Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(transport): Remove support for OpenSSL #141

Merged
merged 1 commit into from
Nov 15, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 3 additions & 30 deletions .github/workflows/CI.yml
Original file line number Diff line number Diff line change
Expand Up @@ -74,12 +74,12 @@ jobs:
- name: Run tests
run: cargo test --all --all-features

interop-unix:
name: Interop Tests (Rustls & OpenSSL)
interop:
name: Interop Tests
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macOS-latest]
os: [ubuntu-latest, macOS-latest, windows-latest]
rust: [stable]

env:
Expand All @@ -98,30 +98,3 @@ jobs:
- name: Run interop tests with Rustls
run: ./tonic-interop/test.sh --use_tls tls_rustls
shell: bash
- name: Run interop tests with OpenSSL
run: ./tonic-interop/test.sh --use_tls tls_openssl
shell: bash

interop-windows:
name: Interop Tests (Rustls) (Windows)
runs-on: windows-latest
strategy:
matrix:
rust: [stable]

env:
RUSTFLAGS: "-D warnings"

steps:
- uses: hecrj/setup-rust-action@master
with:
rust-version: ${{ matrix.rust }}
- name: Install rustfmt
run: rustup component add rustfmt
- uses: actions/checkout@master
- name: Run interop tests
run: ./tonic-interop/test.sh
shell: bash
- name: Run interop tests with Rustls
run: ./tonic-interop/test.sh --use_tls tls_rustls
shell: bash
3 changes: 1 addition & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ contains the tools to build clients and servers from [`protobuf`] definitions.
- Bi-directional streaming
- High performance async io
- Interoperability
- TLS backed via either [`openssl`] or [`rustls`]
- TLS backed by [`rustls`]
- Load balancing
- Custom metadata
- Authentication
Expand Down Expand Up @@ -97,7 +97,6 @@ terms or conditions.
[`prost`]: https://github.com/danburkert/prost
[`protobuf`]: https://developers.google.com/protocol-buffers
[`rustls`]: https://github.com/ctz/rustls
[`openssl`]: https://www.openssl.org/
[`tonic-examples`]: https://github.com/hyperium/tonic/tree/master/tonic-examples
[`tonic-interop`]: https://github.com/hyperium/tonic/tree/master/tonic-interop
[Examples]: https://github.com/hyperium/tonic/tree/master/tonic-examples
Expand Down
2 changes: 1 addition & 1 deletion tonic-examples/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ name = "gcp-client"
path = "src/gcp/client.rs"

[dependencies]
tonic = { path = "../tonic", features = ["rustls"] }
tonic = { path = "../tonic", features = ["tls"] }
bytes = "0.4"
prost = "0.5"

Expand Down
7 changes: 1 addition & 6 deletions tonic-interop/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,6 @@ edition = "2018"
publish = false
license = "MIT"

[features]
default = ["tonic"]
tls_openssl = ["tonic", "tonic/tls", "tonic/openssl"]
tls_rustls = ["tonic", "tonic/tls", "tonic/rustls"]

[[bin]]
name = "client"
path = "src/bin/client.rs"
Expand All @@ -21,7 +16,7 @@ path = "src/bin/server.rs"

[dependencies]
tokio = "=0.2.0-alpha.6"
tonic = { path = "../tonic", optional = true }
tonic = { path = "../tonic", features = ["tls"] }
prost = "0.5"
prost-derive = "0.5"
bytes = "0.4"
Expand Down
34 changes: 7 additions & 27 deletions tonic-interop/src/bin/client.rs
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
use std::time::Duration;
use structopt::{clap::arg_enum, StructOpt};
use tonic::transport::Endpoint;
#[cfg(any(feature = "tls_rustls", feature = "tls_openssl"))]
use tonic::transport::{Certificate, ClientTlsConfig};
use tonic_interop::client;

Expand Down Expand Up @@ -33,32 +32,13 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
.concurrency_limit(30);

if matches.use_tls {
#[cfg(not(any(feature = "tls_rustls", feature = "tls_openssl")))]
{
panic!("No TLS library feature selected");
}

#[cfg(feature = "tls_rustls")]
{
let pem = tokio::fs::read("tonic-interop/data/ca.pem").await?;
let ca = Certificate::from_pem(pem);
endpoint = endpoint.tls_config(
ClientTlsConfig::with_rustls()
.ca_certificate(ca)
.domain_name("foo.test.google.fr"),
);
}

#[cfg(feature = "tls_openssl")]
{
let pem = tokio::fs::read("tonic-interop/data/ca.pem").await?;
let ca = Certificate::from_pem(pem);
endpoint = endpoint.tls_config(
ClientTlsConfig::with_openssl()
.ca_certificate(ca)
.domain_name("foo.test.google.fr"),
);
}
let pem = tokio::fs::read("tonic-interop/data/ca.pem").await?;
let ca = Certificate::from_pem(pem);
endpoint = endpoint.tls_config(
ClientTlsConfig::with_rustls()
.ca_certificate(ca)
.domain_name("foo.test.google.fr"),
);
}

let channel = endpoint.connect().await?;
Expand Down
26 changes: 4 additions & 22 deletions tonic-interop/src/bin/server.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ use structopt::StructOpt;
use tonic::body::BoxBody;
use tonic::client::GrpcService;
use tonic::transport::Server;
#[cfg(any(feature = "tls_rustls", feature = "tls_openssl"))]
use tonic::transport::{Identity, ServerTlsConfig};
use tonic_interop::{server, MergeTrailers};

Expand Down Expand Up @@ -50,28 +49,11 @@ async fn main() -> std::result::Result<(), Box<dyn std::error::Error>> {
});

if matches.use_tls {
#[cfg(not(any(feature = "tls_rustls", feature = "tls_openssl")))]
{
panic!("No TLS library feature selected");
}

#[cfg(feature = "tls_rustls")]
{
let cert = tokio::fs::read("tonic-interop/data/server1.pem").await?;
let key = tokio::fs::read("tonic-interop/data/server1.key").await?;
let identity = Identity::from_pem(cert, key);

builder = builder.tls_config(ServerTlsConfig::with_rustls().identity(identity));
}

#[cfg(feature = "tls_openssl")]
{
let cert = tokio::fs::read("tonic-interop/data/server1.pem").await?;
let key = tokio::fs::read("tonic-interop/data/server1.key").await?;
let identity = Identity::from_pem(cert, key);
let cert = tokio::fs::read("tonic-interop/data/server1.pem").await?;
let key = tokio::fs::read("tonic-interop/data/server1.key").await?;
let identity = Identity::from_pem(cert, key);

builder = builder.tls_config(ServerTlsConfig::with_openssl().identity(identity));
}
builder = builder.tls_config(ServerTlsConfig::with_rustls().identity(identity));
}

let test_service = server::TestServiceServer::new(server::TestService::default());
Expand Down
9 changes: 1 addition & 8 deletions tonic-interop/test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,8 @@ case "$OSTYPE" in
esac

ARG="${1:-""}"
TLS_PROVIDER="${2:-""}"

if [[ -n "${TLS_PROVIDER}" ]] ; then
FEATURES="--features ${TLS_PROVIDER}"
else
FEATURES=
fi

(cd tonic-interop && cargo build --bins ${FEATURES})
(cd tonic-interop && cargo build --bins)

SERVER="tonic-interop/bin/server_${OS}_amd64${EXT}"

Expand Down
12 changes: 2 additions & 10 deletions tonic/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,8 @@ transport = [
"tower-balance",
"tower-load",
]
openssl = ["openssl1", "tokio-openssl", "tls"]
rustls = ["tokio-rustls", "tls"]
openssl-roots = ["openssl-probe"]
rustls-roots = ["rustls-native-certs"]
tls = []
tls = ["tokio-rustls"]
tls-roots = ["rustls-native-certs"]

[[bench]]
name = "bench_main"
Expand Down Expand Up @@ -72,11 +69,6 @@ tower-make = "=0.3.0-alpha.2a"
tower-balance = { version = "=0.3.0-alpha.2", optional = true }
tower-load = { version = "=0.3.0-alpha.2", optional = true }

# openssl
tokio-openssl = { version = "=0.4.0-alpha.6", optional = true }
openssl1 = { package = "openssl", version = "0.10", optional = true }
openssl-probe = { version = "0.1", optional = true }

# rustls
tokio-rustls = { version = "=0.12.0-alpha.5", optional = true }
rustls-native-certs = { version = "0.1", optional = true }
Expand Down
18 changes: 6 additions & 12 deletions tonic/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,16 +20,11 @@
//! implementation based on [`hyper`], [`tower`] and [`tokio`]. Enabled by default.
//! - `codegen`: Enables all the required exports and optional dependencies required
//! for [`tonic-build`]. Enabled by default.
//! - `openssl`: Enables the `openssl` based tls options for the `transport` feature`. Not
//! - `tls`: Enables the `ruslts` based TLS options for the `transport` feature`. Not
//! enabled by default.
//! - `openssl-roots`: Adds system trust roots to `openssl`-based gRPC clients using the
//! `openssl-probe` crate. Not enabled by default. `openssl` must be enabled to use
//! `openssl-roots`.
//! - `rustls`: Enables the `ruslts` based tls options for the `transport` feature`. Not
//! enabled by default.
//! - `rustls-roots`: Adds system trust roots to `rustls`-based gRPC clients using the
//! `rustls-native-certs` crate. Not enabled by default. `rustls` must be enabled to use
//! `rustls-roots`.
//! - `tls-roots`: Adds system trust roots to `rustls`-based gRPC clients using the
//! `rustls-native-certs` crate. Not enabled by default. `tls` must be enabled to use
//! `tls-roots`.
//! - `prost`: Enables the [`prost`] based gRPC [`Codec`] implementation.
//!
//! # Structure
Expand All @@ -48,8 +43,8 @@
//! and [`Server`]. These implementations are built on top of [`tokio`], [`hyper`] and [`tower`].
//! It also provides many of the features that the core gRPC libraries provide such as load balancing,
//! tls, timeouts, and many more. This implementation can also be used as a reference implementation
//! to build even more feature rich clients and servers. This module also provides the ability to choose
//! between [`rustls`] and [`openssl`] for the tls backend.
//! to build even more feature rich clients and servers. This module also provides the ability to
//! enable TLS using [`rustls`], via the `tls` feature flag.
//!
//! [gRPC]: https://grpc.io
//! [`tonic`]: https://github.com/hyperium/tonic
Expand All @@ -63,7 +58,6 @@
//! [`Channel`]: transport/struct.Channel.html
//! [`Server`]: transport/struct.Server.html
//! [`rustls`]: https://docs.rs/rustls
//! [`openssl`]: https://www.openssl.org
//! [`client`]: client/index.html
//! [`transport`]: transport/index.html

Expand Down
Loading