Skip to content

Commit 3dcdbcc

Browse files
conradludgateconradludgate
authored
remove aws-lc-rs dep and fix storage_broker tls (#9613)
It seems the ecosystem is not so keen on moving to aws-lc-rs as it's build setup is more complicated than ring (requiring cmake). Eventually I expect the ecosystem should pivot to https://github.com/ctz/graviola/tree/main/rustls-graviola as it stabilises (it has a very simply build step and license), but for now let's try not have a headache of juggling two crypto libs. I also noticed that tonic will just fail with tls without a default provider, so I added some defensive code for that.
1 parent d5de63c commit 3dcdbcc

File tree

11 files changed

+72
-179
lines changed

11 files changed

+72
-179
lines changed

Cargo.lock

Lines changed: 22 additions & 128 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -143,7 +143,7 @@ reqwest-retry = "0.5"
143143
routerify = "3"
144144
rpds = "0.13"
145145
rustc-hash = "1.1.0"
146-
rustls = "0.23"
146+
rustls = { version = "0.23.16", default-features = false }
147147
rustls-pemfile = "2"
148148
scopeguard = "1.1"
149149
sysinfo = "0.29.2"
@@ -174,7 +174,7 @@ tokio = { version = "1.17", features = ["macros"] }
174174
tokio-epoll-uring = { git = "https://github.com/neondatabase/tokio-epoll-uring.git" , branch = "main" }
175175
tokio-io-timeout = "1.2.0"
176176
tokio-postgres-rustls = "0.12.0"
177-
tokio-rustls = "0.26"
177+
tokio-rustls = { version = "0.26.0", default-features = false, features = ["tls12", "ring"]}
178178
tokio-stream = "0.1"
179179
tokio-tar = "0.3"
180180
tokio-util = { version = "0.7.10", features = ["io", "rt"] }

libs/postgres_backend/tests/simple_select.rs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
use once_cell::sync::Lazy;
33
use postgres_backend::{AuthType, Handler, PostgresBackend, QueryError};
44
use pq_proto::{BeMessage, RowDescriptor};
5-
use rustls::crypto::aws_lc_rs;
5+
use rustls::crypto::ring;
66
use std::io::Cursor;
77
use std::sync::Arc;
88
use tokio::io::{AsyncRead, AsyncWrite};
@@ -94,7 +94,7 @@ async fn simple_select_ssl() {
9494
let (client_sock, server_sock) = make_tcp_pair().await;
9595

9696
let server_cfg =
97-
rustls::ServerConfig::builder_with_provider(Arc::new(aws_lc_rs::default_provider()))
97+
rustls::ServerConfig::builder_with_provider(Arc::new(ring::default_provider()))
9898
.with_safe_default_protocol_versions()
9999
.expect("aws_lc_rs should support the default protocol versions")
100100
.with_no_client_auth()
@@ -110,7 +110,7 @@ async fn simple_select_ssl() {
110110
});
111111

112112
let client_cfg =
113-
rustls::ClientConfig::builder_with_provider(Arc::new(aws_lc_rs::default_provider()))
113+
rustls::ClientConfig::builder_with_provider(Arc::new(ring::default_provider()))
114114
.with_safe_default_protocol_versions()
115115
.expect("aws_lc_rs should support the default protocol versions")
116116
.with_root_certificates({

0 commit comments

Comments
 (0)