From 05b60183fb73308d0e7ab48b2c288b89ef5949e7 Mon Sep 17 00:00:00 2001 From: Brandon Williams Date: Fri, 18 Oct 2024 10:09:07 -0500 Subject: [PATCH] consensus: use tonic-rustls for building tonic client with custom rustls config --- Cargo.lock | 113 ++++++++++++++------ Cargo.toml | 4 +- consensus/core/Cargo.toml | 1 + consensus/core/src/network/tonic_network.rs | 19 ++-- 4 files changed, 88 insertions(+), 49 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 286d572bf63af..67ab89cb21ce7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -179,7 +179,7 @@ dependencies = [ "thiserror", "tokio", "tokio-util 0.7.10", - "tower", + "tower 0.4.13", "tracing", "x509-parser", ] @@ -220,7 +220,7 @@ dependencies = [ "dashmap", "rand 0.8.5", "tokio", - "tower", + "tower 0.4.13", "tracing", ] @@ -237,7 +237,7 @@ dependencies = [ "nonzero_ext", "pin-project-lite", "tokio", - "tower", + "tower 0.4.13", "tracing", "uuid 1.2.2", ] @@ -1113,7 +1113,7 @@ dependencies = [ "ring 0.16.20", "time", "tokio", - "tower", + "tower 0.4.13", "tracing", "zeroize", ] @@ -1378,7 +1378,7 @@ dependencies = [ "pin-project-lite", "rustls 0.21.12", "tokio", - "tower", + "tower 0.4.13", "tracing", ] @@ -1428,7 +1428,7 @@ dependencies = [ "http 0.2.9", "http-body 0.4.5", "pin-project-lite", - "tower", + "tower 0.4.13", "tracing", ] @@ -1550,7 +1550,7 @@ dependencies = [ "rustversion", "serde", "sync_wrapper 0.1.2", - "tower", + "tower 0.4.13", "tower-layer", "tower-service", ] @@ -1587,7 +1587,7 @@ dependencies = [ "sync_wrapper 1.0.1", "tokio", "tokio-tungstenite 0.21.0", - "tower", + "tower 0.4.13", "tower-layer", "tower-service", "tracing", @@ -1648,7 +1648,7 @@ dependencies = [ "mime", "pin-project-lite", "serde", - "tower", + "tower 0.4.13", "tower-layer", "tower-service", "tracing", @@ -1685,7 +1685,7 @@ dependencies = [ "rustls-pki-types", "tokio", "tokio-rustls 0.26.0", - "tower", + "tower 0.4.13", "tower-service", ] @@ -2797,7 +2797,8 @@ dependencies = [ "tokio-util 0.7.10", "tonic 0.12.3", "tonic-build", - "tower", + "tonic-rustls", + "tower 0.4.13", "tower-http", "tracing", "typed-store", @@ -5949,7 +5950,7 @@ dependencies = [ "pin-project-lite", "socket2 0.5.6", "tokio", - "tower", + "tower 0.4.13", "tower-service", "tracing", ] @@ -6517,7 +6518,7 @@ dependencies = [ "tokio", "tokio-stream", "tokio-util 0.7.10", - "tower", + "tower 0.4.13", "tracing", ] @@ -8151,7 +8152,7 @@ dependencies = [ "tokio-stream", "tonic 0.12.3", "tonic-health", - "tower", + "tower 0.4.13", "tower-http", "tracing", ] @@ -8169,7 +8170,7 @@ dependencies = [ "simple-server-timing-header", "telemetry-subscribers", "tokio", - "tower", + "tower 0.4.13", "tracing", ] @@ -8314,7 +8315,7 @@ dependencies = [ "rand 0.8.5", "sui-macros", "tokio", - "tower", + "tower 0.4.13", "tracing", ] @@ -8409,7 +8410,7 @@ dependencies = [ "thiserror", "tokio", "tokio-stream", - "tower", + "tower 0.4.13", "tracing", "typed-store", ] @@ -8548,7 +8549,7 @@ dependencies = [ "thiserror", "tokio", "tonic 0.12.3", - "tower", + "tower 0.4.13", "tracing", "typed-store", ] @@ -12711,7 +12712,7 @@ dependencies = [ "thiserror", "tokio", "toml 0.7.4", - "tower", + "tower 0.4.13", "tower-http", "tracing", "unescape", @@ -13573,7 +13574,7 @@ dependencies = [ "thiserror", "tokio", "tonic 0.12.3", - "tower", + "tower 0.4.13", "tower-http", "tracing", "ttl_cache", @@ -13758,7 +13759,7 @@ dependencies = [ "tokio", "tokio-util 0.7.10", "toml 0.7.4", - "tower", + "tower 0.4.13", "tower-http", "tracing", "uuid 1.2.2", @@ -13980,7 +13981,7 @@ dependencies = [ "thiserror", "tokio", "tokio-util 0.7.10", - "tower", + "tower 0.4.13", "tower-http", "tracing", "typed-store-error", @@ -14343,7 +14344,7 @@ dependencies = [ "tokio", "tonic 0.12.3", "tonic-build", - "tower", + "tower 0.4.13", "tracing", ] @@ -14393,7 +14394,7 @@ dependencies = [ "tap", "telemetry-subscribers", "tokio", - "tower", + "tower 0.4.13", "tracing", "typed-store", "url", @@ -14518,7 +14519,7 @@ dependencies = [ "sui-types", "thiserror", "tokio", - "tower", + "tower 0.4.13", ] [[package]] @@ -14595,7 +14596,7 @@ dependencies = [ "sui-types", "telemetry-subscribers", "tokio", - "tower", + "tower 0.4.13", "tower-http", "tracing", "url", @@ -14856,7 +14857,7 @@ dependencies = [ "sui-types", "telemetry-subscribers", "tempfile", - "tower", + "tower 0.4.13", "tracing", ] @@ -14986,7 +14987,7 @@ dependencies = [ "test-cluster", "tokio", "toml 0.7.4", - "tower", + "tower 0.4.13", "tower-http", "tracing", "url", @@ -16424,7 +16425,7 @@ dependencies = [ "prost 0.12.3", "tokio", "tokio-stream", - "tower", + "tower 0.4.13", "tower-layer", "tower-service", "tracing", @@ -16454,7 +16455,7 @@ dependencies = [ "socket2 0.5.6", "tokio", "tokio-stream", - "tower", + "tower 0.4.13", "tower-layer", "tower-service", "tracing", @@ -16486,6 +16487,33 @@ dependencies = [ "tonic 0.12.3", ] +[[package]] +name = "tonic-rustls" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "803689f99cfc6de9c3b27aa86bf98553754c72c53b715913f1c14dcd3c030f77" +dependencies = [ + "async-stream", + "bytes", + "h2 0.4.5", + "http 1.1.0", + "http-body 1.0.1", + "http-body-util", + "hyper 1.4.1", + "hyper-timeout 0.5.1", + "hyper-util", + "pin-project", + "socket2 0.5.6", + "tokio", + "tokio-rustls 0.26.0", + "tokio-stream", + "tonic 0.12.3", + "tower 0.5.0", + "tower-layer", + "tower-service", + "tracing", +] + [[package]] name = "toolchain_find" version = "0.2.0" @@ -16520,6 +16548,25 @@ dependencies = [ "tracing", ] +[[package]] +name = "tower" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "36b837f86b25d7c0d7988f00a54e74739be6477f2aac6201b8f429a7569991b7" +dependencies = [ + "futures-core", + "futures-util", + "indexmap 2.2.6", + "pin-project-lite", + "slab", + "sync_wrapper 0.1.2", + "tokio", + "tokio-util 0.7.10", + "tower-layer", + "tower-service", + "tracing", +] + [[package]] name = "tower-http" version = "0.5.2" @@ -16544,7 +16591,7 @@ dependencies = [ "pin-project-lite", "tokio", "tokio-util 0.7.10", - "tower", + "tower 0.4.13", "tower-layer", "tower-service", "tracing", @@ -16553,9 +16600,9 @@ dependencies = [ [[package]] name = "tower-layer" -version = "0.3.2" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c20c8dbed6283a09604c3e69b4b7eeb54e298b8a600d4d5ecb5ad39de609f1d0" +checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e" [[package]] name = "tower-service" diff --git a/Cargo.toml b/Cargo.toml index f2be612798fd2..c63c0ed4796ef 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -497,12 +497,10 @@ tokio-stream = { version = "0.1.14", features = ["sync", "net"] } tokio-util = "0.7.10" toml = { version = "0.7.4", features = ["preserve_order"] } toml_edit = { version = "0.19.10" } -# NOTE: do not enable the `tls` feature on tonic. It will break custom TLS handling -# for self signed certificates. Unit tests under consensus/core and other integration -# tests will fail. tonic = { version = "0.12", features = ["transport"] } tonic-build = { version = "0.12", features = ["prost", "transport"] } tonic-health = "0.12" +tonic-rustls = "0.1.0" tower = { version = "0.4.12", features = [ "full", "util", diff --git a/consensus/core/Cargo.toml b/consensus/core/Cargo.toml index 2cb277834c9b2..6d4756ac4075f 100644 --- a/consensus/core/Cargo.toml +++ b/consensus/core/Cargo.toml @@ -57,6 +57,7 @@ tower.workspace = true tower-http.workspace = true tracing.workspace = true typed-store.workspace = true +tonic-rustls.workspace = true [dev-dependencies] rstest.workspace = true diff --git a/consensus/core/src/network/tonic_network.rs b/consensus/core/src/network/tonic_network.rs index 185f59786b163..1c07f013cecc4 100644 --- a/consensus/core/src/network/tonic_network.rs +++ b/consensus/core/src/network/tonic_network.rs @@ -339,7 +339,7 @@ impl NetworkClient for TonicClient { // Tonic channel wrapped with layers. type Channel = mysten_network::callback::Callback< tower_http::trace::Trace< - tonic::transport::Channel, + tonic_rustls::Channel, tower_http::classify::SharedClassifier, >, MetricsCallbackMaker, @@ -381,7 +381,8 @@ impl ChannelPool { let address = format!("https://{address}"); let config = &self.context.parameters.tonic; let buffer_size = config.connection_buffer_size; - let endpoint = tonic::transport::Channel::from_shared(address.clone()) + let client_tls_config = create_rustls_client_config(&self.context, network_keypair, peer); + let endpoint = tonic_rustls::Channel::from_shared(address.clone()) .unwrap() .connect_timeout(timeout) .initial_connection_window_size(Some(buffer_size as u32)) @@ -391,22 +392,14 @@ impl ChannelPool { .http2_keep_alive_interval(config.keepalive_interval) // tcp keepalive is probably unnecessary and is unsupported by msim. .user_agent("mysticeti") + .unwrap() + .tls_config(client_tls_config) .unwrap(); - let client_tls_config = create_rustls_client_config(&self.context, network_keypair, peer); - let https_connector = hyper_rustls::HttpsConnectorBuilder::new() - .with_tls_config(client_tls_config) - .https_only() - .enable_http2() - .build(); - let deadline = tokio::time::Instant::now() + timeout; let channel = loop { trace!("Connecting to endpoint at {address}"); - match endpoint - .connect_with_connector(https_connector.clone()) - .await - { + match endpoint.connect().await { Ok(channel) => break channel, Err(e) => { warn!("Failed to connect to endpoint at {address}: {e:?}");