Cargo.lock

@@ -292,6 +292,7 @@ dependencies = [
  "http-body",
  "hyper",
  "hyper-rustls 0.22.1",
+ "hyper-tls",
  "lazy_static",
  "pin-project-lite",
  "tokio",
@@ -956,6 +957,21 @@ version = "1.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
 
+[[package]]
+name = "foreign-types"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
+dependencies = [
+ "foreign-types-shared",
+]
+
+[[package]]
+name = "foreign-types-shared"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
+
 [[package]]
 name = "form_urlencoded"
 version = "1.1.0"
@@ -1661,6 +1677,19 @@ dependencies = [
  "tokio-io-timeout",
 ]
 
+[[package]]
+name = "hyper-tls"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905"
+dependencies = [
+ "bytes",
+ "hyper",
+ "native-tls",
+ "tokio",
+ "tokio-native-tls",
+]
+
 [[package]]
 name = "iana-time-zone"
 version = "0.1.53"
@@ -1836,6 +1865,7 @@ dependencies = [
  "garage_util",
  "http",
  "hyper-rustls 0.23.2",
+ "hyper-tls",
  "log",
  "rusoto_core",
  "rusoto_credential",
@@ -2187,6 +2217,24 @@ version = "0.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e5ce46fe64a9d73be07dcbe690a38ce1b293be448fd8ce1e6c1b8062c9f72c6a"
 
+[[package]]
+name = "native-tls"
+version = "0.2.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e"
+dependencies = [
+ "lazy_static",
+ "libc",
+ "log",
+ "openssl",
+ "openssl-probe",
+ "openssl-sys",
+ "schannel",
+ "security-framework",
+ "security-framework-sys",
+ "tempfile",
+]
+
 [[package]]
 name = "netapp"
 version = "0.5.2"
@@ -2357,12 +2405,50 @@ version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
 
+[[package]]
+name = "openssl"
+version = "0.10.52"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "01b8574602df80f7b85fdfc5392fa884a4e3b3f4f35402c070ab34c3d3f78d56"
+dependencies = [
+ "bitflags",
+ "cfg-if",
+ "foreign-types",
+ "libc",
+ "once_cell",
+ "openssl-macros",
+ "openssl-sys",
+]
+
+[[package]]
+name = "openssl-macros"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "openssl-probe"
 version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
 
+[[package]]
+name = "openssl-sys"
+version = "0.9.87"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e17f59264b2809d77ae94f0e1ebabc434773f370d6ca667bd223ea10e06cc7e"
+dependencies = [
+ "cc",
+ "libc",
+ "pkg-config",
+ "vcpkg",
+]
+
 [[package]]
 name = "opentelemetry"
 version = "0.17.0"
@@ -2971,6 +3057,7 @@ dependencies = [
  "http",
  "hyper",
  "hyper-rustls 0.23.2",
+ "hyper-tls",
  "lazy_static",
  "log",
  "rusoto_credential",
@@ -3739,6 +3826,16 @@ dependencies = [
  "syn",
 ]
 
+[[package]]
+name = "tokio-native-tls"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2"
+dependencies = [
+ "native-tls",
+ "tokio",
+]
+
 [[package]]
 name = "tokio-rustls"
 version = "0.22.0"

doc/book/reference-manual/k2v.md

@@ -37,19 +37,19 @@ api_bind_addr = "<ip>:<port>"
 Please select a port number that is not already in use by another API
 endpoint (S3 api, admin API) or by the RPC server.
 
-We provide an early-stage K2V client library for Rust which can be imported by adding the following to your `Cargo.toml` file:
+We provide an early-stage K2V client library for Rust which can be imported by adding the following to your `Cargo.toml` file (enable either `tls-native` or `tls-rustls`):
 
 ```toml
-k2v-client = { git = "https://git.deuxfleurs.fr/Deuxfleurs/garage.git" }
+k2v-client = { git = "https://git.deuxfleurs.fr/Deuxfleurs/garage.git", features = ["tls-rustls"] }
 ```
 
 There is also a simple CLI utility which can be built from source in the
-following way:
+following way (enable either `tls-native` or `tls-rustls`):
 
 ```sh
 git clone https://git.deuxfleurs.fr/Deuxfleurs/garage.git
 cd garage/src/k2v-client
-cargo build --features cli --bin k2v-cli
+cargo build --features cli,tls-rustls --bin k2v-cli
 ```
 
 The CLI utility is self-documented, run `k2v-cli --help` to learn how to use

src/garage/Cargo.toml

@@ -59,7 +59,7 @@ opentelemetry-otlp = { version = "0.10", optional = true }
 prometheus = { version = "0.13", optional = true }
 
 [dev-dependencies]
-aws-sdk-s3 = "0.19"
+aws-sdk-s3 = { version = "0.19", default-features = false, features = ["rt-tokio"] }
 chrono = "0.4"
 http = "0.2"
 hmac = "0.12"
@@ -95,6 +95,6 @@ telemetry-otlp = [ "opentelemetry-otlp" ]
 # exactly one of them should be enabled.
 
 # Use bundled libsqlite instead of linking against system-provided.
-bundled-libs = [ "garage_db/bundled-libs" ]
-# Link against system-provided libsodium and libzstd.
-system-libs = [ "garage_block/system-libs", "garage_rpc/system-libs", "sodiumoxide/use-pkg-config" ]
+bundled-libs = [ "garage_db/bundled-libs", "aws-sdk-s3/rustls" ]
+# Link against system-provided libsodium, libzstd and TLS library.
+system-libs = [ "garage_block/system-libs", "garage_rpc/system-libs", "sodiumoxide/use-pkg-config", "aws-sdk-s3/native-tls" ]

src/k2v-client/Cargo.toml

@@ -12,10 +12,11 @@ readme = "../../README.md"
 base64 = "0.21"
 http = "0.2"
 log = "0.4"
-rusoto_core = { version = "0.48.0", default-features = false, features = ["rustls"] }
+rusoto_core = { version = "0.48.0", default-features = false }
 rusoto_credential = "0.48.0"
 rusoto_signature = "0.48.0"
-hyper-rustls = { version = "0.23", default-features = false, features = [ "http1", "http2", "tls12" ] }
+hyper-rustls = { version = "0.23", default-features = false, features = [ "http1", "http2", "tls12" ], optional = true }
+hyper-tls = { version = "0.5.0", optional = true }
 serde = "1.0"
 serde_json = "1.0"
 thiserror = "1.0"
@@ -28,6 +29,9 @@ garage_util = { version = "0.8.2", path = "../util", optional = true }
 
 [features]
 cli = ["clap", "tokio/fs", "tokio/io-std", "garage_util"]
+# tls-native and tls-rustls are mutually exclusive.
+tls-native = ["rusoto_core/native-tls", "hyper-tls"]
+tls-rustls = ["rusoto_core/rustls", "hyper-rustls"]
 
 [lib]
 path = "lib.rs"

src/k2v-client/lib.rs

@@ -19,6 +19,12 @@ mod error;
 
 pub use error::Error;
 
+#[cfg(all(feature = "tls-native", feature = "tls-rustls"))]
+compile_error!("Features \"tls-native\" and \"tls-rustls\" are mutually exclusive.");
+
+#[cfg(not(any(feature = "tls-native", feature = "tls-rustls")))]
+compile_error!("Either feature \"tls-native\" or \"tls-rustls\" must be enabled for this crate.");
+
 const DEFAULT_TIMEOUT: Duration = Duration::from_secs(5);
 const DEFAULT_POLL_TIMEOUT: Duration = Duration::from_secs(300);
 const SERVICE: &str = "k2v";
@@ -40,12 +46,16 @@ impl K2vClient {
 		creds: AwsCredentials,
 		user_agent: Option<String>,
 	) -> Result<Self, Error> {
+		#[cfg(feature = "tls-rustls")]
 		let connector = hyper_rustls::HttpsConnectorBuilder::new()
 			.with_native_roots()
 			.https_or_http()
 			.enable_http1()
 			.enable_http2()
 			.build();
+		#[cfg(feature = "tls-native")]
+		let connector = hyper_tls::HttpsConnector::new();
+
 		let mut client = HttpClient::from_connector(connector);
 		if let Some(ua) = user_agent {
 			client.local_agent_prepend(ua);