Remove support for OpenSSL

hyperium · Nov 15, 2019 · ab399db · ab399db
1 parent c63c107
commit ab399db
Show file tree

Hide file tree

Showing 13 changed files with 81 additions and 453 deletions.
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -74,12 +74,12 @@ jobs:
     - name: Run tests
       run: cargo test --all --all-features
 
-  interop-unix:
-    name: Interop Tests (Rustls & OpenSSL)
+  interop:
+    name: Interop Tests
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-latest, macOS-latest]
+        os: [ubuntu-latest, macOS-latest, windows-latest]
         rust: [stable]
 
     env:
@@ -98,30 +98,3 @@ jobs:
     - name: Run interop tests with Rustls
       run: ./tonic-interop/test.sh --use_tls tls_rustls
       shell: bash
-    - name: Run interop tests with OpenSSL
-      run: ./tonic-interop/test.sh --use_tls tls_openssl
-      shell: bash
-
-  interop-windows:
-    name: Interop Tests (Rustls) (Windows)
-    runs-on: windows-latest
-    strategy:
-      matrix:
-        rust: [stable]
-
-    env:
-      RUSTFLAGS: "-D warnings"
-
-    steps:
-      - uses: hecrj/setup-rust-action@master
-        with:
-          rust-version: ${{ matrix.rust }}
-      - name: Install rustfmt
-        run: rustup component add rustfmt
-      - uses: actions/checkout@master
-      - name: Run interop tests
-        run: ./tonic-interop/test.sh
-        shell: bash
-      - name: Run interop tests with Rustls
-        run: ./tonic-interop/test.sh --use_tls tls_rustls
-        shell: bash
diff --git a/README.md b/README.md
@@ -25,7 +25,7 @@ contains the tools to build clients and servers from [`protobuf`] definitions.
 - Bi-directional streaming
 - High performance async io
 - Interoperability
-- TLS backed via either [`openssl`] or [`rustls`]
+- TLS backed by [`rustls`]
 - Load balancing
 - Custom metadata
 - Authentication
@@ -97,7 +97,6 @@ terms or conditions.
 [`prost`]: https://github.com/danburkert/prost
 [`protobuf`]: https://developers.google.com/protocol-buffers
 [`rustls`]: https://github.com/ctz/rustls
-[`openssl`]: https://www.openssl.org/
 [`tonic-examples`]: https://github.com/hyperium/tonic/tree/master/tonic-examples
 [`tonic-interop`]: https://github.com/hyperium/tonic/tree/master/tonic-interop
 [Examples]: https://github.com/hyperium/tonic/tree/master/tonic-examples

diff --git a/tonic-examples/Cargo.toml b/tonic-examples/Cargo.toml
@@ -67,7 +67,7 @@ name = "gcp-client"
 path = "src/gcp/client.rs"
 
 [dependencies]
-tonic = { path = "../tonic", features = ["rustls"] }
+tonic = { path = "../tonic", features = ["tls"] }
 bytes = "0.4"
 prost = "0.5"
 

diff --git a/tonic-interop/Cargo.toml b/tonic-interop/Cargo.toml
@@ -8,8 +8,7 @@ license = "MIT"
 
 [features]
 default = ["tonic"]
-tls_openssl = ["tonic", "tonic/tls", "tonic/openssl"]
-tls_rustls = ["tonic", "tonic/tls", "tonic/rustls"]
+tls_rustls = ["tonic", "tonic/tls"]
 
 [[bin]]
 name = "client"

diff --git a/tonic-interop/src/bin/client.rs b/tonic-interop/src/bin/client.rs
@@ -1,7 +1,6 @@
 use std::time::Duration;
 use structopt::{clap::arg_enum, StructOpt};
 use tonic::transport::Endpoint;
-#[cfg(any(feature = "tls_rustls", feature = "tls_openssl"))]
 use tonic::transport::{Certificate, ClientTlsConfig};
 use tonic_interop::client;
 
@@ -33,32 +32,13 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         .concurrency_limit(30);
 
     if matches.use_tls {
-        #[cfg(not(any(feature = "tls_rustls", feature = "tls_openssl")))]
-        {
-            panic!("No TLS library feature selected");
-        }
-
-        #[cfg(feature = "tls_rustls")]
-        {
-            let pem = tokio::fs::read("tonic-interop/data/ca.pem").await?;
-            let ca = Certificate::from_pem(pem);
-            endpoint = endpoint.tls_config(
-                ClientTlsConfig::with_rustls()
-                    .ca_certificate(ca)
-                    .domain_name("foo.test.google.fr"),
-            );
-        }
-
-        #[cfg(feature = "tls_openssl")]
-        {
-            let pem = tokio::fs::read("tonic-interop/data/ca.pem").await?;
-            let ca = Certificate::from_pem(pem);
-            endpoint = endpoint.tls_config(
-                ClientTlsConfig::with_openssl()
-                    .ca_certificate(ca)
-                    .domain_name("foo.test.google.fr"),
-            );
-        }
+        let pem = tokio::fs::read("tonic-interop/data/ca.pem").await?;
+        let ca = Certificate::from_pem(pem);
+        endpoint = endpoint.tls_config(
+            ClientTlsConfig::with_rustls()
+                .ca_certificate(ca)
+                .domain_name("foo.test.google.fr"),
+        );
     }
 
     let channel = endpoint.connect().await?;

diff --git a/tonic-interop/src/bin/server.rs b/tonic-interop/src/bin/server.rs
@@ -3,7 +3,6 @@ use structopt::StructOpt;
 use tonic::body::BoxBody;
 use tonic::client::GrpcService;
 use tonic::transport::Server;
-#[cfg(any(feature = "tls_rustls", feature = "tls_openssl"))]
 use tonic::transport::{Identity, ServerTlsConfig};
 use tonic_interop::{server, MergeTrailers};
 
@@ -50,28 +49,11 @@ async fn main() -> std::result::Result<(), Box<dyn std::error::Error>> {
     });
 
     if matches.use_tls {
-        #[cfg(not(any(feature = "tls_rustls", feature = "tls_openssl")))]
-        {
-            panic!("No TLS library feature selected");
-        }
-
-        #[cfg(feature = "tls_rustls")]
-        {
-            let cert = tokio::fs::read("tonic-interop/data/server1.pem").await?;
-            let key = tokio::fs::read("tonic-interop/data/server1.key").await?;
-            let identity = Identity::from_pem(cert, key);
-
-            builder = builder.tls_config(ServerTlsConfig::with_rustls().identity(identity));
-        }
-
-        #[cfg(feature = "tls_openssl")]
-        {
-            let cert = tokio::fs::read("tonic-interop/data/server1.pem").await?;
-            let key = tokio::fs::read("tonic-interop/data/server1.key").await?;
-            let identity = Identity::from_pem(cert, key);
+        let cert = tokio::fs::read("tonic-interop/data/server1.pem").await?;
+        let key = tokio::fs::read("tonic-interop/data/server1.key").await?;
+        let identity = Identity::from_pem(cert, key);
 
-            builder = builder.tls_config(ServerTlsConfig::with_openssl().identity(identity));
-        }
+        builder = builder.tls_config(ServerTlsConfig::with_rustls().identity(identity));
     }
 
     let test_service = server::TestServiceServer::new(server::TestService::default());

diff --git a/tonic/Cargo.toml b/tonic/Cargo.toml
@@ -32,11 +32,8 @@ transport = [
     "tower-balance",
     "tower-load",
 ]
-openssl = ["openssl1", "tokio-openssl", "tls"]
-rustls = ["tokio-rustls", "tls"]
-openssl-roots = ["openssl-probe"]
-rustls-roots = ["rustls-native-certs"]
-tls = []
+tls = ["tokio-rustls"]
+tls-roots = ["rustls-native-certs"]
 
 [[bench]]
 name = "bench_main"
@@ -72,11 +69,6 @@ tower-make = "=0.3.0-alpha.2a"
 tower-balance =  { version = "=0.3.0-alpha.2", optional = true }
 tower-load = { version = "=0.3.0-alpha.2", optional = true }
 
-# openssl
-tokio-openssl = { version = "=0.4.0-alpha.6", optional = true }
-openssl1 = { package = "openssl", version = "0.10", optional = true }
-openssl-probe = { version = "0.1", optional = true }
-
 # rustls
 tokio-rustls = { version = "=0.12.0-alpha.5", optional = true }
 rustls-native-certs = { version = "0.1", optional = true }

diff --git a/tonic/src/lib.rs b/tonic/src/lib.rs
@@ -20,16 +20,11 @@
 //! implementation based on [`hyper`], [`tower`] and [`tokio`]. Enabled by default.
 //! - `codegen`: Enables all the required exports and optional dependencies required
 //! for [`tonic-build`]. Enabled by default.
-//! - `openssl`: Enables the `openssl` based tls options for the `transport` feature`. Not
+//! - `tls`: Enables the `ruslts` based TLS options for the `transport` feature`. Not
 //! enabled by default.
-//! - `openssl-roots`: Adds system trust roots to `openssl`-based gRPC clients using the
-//! `openssl-probe` crate. Not enabled by default. `openssl` must be enabled to use
-//! `openssl-roots`.
-//! - `rustls`: Enables the `ruslts` based tls options for the `transport` feature`. Not
-//! enabled by default.
-//! - `rustls-roots`: Adds system trust roots to `rustls`-based gRPC clients using the
-//! `rustls-native-certs` crate. Not enabled by default. `rustls` must be enabled to use
-//! `rustls-roots`.
+//! - `tls-roots`: Adds system trust roots to `rustls`-based gRPC clients using the
+//! `rustls-native-certs` crate. Not enabled by default. `tls` must be enabled to use
+//! `tls-roots`.
 //! - `prost`: Enables the [`prost`] based gRPC [`Codec`] implementation.
 //!
 //! # Structure
@@ -48,8 +43,8 @@
 //! and [`Server`]. These implementations are built on top of [`tokio`], [`hyper`] and [`tower`].
 //! It also provides many of the features that the core gRPC libraries provide such as load balancing,
 //! tls, timeouts, and many more. This implementation can also be used as a reference implementation
-//! to build even more feature rich clients and servers. This module also provides the ability to choose
-//! between [`rustls`] and [`openssl`] for the tls backend.
+//! to build even more feature rich clients and servers. This module also provides the ability to
+//! enable TLS using [`rustls`], via the `tls` feature flag.
 //!
 //! [gRPC]: https://grpc.io
 //! [`tonic`]: https://github.com/hyperium/tonic
@@ -63,7 +58,6 @@
 //! [`Channel`]: transport/struct.Channel.html
 //! [`Server`]: transport/struct.Server.html
 //! [`rustls`]: https://docs.rs/rustls
-//! [`openssl`]: https://www.openssl.org
 //! [`client`]: client/index.html
 //! [`transport`]: transport/index.html
 

diff --git a/tonic/src/transport/endpoint.rs b/tonic/src/transport/endpoint.rs
@@ -2,7 +2,7 @@ use super::channel::Channel;
 #[cfg(feature = "tls")]
 use super::{
     service::TlsConnector,
-    tls::{Certificate, Identity, TlsProvider},
+    tls::{Certificate, Identity},
 };
 use bytes::Bytes;
 use http::uri::{InvalidUriBytes, Uri};
@@ -223,21 +223,16 @@ impl fmt::Debug for Endpoint {
 #[cfg(feature = "tls")]
 #[derive(Clone)]
 pub struct ClientTlsConfig {
-    provider: TlsProvider,
     domain: Option<String>,
     cert: Option<Certificate>,
     identity: Option<Identity>,
-    #[cfg(feature = "openssl")]
-    openssl_raw: Option<openssl1::ssl::SslConnector>,
-    #[cfg(feature = "rustls")]
     rustls_raw: Option<tokio_rustls::rustls::ClientConfig>,
 }
 
 #[cfg(feature = "tls")]
 impl fmt::Debug for ClientTlsConfig {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         f.debug_struct("ClientTlsConfig")
-            .field("provider", &self.provider)
             .field("domain", &self.domain)
             .field("cert", &self.cert)
             .field("identity", &self.identity)
@@ -247,35 +242,19 @@ impl fmt::Debug for ClientTlsConfig {
 
 #[cfg(feature = "tls")]
 impl ClientTlsConfig {
-    /// Creates a new `ClientTlsConfig` using OpenSSL.
-    #[cfg(feature = "openssl")]
-    pub fn with_openssl() -> Self {
-        Self::new(TlsProvider::OpenSsl)
-    }
-
     /// Creates a new `ClientTlsConfig` using Rustls.
-    #[cfg(feature = "rustls")]
     pub fn with_rustls() -> Self {
-        Self::new(TlsProvider::Rustls)
-    }
-
-    fn new(provider: TlsProvider) -> Self {
         ClientTlsConfig {
-            provider,
             domain: None,
             cert: None,
             identity: None,
-            #[cfg(feature = "openssl")]
-            openssl_raw: None,
-            #[cfg(feature = "rustls")]
             rustls_raw: None,
         }
     }
 
     /// Sets the domain name against which to verify the server's TLS certificate.
     ///
-    /// This has no effect if `rustls_client_config` or `openssl_connector` is used to configure
-    /// Rustls or OpenSSL respectively.
+    /// This has no effect if `rustls_client_config` is used to configure Rustls.
     pub fn domain_name(self, domain_name: impl Into<String>) -> Self {
         ClientTlsConfig {
             domain: Some(domain_name.into()),
@@ -285,8 +264,7 @@ impl ClientTlsConfig {
 
     /// Sets the CA Certificate against which to verify the server's TLS certificate.
     ///
-    /// This has no effect if `rustls_client_config` or `openssl_connector` is used to configure
-    /// Rustls or OpenSSL respectively.
+    /// This has no effect if `rustls_client_config` is used to configure Rustls.
     pub fn ca_certificate(self, ca_certificate: Certificate) -> Self {
         ClientTlsConfig {
             cert: Some(ca_certificate),
@@ -296,30 +274,17 @@ impl ClientTlsConfig {
 
     /// Sets the client identity to present to the server.
     ///
-    /// This has no effect if `rustls_client_config` or `openssl_connector` is used to configure
-    /// Rustls or OpenSSL respectively.
+    /// This has no effect if `rustls_client_config` is used to configure Rustls.
     pub fn identity(self, identity: Identity) -> Self {
         ClientTlsConfig {
             identity: Some(identity),
             ..self
         }
     }
 
-    /// Use options specified by the given `SslConnector` to configure TLS.
-    ///
-    /// This overrides all other TLS options set via other means.
-    #[cfg(feature = "openssl")]
-    pub fn openssl_connector(self, connector: openssl1::ssl::SslConnector) -> Self {
-        ClientTlsConfig {
-            openssl_raw: Some(connector),
-            ..self
-        }
-    }
-
     /// Use options specified by the given `ClientConfig` to configure TLS.
     ///
     /// This overrides all other TLS options set via other means.
-    #[cfg(feature = "rustls")]
     pub fn rustls_client_config(self, config: tokio_rustls::rustls::ClientConfig) -> Self {
         ClientTlsConfig {
             rustls_raw: Some(config),
@@ -332,25 +297,11 @@ impl ClientTlsConfig {
             None => uri.to_string(),
             Some(domain) => domain.clone(),
         };
-        match self.provider {
-            #[cfg(feature = "openssl")]
-            TlsProvider::OpenSsl => match &self.openssl_raw {
-                None => TlsConnector::new_with_openssl_cert(
-                    self.cert.clone(),
-                    self.identity.clone(),
-                    domain,
-                ),
-                Some(r) => TlsConnector::new_with_openssl_raw(r.clone(), domain),
-            },
-            #[cfg(feature = "rustls")]
-            TlsProvider::Rustls => match &self.rustls_raw {
-                None => TlsConnector::new_with_rustls_cert(
-                    self.cert.clone(),
-                    self.identity.clone(),
-                    domain,
-                ),
-                Some(c) => TlsConnector::new_with_rustls_raw(c.clone(), domain),
-            },
+        match &self.rustls_raw {
+            None => {
+                TlsConnector::new_with_rustls_cert(self.cert.clone(), self.identity.clone(), domain)
+            }
+            Some(c) => TlsConnector::new_with_rustls_raw(c.clone(), domain),
         }
     }
 }