feat(tls): Remove tls roots implicit configuration

hyperium · Jun 21, 2024 · 9bdf3a9 · 9bdf3a9
1 parent 23c9e33
commit 9bdf3a9
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 71 deletions.
diff --git a/tonic/Cargo.toml b/tonic/Cargo.toml
@@ -29,9 +29,8 @@ zstd = ["dep:zstd"]
 default = ["transport", "codegen", "prost"]
 prost = ["dep:prost"]
 tls = ["dep:rustls-pemfile", "dep:tokio-rustls", "dep:tokio", "tokio?/rt", "tokio?/macros"]
-tls-roots = ["tls-roots-common", "dep:rustls-native-certs"]
-tls-roots-common = ["tls", "channel"]
-tls-webpki-roots = ["tls-roots-common", "dep:webpki-roots"]
+tls-roots = ["tls", "channel", "dep:rustls-native-certs"]
+tls-webpki-roots = ["tls", "channel", "dep:webpki-roots"]
 router = ["dep:axum"]
 server = [
   "router",

diff --git a/tonic/src/transport/channel/endpoint.rs b/tonic/src/transport/channel/endpoint.rs
@@ -25,11 +25,6 @@ pub struct Endpoint {
     pub(crate) rate_limit: Option<(u64, Duration)>,
     #[cfg(feature = "tls")]
     pub(crate) tls: Option<TlsConnector>,
-    // Only applies if the tls config is not explicitly set. This allows users
-    // to connect to a server that doesn't support ALPN while using the
-    // tls-roots-common feature for setting up TLS.
-    #[cfg(feature = "tls-roots-common")]
-    pub(crate) tls_assume_http2: bool,
     pub(crate) buffer_size: Option<usize>,
     pub(crate) init_stream_window_size: Option<u32>,
     pub(crate) init_connection_window_size: Option<u32>,
@@ -256,18 +251,6 @@ impl Endpoint {
         })
     }
 
-    /// Configures TLS to assume that the server offers HTTP/2 even if it
-    /// doesn't perform ALPN negotiation. This only applies if a tls_config has
-    /// not been set.
-    #[cfg(feature = "tls-roots-common")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "tls-roots-common")))]
-    pub fn tls_assume_http2(self, assume_http2: bool) -> Self {
-        Endpoint {
-            tls_assume_http2: assume_http2,
-            ..self
-        }
-    }
-
     /// Set the value of `TCP_NODELAY` option for accepted connections. Enabled by default.
     pub fn tcp_nodelay(self, enabled: bool) -> Self {
         Endpoint {
@@ -320,16 +303,11 @@ impl Endpoint {
     }
 
     pub(crate) fn connector<C>(&self, c: C) -> service::Connector<C> {
-        #[cfg(all(feature = "tls", not(feature = "tls-roots-common")))]
-        let connector = service::Connector::new(c, self.tls.clone());
-
-        #[cfg(all(feature = "tls", feature = "tls-roots-common"))]
-        let connector = service::Connector::new(c, self.tls.clone(), self.tls_assume_http2);
-
-        #[cfg(not(feature = "tls"))]
-        let connector = service::Connector::new(c);
-
-        connector
+        service::Connector::new(
+            c,
+            #[cfg(feature = "tls")]
+            self.tls.clone(),
+        )
     }
 
     /// Create a channel from this config.
@@ -435,8 +413,6 @@ impl From<Uri> for Endpoint {
             timeout: None,
             #[cfg(feature = "tls")]
             tls: None,
-            #[cfg(feature = "tls-roots-common")]
-            tls_assume_http2: false,
             buffer_size: None,
             init_stream_window_size: None,
             init_connection_window_size: None,

diff --git a/tonic/src/transport/channel/service/connector.rs b/tonic/src/transport/channel/service/connector.rs
@@ -33,50 +33,16 @@ pub(crate) struct Connector<C> {
     inner: C,
     #[cfg(feature = "tls")]
     tls: Option<TlsConnector>,
-    // When connecting to a URI with the https scheme, assume that the server
-    // is capable of speaking HTTP/2 even if it doesn't offer ALPN.
-    #[cfg(feature = "tls-roots-common")]
-    assume_http2: bool,
 }
 
 impl<C> Connector<C> {
-    pub(crate) fn new(
-        inner: C,
-        #[cfg(feature = "tls")] tls: Option<TlsConnector>,
-        #[cfg(feature = "tls-roots-common")] assume_http2: bool,
-    ) -> Self {
+    pub(crate) fn new(inner: C, #[cfg(feature = "tls")] tls: Option<TlsConnector>) -> Self {
         Self {
             inner,
             #[cfg(feature = "tls")]
             tls,
-            #[cfg(feature = "tls-roots-common")]
-            assume_http2,
         }
     }
-
-    #[cfg(feature = "tls-roots-common")]
-    fn tls_or_default(&self, scheme: Option<&str>, host: Option<&str>) -> Option<TlsConnector> {
-        if self.tls.is_some() {
-            return self.tls.clone();
-        }
-
-        let host = match (scheme, host) {
-            (Some("https"), Some(host)) => host,
-            _ => return None,
-        };
-
-        TlsConnector::new(
-            Vec::new(),
-            None,
-            host,
-            self.assume_http2,
-            #[cfg(feature = "tls-roots")]
-            true,
-            #[cfg(feature = "tls-webpki-roots")]
-            true,
-        )
-        .ok()
-    }
 }
 
 impl<C> Service<Uri> for Connector<C>
@@ -97,12 +63,9 @@ where
     }
 
     fn call(&mut self, uri: Uri) -> Self::Future {
-        #[cfg(all(feature = "tls", not(feature = "tls-roots-common")))]
+        #[cfg(feature = "tls")]
         let tls = self.tls.clone();
 
-        #[cfg(feature = "tls-roots-common")]
-        let tls = self.tls_or_default(uri.scheme_str(), uri.host());
-
         #[cfg(feature = "tls")]
         let is_https = uri.scheme_str() == Some("https");
         let connect = self.inner.call(uri);