "https://github.com/ClickHouse/clickhouse-rs" homepage = "https://clickhouse.com" edition = "2021" license = "MIT OR Apache-2.0" -rust-version = "1.67.0" # update `Cargo.toml` and CI if changed +# update `Cargo.toml` and CI if changed +rust-version = "1.70.0" [lib] proc-macro = true diff --git a/src/lib.rs b/src/lib.rs index 112a14e..dc89680 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -48,6 +48,22 @@ const TCP_KEEPALIVE: Duration = Duration::from_secs(60); // See https://github.com/ClickHouse/ClickHouse/blob/368cb74b4d222dc5472a7f2177f6bb154ebae07a/programs/server/config.xml#L201 const POOL_IDLE_TIMEOUT: Duration = Duration::from_secs(2); +#[cfg(all( + not(feature = "native-tls"), + any(feature = "rustls-tls", feature = "rustls-tls-aws") +))] +fn prepare_hyper_rustls_connector( + connector: HttpConnector, + provider: impl Into>, +) -> hyper_rustls::HttpsConnector { + hyper_rustls::HttpsConnectorBuilder::new() + .with_provider_and_webpki_roots(provider) + .unwrap() + .https_or_http() + .enable_http1() + .wrap_connector(connector) +} + /// A client containing HTTP pool. #[derive(Clone)] pub struct Client { @@ -70,18 +86,28 @@ impl Default for Client { // TODO: make configurable in `Client::builder()`. connector.set_keepalive(Some(TCP_KEEPALIVE)); - #[cfg(any(feature = "native-tls", feature = "rustls-tls"))] + #[cfg(any( + feature = "native-tls", + feature = "rustls-tls", + feature = "rustls-tls-aws" + ))] connector.enforce_http(false); - #[cfg(all(feature = "native-tls", not(feature = "rustls-tls")))] + #[cfg(all( + feature = "native-tls", + not(feature = "rustls-tls"), + not(feature = "rustls-tls-aws") + ))] let connector = hyper_tls::HttpsConnector::new_with_connector(connector); - #[cfg(feature = "rustls-tls")] - let connector = hyper_rustls::HttpsConnectorBuilder::new() - .with_webpki_roots() - .https_or_http() - .enable_http1() - .wrap_connector(connector); + #[cfg(all(feature = "rustls-tls", not(feature = "rustls-tls-aws")))] + let connector = + prepare_hyper_rustls_connector(connector, rustls::crypto::ring::default_provider()); + #[cfg(all(feature = "rustls-tls-aws", not(feature = "rustls-tls")))] + let connector = prepare_hyper_rustls_connector( + connector, + rustls::crypto::aws_lc_rs::default_provider(), + ); let client = HyperClient::builder(TokioExecutor::new()) .pool_idle_timeout(POOL_IDLE_TIMEOUT)