Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rumqttd: adding optional native-tls support. #258

Merged
merged 1 commit into from
May 15, 2021
Merged

rumqttd: adding optional native-tls support. #258

merged 1 commit into from
May 15, 2021

Conversation

jaredwolff
Copy link
Contributor

By using the use-native-tls feature, this crate can now use tokio-native-tls vs tokio-rustls. Discussed this in #257. Turns out it was trivial to add since tokio uses the same API for both packages. The only thing that seems like a bummer right now is that it requires use of a pkcs12 cert rather than 3 separate ones.

@jaredwolff
Copy link
Contributor Author

@tekjar looks like CI needs openssl or a way to build it.

@tekjar
Copy link
Contributor

tekjar commented Mar 7, 2021

Thanks @jaredwolff . I'll try to find some time. I'm a bit occupied with other work for the whole month

@jaredwolff
Copy link
Contributor Author

@tekjar no worries. I'm kicking the tires here to make sure it's working ok.

@jaredwolff jaredwolff force-pushed the add-native-tls-option branch 2 times, most recently from 56d5930 to 7dd2f24 Compare March 20, 2021 20:49
@jaredwolff
Copy link
Contributor Author

Looks like this is running cargo test with --all-features will bork the build. Created separate builds for (default) rustls and native-tls. Wasn't sure if there was a better way to do it.

@jaredwolff jaredwolff force-pushed the add-native-tls-option branch 2 times, most recently from 8361306 to f3c8924 Compare March 23, 2021 17:15
@tekjar
Copy link
Contributor

tekjar commented Mar 25, 2021

This is a very useful addition. Thanks @jaredwolff

Cargo features are only additive. In this case, I think we are trying to create mutually exclusive features. This is a problem. If this library is included in the dependency tree multiple times, using native-tls feature is going to globally enable native-tls (overwriting other dependency's wish to use rustls)

What we need is a single feature flag native-tls and the ability to dynamically choose nativetls or rustls at runtime

@jaredwolff
Copy link
Contributor Author

(overwriting other dependency's wish to use rustls)

Is this really the case? I thought if rustls is 'disabled' in this crate, for example, you can still use it outside. I could be wrong here.

reqwest comes to mind as a pertinent example. The package gives you the choice to either use the default (native-tls) or rustls. Sean did something similar in his CI setup by building the mutually exclusive features separately.

What we need is a single feature flag native-tls and the ability to dynamically choose nativetls or rustls at runtime

It seems like a runtime option could increase the amount of unused cruft that you need to compile when building the rumqttd package. If you layer rumqttd on top of other projects it gets hefty fast. Right now one of my sub projects is 350+ dependencies. This is more of a developer quality of life thing more than anything but it does matter for folks!

@tekjar
Copy link
Contributor

tekjar commented Mar 25, 2021

I'll check reqwest in depth tomorrow but reqwest features are still additive

cargo build --all-features
cargo test --all-features

builds and works fine

Is this really the case? I thought if rustls is 'disabled' in this crate, for example, you can still use it outside. I could be wrong here.

Yeah. This is a well know problem. Here is a good explanation. In short, multiple dependencies using rumqtt library and enabling different features shouldn't cause compilation errors or silently switch tls implementation underneath

@jaredwolff
Copy link
Contributor Author

jaredwolff commented Mar 25, 2021
edited
Loading

I'll check reqwest in depth tomorrow but reqwest features are still additive

Hmm ok! I'll look into more how he did it as well so I can modify the PR as necessary.

Here is a good explanation. In short, multiple dependencies using rumqtt library and enabling different features shouldn't cause compilation errors or silently switch tls implementation underneath

Agh! Ok now I get it. It doesn't necessarily matter about other deps using a rustls or native-tls it's whether or not someone is using rumqttd with both features. I guess there hypothetically be a need to use rustls and native-tls at the same time. Looking at the resulting documentation this is clicking now! Thanks @tekjar

@jaredwolff
rumqttd: adding optional native-tls support.
47af57d 
By using the `use-native-tls` feature, this crate can now use tokio-native-tls vs tokio-rustls.

Changed:

* Made certain rustls includes to be conditional in rumqttd
* How errors are handled in main loop. Otherwise process loop exits silently.
* Configuration .conf files to account for cert usage
* Support for all 3 cases, Rustls, Native-TLS or none!
* Changed CI to support different use cases of this library.

Added:

* Notes to Readme about adding native-tls
* Added separate tls() function in rumqttd for native-tls
* Added use of tokio-native-tls
@jaredwolff
Copy link
Contributor Author

@tekjar updated the code so it works in all 4 cases:

  • No features
  • Rustls
  • Native TLS
  • Both enabled

I'm going to kick the tires a bit and will push any other changes I find to make this work.

@tekjar
Copy link
Contributor

tekjar commented May 15, 2021

@jaredwolff This is nice. Do you think we'll need both the feature flags? I think it's fine to leave rustls as is and have just one feature flag to enable native-tls.

What you've done makes sense when you want disable rustls and enable native-tls. In our usecase, we usually want a rustls server on a port always but also run native-tls on a different port for microcontrollers that can't work with rustls

@jaredwolff
Copy link
Contributor Author

Do you think we'll need both the feature flags?

In my use case it's handy. I don't use Rustls anywhere else since I use a separate ACME reverse proxy for web stuff.

@tekjar tekjar merged commit f3124c2 into bytebeamio:master May 15, 2021
@tekjar
Copy link
Contributor

tekjar commented May 15, 2021

Cool. We'll merge as is then. This work is very useful for us as well. Thanks for your contribution

@jaredwolff
Copy link
Contributor Author

Awesome @tekjar! I have to make some small tweaks but those will come in another PR. 😎

@jaredwolff jaredwolff deleted the add-native-tls-option branch May 15, 2021 20:13
@mladedav mladedav mentioned this pull request Mar 18, 2022
Closed
carlocorradini pushed a commit to carlocorradini/rumqtt that referenced this pull request Aug 3, 2023
@jaredwolff
rumqttd: adding optional native-tls support. (bytebeamio#258)
66866fe 
By using the `use-native-tls` feature, this crate can now use tokio-native-tls vs tokio-rustls.

Changed:

* Made certain rustls includes to be conditional in rumqttd
* How errors are handled in main loop. Otherwise process loop exits silently.
* Configuration .conf files to account for cert usage
* Support for all 3 cases, Rustls, Native-TLS or none!
* Changed CI to support different use cases of this library.

Added:

* Notes to Readme about adding native-tls
* Added separate tls() function in rumqttd for native-tls
* Added use of tokio-native-tls
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jaredwolff @tekjar