smithy-lang · drganjoo · May 26, 2023 · May 4, 2023 · May 5, 2023 · May 5, 2023
@@ -221,17 +221,17 @@ jobs:
           test_aws_exclude: ''
           test_smithy_rs_exclude: --exclude aws-smithy-http-server-python --exclude aws-smithy-http-server-typescript
         - target: powerpc-unknown-linux-gnu
-          build_smithy_rs_features: --features native-tls
+          build_smithy_rs_features: ''
           build_aws_exclude: --exclude aws-inlineable
           build_smithy_rs_exclude: --exclude aws-smithy-http-server-python --exclude aws-smithy-http-server-typescript
-          test_smithy_rs_features: --features native-tls
+          test_smithy_rs_features: ''
           test_aws_exclude: --exclude aws-inlineable
           test_smithy_rs_exclude: --exclude aws-smithy-http-server-python --exclude aws-smithy-http-server-typescript
         - target: powerpc64-unknown-linux-gnu
-          build_smithy_rs_features: --features native-tls
+          build_smithy_rs_features: ''
           build_aws_exclude: --exclude aws-inlineable
           build_smithy_rs_exclude: --exclude aws-smithy-http-server-python --exclude aws-smithy-http-server-typescript
-          test_smithy_rs_features: --features native-tls
+          test_smithy_rs_features: ''
           test_aws_exclude: --exclude aws-inlineable
           test_smithy_rs_exclude: --exclude aws-smithy-http-server-python --exclude aws-smithy-http-server-typescript
     env:

@@ -17,7 +17,6 @@ author = "rcoh"
 references = ["smithy-rs#2612"]
 meta = { "breaking" = false, "tada" = false, "bug" = false }
 
-
 [[smithy-rs]]
 message = "Implement `Ord` and `PartialOrd` for `DateTime`."
 author = "henriiik"
@@ -36,6 +35,18 @@ references = ["smithy-rs#2696"]
 meta = { "breaking" = false, "tada" = false, "bug" = true, "target" = "client"}
 author = "jdisanti"
 
+[[aws-sdk-rust]]
+message = "Remove native-tls and add a migration guide."
+author = "82marbag"
+references = ["smithy-rs#2675"]
+meta = { "breaking" = true, "tada" = false, "bug" = false }
+
+[[smithy-rs]]
+message = "Remove native-tls and add a migration guide."
+author = "82marbag"
+references = ["smithy-rs#2675"]
+meta = { "breaking" = true, "tada" = false, "bug" = false }
+
 [[aws-sdk-rust]]
 message = "Fix error message when `credentials-sso` feature is not enabled on `aws-config`. NOTE: if you use `no-default-features`, you will need to manually able `credentials-sso` after 0.55.*"
 references = ["smithy-rs#2722", "aws-sdk-rust#703"]

@@ -11,7 +11,8 @@ repository = "https://github.com/awslabs/smithy-rs"
 [features]
 client-hyper = ["aws-smithy-client/client-hyper"]
 rustls = ["aws-smithy-client/rustls"]
-native-tls = ["aws-smithy-client/native-tls"]
+native-tls = []
+allow-compilation = [] # our tests use `cargo test --all-features` and native-tls breaks CI
 rt-tokio = ["aws-smithy-async/rt-tokio", "tokio/rt"]
 credentials-sso = ["dep:aws-sdk-sso", "dep:ring", "dep:hex", "dep:zeroize"]
 

@@ -13,10 +13,13 @@ use std::sync::Arc;
 // unused when all crate features are disabled
 /// Unwrap an [`Option<DynConnector>`](aws_smithy_client::erase::DynConnector), and panic with a helpful error message if it's `None`
 pub(crate) fn expect_connector(connector: Option<DynConnector>) -> DynConnector {
-    connector.expect("No HTTP connector was available. Enable the `rustls` or `native-tls` crate feature or set a connector to fix this.")
+    connector.expect("No HTTP connector was available. Enable the `rustls` crate feature or set a connector to fix this.")
 }
 
-#[cfg(any(feature = "rustls", feature = "native-tls"))]
+#[cfg(all(feature = "native-tls", not(feature = "allow-compilation")))]
+compile_error!("Feature native-tls has been removed. For upgrade instructions, see: https://awslabs.github.io/smithy-rs/design/transport/connector.html");
+
+#[cfg(feature = "rustls")]
 fn base(
     settings: &ConnectorSettings,
     sleep: Option<Arc<dyn AsyncSleep>>,
@@ -41,17 +44,7 @@ pub fn default_connector(
 }
 
 /// Given `ConnectorSettings` and an `AsyncSleep`, create a `DynConnector` from defaults depending on what cargo features are activated.
-#[cfg(all(not(feature = "rustls"), feature = "native-tls"))]
-pub fn default_connector(
-    settings: &ConnectorSettings,
-    sleep: Option<Arc<dyn AsyncSleep>>,
-) -> Option<DynConnector> {
-    let hyper = base(settings, sleep).build(aws_smithy_client::conns::native_tls());
-    Some(DynConnector::new(hyper))
-}
-
-/// Given `ConnectorSettings` and an `AsyncSleep`, create a `DynConnector` from defaults depending on what cargo features are activated.
-#[cfg(not(any(feature = "rustls", feature = "native-tls")))]
+#[cfg(not(feature = "rustls"))]
 pub fn default_connector(
     _settings: &ConnectorSettings,
     _sleep: Option<Arc<dyn AsyncSleep>>,

@@ -14,7 +14,7 @@ use crate::meta::credentials::CredentialsProviderChain;
 use crate::meta::region::ProvideRegion;
 use crate::provider_config::ProviderConfig;
 
-#[cfg(any(feature = "rustls", feature = "native-tls"))]
+#[cfg(feature = "rustls")]
 /// Default Credentials Provider chain
 ///
 /// The region from the default region provider will be used
@@ -170,8 +170,8 @@ impl Builder {
     /// Creates a `DefaultCredentialsChain`
     ///
     /// ## Panics
-    /// This function will panic if no connector has been set and neither `rustls` and `native-tls`
-    /// features have both been disabled.
+    /// This function will panic if no connector has been set or the `rustls`
+    /// feature has been disabled.
     pub async fn build(self) -> DefaultCredentialsChain {
         let region = match self.region_override {
             Some(provider) => provider.region().await,

@@ -933,7 +933,7 @@ pub(crate) mod test {
 
     /// Verify that the end-to-end real client has a 1-second connect timeout
     #[tokio::test]
-    #[cfg(any(feature = "rustls", feature = "native-tls"))]
+    #[cfg(feature = "rustls")]
     async fn one_second_connect_timeout() {
         use crate::imds::client::ImdsError;
         use aws_smithy_types::error::display::DisplayErrorContext;

@@ -444,7 +444,7 @@ mod test {
     }
 
     #[tokio::test]
-    #[cfg(any(feature = "rustls", feature = "native-tls"))]
+    #[cfg(feature = "rustls")]
     async fn read_timeout_during_credentials_refresh_should_yield_last_retrieved_credentials() {
         let client = crate::imds::Client::builder()
             // 240.* can never be resolved
@@ -463,7 +463,7 @@ mod test {
     }
 
     #[tokio::test]
-    #[cfg(any(feature = "rustls", feature = "native-tls"))]
+    #[cfg(feature = "rustls")]
     async fn read_timeout_during_credentials_refresh_should_error_without_last_retrieved_credentials(
     ) {
         let client = crate::imds::Client::builder()
@@ -484,7 +484,7 @@ mod test {
     }
 
     #[tokio::test]
-    #[cfg(any(feature = "rustls", feature = "native-tls"))]
+    #[cfg(feature = "rustls")]
     async fn external_timeout_during_credentials_refresh_should_yield_last_retrieved_credentials() {
         use aws_smithy_async::rt::sleep::AsyncSleep;
         let client = crate::imds::Client::builder()

@@ -60,7 +60,7 @@ impl CredentialsProviderChain {
     }
 
     /// Add a fallback to the default provider chain
-    #[cfg(any(feature = "rustls", feature = "native-tls"))]
+    #[cfg(feature = "rustls")]
     pub async fn or_default_provider(self) -> Self {
         self.or_else(
             "DefaultProviderChain",
@@ -69,7 +69,7 @@ impl CredentialsProviderChain {
     }
 
     /// Creates a credential provider chain that starts with the default provider
-    #[cfg(any(feature = "rustls", feature = "native-tls"))]
+    #[cfg(feature = "rustls")]
     pub async fn default_provider() -> Self {
         Self::first_try(
             "DefaultProviderChain",

@@ -97,7 +97,7 @@ impl ProvideCredentials for ProfileFileCredentialsProvider {
 ///         future::ProvideCredentials::new(self.load_credentials())
 ///     }
 /// }
-/// # if cfg!(any(feature = "rustls", feature = "native-tls")) {
+/// # if cfg!(feature = "rustls") {
 /// let provider = ProfileFileCredentialsProvider::builder()
 ///     .with_custom_provider("Custom", MyCustomProvider)
 ///     .build();
@@ -375,7 +375,7 @@ impl Builder {
     ///     }
     /// }
     ///
-    /// # if cfg!(any(feature = "rustls", feature = "native-tls")) {
+    /// # if cfg!(feature = "rustls") {
     /// let provider = ProfileFileCredentialsProvider::builder()
     ///     .with_custom_provider("Custom", MyCustomProvider)
     ///     .build();

@@ -121,7 +121,7 @@ impl ProviderConfig {
     ///
     /// # Examples
     /// ```no_run
-    /// # #[cfg(any(feature = "rustls", feature = "native-tls"))]
+    /// # #[cfg(feature = "rustls")]
     /// # fn example() {
     /// use aws_config::provider_config::ProviderConfig;
     /// use aws_sdk_sts::config::Region;

@@ -104,7 +104,7 @@ fn test_operation() -> Operation<TestOperationParser, AwsResponseRetryClassifier
         .with_metadata(operation::Metadata::new("test-op", "test-service"))
 }
 
-#[cfg(any(feature = "native-tls", feature = "rustls"))]
+#[cfg(feature = "rustls")]
 #[test]
 fn test_default_client() {
     let client = Client::builder()

@@ -19,8 +19,8 @@ aws-smithy-client = { path = "../../../rust-runtime/aws-smithy-client" }
 aws-smithy-http = { path = "../../../rust-runtime/aws-smithy-http" }
 tracing = "0.1"
 http = "0.2.6"
-# cargo does not support optional test dependencies, so to completely disable rustls when
-# the native-tls feature is enabled, we need to add the webpki-roots feature here.
+# cargo does not support optional test dependencies, so to completely disable rustls
+# we need to add the webpki-roots feature here.
 # https://github.com/rust-lang/cargo/issues/1596
 hyper-rustls = { version = "0.23.0", optional = true, features = ["rustls-native-certs", "http2", "webpki-roots"] }
 

@@ -80,7 +80,6 @@ class AwsFluentClientDecorator : ClientCodegenDecorator {
         }
         val awsSmithyClient = "aws-smithy-client"
         rustCrate.mergeFeature(Feature("rustls", default = true, listOf("$awsSmithyClient/rustls")))
-        rustCrate.mergeFeature(Feature("native-tls", default = false, listOf("$awsSmithyClient/native-tls")))
     }
 
     override fun libRsCustomizations(
@@ -188,14 +187,14 @@ private class AwsFluentClientExtensions(types: Types) {
                         // Use provided connector
                         Some(c) => builder.connector(c),
                         None =>{
-                            ##[cfg(any(feature = "rustls", feature = "native-tls"))]
+                            ##[cfg(feature = "rustls")]
                             {
                                 // Use default connector based on enabled features
                                 builder.dyn_https_connector(#{ConnectorSettings}::from_timeout_config(&timeout_config))
                             }
-                            ##[cfg(not(any(feature = "rustls", feature = "native-tls")))]
+                            ##[cfg(not(feature = "rustls"))]
                             {
-                                panic!("No HTTP connector was available. Enable the `rustls` or `native-tls` crate feature or set a connector to fix this.");
+                                panic!("No HTTP connector was available. Enable the `rustls` crate feature or set a connector to fix this.");
                             }
                         }
                     };

@@ -15,6 +15,5 @@ members = [
     "s3control",
     "sts",
     "transcribestreaming",
-    "using-native-tls-instead-of-rustls",
     "webassembly",
 ]
@@ -57,7 +57,6 @@ class FluentClientDecorator : ClientCodegenDecorator {
         }
 
         rustCrate.mergeFeature(Feature("rustls", default = true, listOf("aws-smithy-client/rustls")))
-        rustCrate.mergeFeature(Feature("native-tls", default = false, listOf("aws-smithy-client/native-tls")))
     }
 
     override fun libRsCustomizations(

@@ -0,0 +1,39 @@
+The Smithy client provides a default TLS connector, but a custom one can be plugged in.
+`rustls` is enabled with the feature flag `rustls`.
+
+The client had previously supported `native-tls`. You can use your custom connector like this.
+
+Create your connector:
+
+```rust
+/// A `hyper` connector that uses the `native-tls` crate for TLS. To use this in a smithy client,
+/// wrap it in a [hyper_ext::Adapter](crate::hyper_ext::Adapter).
+pub type NativeTls = hyper_tls::HttpsConnector<hyper::client::HttpConnector>;
+
+pub fn native_tls() -> NativeTls {
+    let mut tls = hyper_tls::native_tls::TlsConnector::builder();
+    let tls = tls
+        .min_protocol_version(Some(hyper_tls::native_tls::Protocol::Tlsv12))
+        .build()
+        .unwrap_or_else(|e| panic!("Error while creating TLS connector: {}", e));
+    let mut http = hyper::client::HttpConnector::new();
+    http.enforce_http(false);
+    hyper_tls::HttpsConnector::from((http, tls.into()))
+}
+```
+
+Plug the connector in the client:
+```rust
+let mut builder = hyper::client::Builder::default();
+builder.pool_max_idle_per_host(70);
+let connector = aws_smithy_client::erase::DynConnector::new(
+    aws_smithy_client::hyper_ext::Adapter::builder()
+        .hyper_builder(builder)
+        .connector_settings(std::default::Default::default())
+        .build(native_tls()),
+);
+let raw_client = aws_smithy_client::builder::Builder::new()
+    .connector(connector)
+    .middleware_fn(...)
+    .build_dyn();
+```
-Original file line number
+Diff line change
@@ Expand Up / @@ -57,7 +57,6 @@ class FluentClientDecorator : ClientCodegenDecorator { @@
             }
             rustCrate.mergeFeature(Feature("rustls", default = true, listOf("aws-smithy-client/rustls")))
-            rustCrate.mergeFeature(Feature("native-tls", default = false, listOf("aws-smithy-client/native-tls")))
         }
         override fun libRsCustomizations(
@@ Expand Down @@