From 92a86e3cd16bae6bbe52cdae486c236d68d3dcd3 Mon Sep 17 00:00:00 2001 From: Jakub Jirutka Date: Sun, 7 May 2023 15:38:13 +0200 Subject: [PATCH] k2v-client: Add support for native TLS library So it can be dynamically linked with the system-provided TLS library instead of bundling rustls. --- Cargo.lock | 96 ++++++++++++++++++++++++++++++++ doc/book/reference-manual/k2v.md | 8 +-- src/k2v-client/Cargo.toml | 8 ++- src/k2v-client/lib.rs | 10 ++++ 4 files changed, 116 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 89d25740..e24b8b18 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -956,6 +956,21 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + [[package]] name = "form_urlencoded" version = "1.1.0" @@ -1661,6 +1676,19 @@ dependencies = [ "tokio-io-timeout", ] +[[package]] +name = "hyper-tls" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" +dependencies = [ + "bytes", + "hyper", + "native-tls", + "tokio", + "tokio-native-tls", +] + [[package]] name = "iana-time-zone" version = "0.1.53" @@ -1836,6 +1864,7 @@ dependencies = [ "garage_util", "http", "hyper-rustls 0.23.2", + "hyper-tls", "log", "rusoto_core", "rusoto_credential", @@ -2187,6 +2216,24 @@ version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a" +[[package]] +name = "native-tls" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e" +dependencies = [ + "lazy_static", + "libc", + "log", + "openssl", + "openssl-probe", + "openssl-sys", + "schannel", + "security-framework", + "security-framework-sys", + "tempfile", +] + [[package]] name = "netapp" version = "0.5.2" @@ -2357,12 +2404,50 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" +[[package]] +name = "openssl" +version = "0.10.52" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "01b8574602df80f7b85fdfc5392fa884a4e3b3f4f35402c070ab34c3d3f78d56" +dependencies = [ + "bitflags", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", +] + +[[package]] +name = "openssl-macros" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "openssl-probe" version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" +[[package]] +name = "openssl-sys" +version = "0.9.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e17f59264b2809d77ae94f0e1ebabc434773f370d6ca667bd223ea10e06cc7e" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + [[package]] name = "opentelemetry" version = "0.17.0" @@ -2971,6 +3056,7 @@ dependencies = [ "http", "hyper", "hyper-rustls 0.23.2", + "hyper-tls", "lazy_static", "log", "rusoto_credential", @@ -3739,6 +3825,16 @@ dependencies = [ "syn", ] +[[package]] +name = "tokio-native-tls" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" +dependencies = [ + "native-tls", + "tokio", +] + [[package]] name = "tokio-rustls" version = "0.22.0" diff --git a/doc/book/reference-manual/k2v.md b/doc/book/reference-manual/k2v.md index ed069b27..a0ee6552 100644 --- a/doc/book/reference-manual/k2v.md +++ b/doc/book/reference-manual/k2v.md @@ -37,19 +37,19 @@ api_bind_addr = ":" Please select a port number that is not already in use by another API endpoint (S3 api, admin API) or by the RPC server. -We provide an early-stage K2V client library for Rust which can be imported by adding the following to your `Cargo.toml` file: +We provide an early-stage K2V client library for Rust which can be imported by adding the following to your `Cargo.toml` file (enable either `tls-native` or `tls-rustls`): ```toml -k2v-client = { git = "https://git.deuxfleurs.fr/Deuxfleurs/garage.git" } +k2v-client = { git = "https://git.deuxfleurs.fr/Deuxfleurs/garage.git", features = ["tls-rustls"] } ``` There is also a simple CLI utility which can be built from source in the -following way: +following way (enable either `tls-native` or `tls-rustls`): ```sh git clone https://git.deuxfleurs.fr/Deuxfleurs/garage.git cd garage/src/k2v-client -cargo build --features cli --bin k2v-cli +cargo build --features cli,tls-rustls --bin k2v-cli ``` The CLI utility is self-documented, run `k2v-cli --help` to learn how to use diff --git a/src/k2v-client/Cargo.toml b/src/k2v-client/Cargo.toml index 52c16d89..b4738c9c 100644 --- a/src/k2v-client/Cargo.toml +++ b/src/k2v-client/Cargo.toml @@ -12,10 +12,11 @@ readme = "../../README.md" base64 = "0.21" http = "0.2" log = "0.4" -rusoto_core = { version = "0.48.0", default-features = false, features = ["rustls"] } +rusoto_core = { version = "0.48.0", default-features = false } rusoto_credential = "0.48.0" rusoto_signature = "0.48.0" -hyper-rustls = { version = "0.23", default-features = false, features = [ "http1", "http2", "tls12" ] } +hyper-rustls = { version = "0.23", default-features = false, features = [ "http1", "http2", "tls12" ], optional = true } +hyper-tls = { version = "0.5.0", optional = true } serde = "1.0" serde_json = "1.0" thiserror = "1.0" @@ -28,6 +29,9 @@ garage_util = { version = "0.8.2", path = "../util", optional = true } [features] cli = ["clap", "tokio/fs", "tokio/io-std", "garage_util"] +# tls-native and tls-rustls are mutually exclusive. +tls-native = ["rusoto_core/native-tls", "hyper-tls"] +tls-rustls = ["rusoto_core/rustls", "hyper-rustls"] [lib] path = "lib.rs" diff --git a/src/k2v-client/lib.rs b/src/k2v-client/lib.rs index ca52d0cf..6bb5aa22 100644 --- a/src/k2v-client/lib.rs +++ b/src/k2v-client/lib.rs @@ -19,6 +19,12 @@ mod error; pub use error::Error; +#[cfg(all(feature = "tls-native", feature = "tls-rustls"))] +compile_error!("Features \"tls-native\" and \"tls-rustls\" are mutually exclusive."); + +#[cfg(not(any(feature = "tls-native", feature = "tls-rustls")))] +compile_error!("Either feature \"tls-native\" or \"tls-rustls\" must be enabled for this crate."); + const DEFAULT_TIMEOUT: Duration = Duration::from_secs(5); const DEFAULT_POLL_TIMEOUT: Duration = Duration::from_secs(300); const SERVICE: &str = "k2v"; @@ -40,12 +46,16 @@ impl K2vClient { creds: AwsCredentials, user_agent: Option, ) -> Result { + #[cfg(feature = "tls-rustls")] let connector = hyper_rustls::HttpsConnectorBuilder::new() .with_native_roots() .https_or_http() .enable_http1() .enable_http2() .build(); + #[cfg(feature = "tls-native")] + let connector = hyper_tls::HttpsConnector::new(); + let mut client = HttpClient::from_connector(connector); if let Some(ua) = user_agent { client.local_agent_prepend(ua);