Skip to content

Commit

Permalink
fix(transport): Remove support for OpenSSL (#141)
Browse files Browse the repository at this point in the history
BREAKING CHANGE: Remove support for OpenSSL within the transport.
  • Loading branch information
jen20 authored and LucioFranco committed Nov 15, 2019
1 parent c63c107 commit 8506050
Show file tree
Hide file tree
Showing 14 changed files with 82 additions and 465 deletions.
33 changes: 3 additions & 30 deletions .github/workflows/CI.yml
Original file line number Diff line number Diff line change
Expand Up @@ -74,12 +74,12 @@ jobs:
- name: Run tests
run: cargo test --all --all-features

interop-unix:
name: Interop Tests (Rustls & OpenSSL)
interop:
name: Interop Tests
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macOS-latest]
os: [ubuntu-latest, macOS-latest, windows-latest]
rust: [stable]

env:
Expand All @@ -98,30 +98,3 @@ jobs:
- name: Run interop tests with Rustls
run: ./tonic-interop/test.sh --use_tls tls_rustls
shell: bash
- name: Run interop tests with OpenSSL
run: ./tonic-interop/test.sh --use_tls tls_openssl
shell: bash

interop-windows:
name: Interop Tests (Rustls) (Windows)
runs-on: windows-latest
strategy:
matrix:
rust: [stable]

env:
RUSTFLAGS: "-D warnings"

steps:
- uses: hecrj/setup-rust-action@master
with:
rust-version: ${{ matrix.rust }}
- name: Install rustfmt
run: rustup component add rustfmt
- uses: actions/checkout@master
- name: Run interop tests
run: ./tonic-interop/test.sh
shell: bash
- name: Run interop tests with Rustls
run: ./tonic-interop/test.sh --use_tls tls_rustls
shell: bash
3 changes: 1 addition & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ contains the tools to build clients and servers from [`protobuf`] definitions.
- Bi-directional streaming
- High performance async io
- Interoperability
- TLS backed via either [`openssl`] or [`rustls`]
- TLS backed by [`rustls`]
- Load balancing
- Custom metadata
- Authentication
Expand Down Expand Up @@ -97,7 +97,6 @@ terms or conditions.
[`prost`]: https://github.com/danburkert/prost
[`protobuf`]: https://developers.google.com/protocol-buffers
[`rustls`]: https://github.com/ctz/rustls
[`openssl`]: https://www.openssl.org/
[`tonic-examples`]: https://github.com/hyperium/tonic/tree/master/tonic-examples
[`tonic-interop`]: https://github.com/hyperium/tonic/tree/master/tonic-interop
[Examples]: https://github.com/hyperium/tonic/tree/master/tonic-examples
Expand Down
2 changes: 1 addition & 1 deletion tonic-examples/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ name = "gcp-client"
path = "src/gcp/client.rs"

[dependencies]
tonic = { path = "../tonic", features = ["rustls"] }
tonic = { path = "../tonic", features = ["tls"] }
bytes = "0.4"
prost = "0.5"

Expand Down
7 changes: 1 addition & 6 deletions tonic-interop/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,6 @@ edition = "2018"
publish = false
license = "MIT"

[features]
default = ["tonic"]
tls_openssl = ["tonic", "tonic/tls", "tonic/openssl"]
tls_rustls = ["tonic", "tonic/tls", "tonic/rustls"]

[[bin]]
name = "client"
path = "src/bin/client.rs"
Expand All @@ -21,7 +16,7 @@ path = "src/bin/server.rs"

[dependencies]
tokio = "=0.2.0-alpha.6"
tonic = { path = "../tonic", optional = true }
tonic = { path = "../tonic", features = ["tls"] }
prost = "0.5"
prost-derive = "0.5"
bytes = "0.4"
Expand Down
34 changes: 7 additions & 27 deletions tonic-interop/src/bin/client.rs
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
use std::time::Duration;
use structopt::{clap::arg_enum, StructOpt};
use tonic::transport::Endpoint;
#[cfg(any(feature = "tls_rustls", feature = "tls_openssl"))]
use tonic::transport::{Certificate, ClientTlsConfig};
use tonic_interop::client;

Expand Down Expand Up @@ -33,32 +32,13 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
.concurrency_limit(30);

if matches.use_tls {
#[cfg(not(any(feature = "tls_rustls", feature = "tls_openssl")))]
{
panic!("No TLS library feature selected");
}

#[cfg(feature = "tls_rustls")]
{
let pem = tokio::fs::read("tonic-interop/data/ca.pem").await?;
let ca = Certificate::from_pem(pem);
endpoint = endpoint.tls_config(
ClientTlsConfig::with_rustls()
.ca_certificate(ca)
.domain_name("foo.test.google.fr"),
);
}

#[cfg(feature = "tls_openssl")]
{
let pem = tokio::fs::read("tonic-interop/data/ca.pem").await?;
let ca = Certificate::from_pem(pem);
endpoint = endpoint.tls_config(
ClientTlsConfig::with_openssl()
.ca_certificate(ca)
.domain_name("foo.test.google.fr"),
);
}
let pem = tokio::fs::read("tonic-interop/data/ca.pem").await?;
let ca = Certificate::from_pem(pem);
endpoint = endpoint.tls_config(
ClientTlsConfig::with_rustls()
.ca_certificate(ca)
.domain_name("foo.test.google.fr"),
);
}

let channel = endpoint.connect().await?;
Expand Down
26 changes: 4 additions & 22 deletions tonic-interop/src/bin/server.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ use structopt::StructOpt;
use tonic::body::BoxBody;
use tonic::client::GrpcService;
use tonic::transport::Server;
#[cfg(any(feature = "tls_rustls", feature = "tls_openssl"))]
use tonic::transport::{Identity, ServerTlsConfig};
use tonic_interop::{server, MergeTrailers};

Expand Down Expand Up @@ -50,28 +49,11 @@ async fn main() -> std::result::Result<(), Box<dyn std::error::Error>> {
});

if matches.use_tls {
#[cfg(not(any(feature = "tls_rustls", feature = "tls_openssl")))]
{
panic!("No TLS library feature selected");
}

#[cfg(feature = "tls_rustls")]
{
let cert = tokio::fs::read("tonic-interop/data/server1.pem").await?;
let key = tokio::fs::read("tonic-interop/data/server1.key").await?;
let identity = Identity::from_pem(cert, key);

builder = builder.tls_config(ServerTlsConfig::with_rustls().identity(identity));
}

#[cfg(feature = "tls_openssl")]
{
let cert = tokio::fs::read("tonic-interop/data/server1.pem").await?;
let key = tokio::fs::read("tonic-interop/data/server1.key").await?;
let identity = Identity::from_pem(cert, key);
let cert = tokio::fs::read("tonic-interop/data/server1.pem").await?;
let key = tokio::fs::read("tonic-interop/data/server1.key").await?;
let identity = Identity::from_pem(cert, key);

builder = builder.tls_config(ServerTlsConfig::with_openssl().identity(identity));
}
builder = builder.tls_config(ServerTlsConfig::with_rustls().identity(identity));
}

let test_service = server::TestServiceServer::new(server::TestService::default());
Expand Down
9 changes: 1 addition & 8 deletions tonic-interop/test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,8 @@ case "$OSTYPE" in
esac

ARG="${1:-""}"
TLS_PROVIDER="${2:-""}"

if [[ -n "${TLS_PROVIDER}" ]] ; then
FEATURES="--features ${TLS_PROVIDER}"
else
FEATURES=
fi

(cd tonic-interop && cargo build --bins ${FEATURES})
(cd tonic-interop && cargo build --bins)

SERVER="tonic-interop/bin/server_${OS}_amd64${EXT}"

Expand Down
12 changes: 2 additions & 10 deletions tonic/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,8 @@ transport = [
"tower-balance",
"tower-load",
]
openssl = ["openssl1", "tokio-openssl", "tls"]
rustls = ["tokio-rustls", "tls"]
openssl-roots = ["openssl-probe"]
rustls-roots = ["rustls-native-certs"]
tls = []
tls = ["tokio-rustls"]
tls-roots = ["rustls-native-certs"]

[[bench]]
name = "bench_main"
Expand Down Expand Up @@ -72,11 +69,6 @@ tower-make = "=0.3.0-alpha.2a"
tower-balance = { version = "=0.3.0-alpha.2", optional = true }
tower-load = { version = "=0.3.0-alpha.2", optional = true }

# openssl
tokio-openssl = { version = "=0.4.0-alpha.6", optional = true }
openssl1 = { package = "openssl", version = "0.10", optional = true }
openssl-probe = { version = "0.1", optional = true }

# rustls
tokio-rustls = { version = "=0.12.0-alpha.5", optional = true }
rustls-native-certs = { version = "0.1", optional = true }
Expand Down
18 changes: 6 additions & 12 deletions tonic/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,16 +20,11 @@
//! implementation based on [`hyper`], [`tower`] and [`tokio`]. Enabled by default.
//! - `codegen`: Enables all the required exports and optional dependencies required
//! for [`tonic-build`]. Enabled by default.
//! - `openssl`: Enables the `openssl` based tls options for the `transport` feature`. Not
//! - `tls`: Enables the `ruslts` based TLS options for the `transport` feature`. Not
//! enabled by default.
//! - `openssl-roots`: Adds system trust roots to `openssl`-based gRPC clients using the
//! `openssl-probe` crate. Not enabled by default. `openssl` must be enabled to use
//! `openssl-roots`.
//! - `rustls`: Enables the `ruslts` based tls options for the `transport` feature`. Not
//! enabled by default.
//! - `rustls-roots`: Adds system trust roots to `rustls`-based gRPC clients using the
//! `rustls-native-certs` crate. Not enabled by default. `rustls` must be enabled to use
//! `rustls-roots`.
//! - `tls-roots`: Adds system trust roots to `rustls`-based gRPC clients using the
//! `rustls-native-certs` crate. Not enabled by default. `tls` must be enabled to use
//! `tls-roots`.
//! - `prost`: Enables the [`prost`] based gRPC [`Codec`] implementation.
//!
//! # Structure
Expand All @@ -48,8 +43,8 @@
//! and [`Server`]. These implementations are built on top of [`tokio`], [`hyper`] and [`tower`].
//! It also provides many of the features that the core gRPC libraries provide such as load balancing,
//! tls, timeouts, and many more. This implementation can also be used as a reference implementation
//! to build even more feature rich clients and servers. This module also provides the ability to choose
//! between [`rustls`] and [`openssl`] for the tls backend.
//! to build even more feature rich clients and servers. This module also provides the ability to
//! enable TLS using [`rustls`], via the `tls` feature flag.
//!
//! [gRPC]: https://grpc.io
//! [`tonic`]: https://github.com/hyperium/tonic
Expand All @@ -63,7 +58,6 @@
//! [`Channel`]: transport/struct.Channel.html
//! [`Server`]: transport/struct.Server.html
//! [`rustls`]: https://docs.rs/rustls
//! [`openssl`]: https://www.openssl.org
//! [`client`]: client/index.html
//! [`transport`]: transport/index.html
Expand Down
Loading

0 comments on commit 8506050

Please sign in to comment.