Organize some of the duplicated TLS code into a separate crate #3835
Conversation
tls-utils/Cargo.toml
Outdated
|
|
||
| [dependencies] | ||
| solana-sdk = { workspace = true } | ||
|
|
There was a problem hiding this comment.
have you pushed your changes? I still see space and unsorted dependencies.
| solana-signer = { workspace = true } | ||
| solana-pubkey = { workspace = true } | ||
|
|
||
|
|
tls-utils/src/lib.rs
Outdated
| @@ -0,0 +1,14 @@ | |||
| //! Collection of TLS related code fragments that end up popping up everywhere where quic is used. | |||
| //! Aggregated here to avoid bugs due to conflicting implementations of the same functionality | |||
There was a problem hiding this comment.
| //! Aggregated here to avoid bugs due to conflicting implementations of the same functionality | |
| //! Aggregated here to avoid bugs due to conflicting implementations of the same functionality. |
|
Looks like a good change to me |
alexpyattaev
force-pushed
the
organize_tls_utils
branch
from
b2c6e92
to
56af8a2
Compare
|
I think you can press now "ready for review" |
|
Thanks, will do.
…
I think you can press now "ready for review"
|
alexpyattaev
force-pushed
the
organize_tls_utils
branch
from
9e69118
to
9288522
Compare
quic-client/Cargo.toml
Outdated
| solana-transaction-error = { workspace = true } | ||
| thiserror = { workspace = true } | ||
| tokio = { workspace = true, features = ["full"] } | ||
|
|
tls-utils/src/tls_certificates.rs
Outdated
| @@ -1,3 +1,4 @@ | |||
| #![allow(clippy::arithmetic_side_effects)] | |||
There was a problem hiding this comment.
is this addition needed? isn't the file just moved to a new location?
There was a problem hiding this comment.
Yes, this is necessary. A similar "allow" was on the crate level in the original crate. Clippy gets confused with benign addition for a buffer size computation otherwise. If it is not benign then please let me know why. I've changed the code to appease clippy without the #allow, though I feel like in this case it was overly protective.
The bigger problem is the streamer crate from which the code was taken, where the same clippy warning is triggered many many times if the allow line is removed. I can look into that in a different PR.
tls-utils/Cargo.toml
Outdated
| description = "Solana TLS utilities" | ||
| documentation = "https://docs.rs/solana-tls-utils" | ||
|
|
||
| version.workspace = true |
There was a problem hiding this comment.
| description = "Solana TLS utilities" | |
| documentation = "https://docs.rs/solana-tls-utils" | |
| version.workspace = true | |
| description = "Solana TLS utilities" | |
| documentation = "https://docs.rs/solana-tls-utils" | |
| publish = false | |
| version.workspace = true |
There was a problem hiding this comment.
set to publish=false as suggested
quic-client/tests/quic_client.rs
Outdated
| }, | ||
| solana_tls_utils::{QuicClientCertificate,new_dummy_x509_certificate}, |
There was a problem hiding this comment.
space after 'QuicClientCertificate', can you do a "cargo fmt"
There was a problem hiding this comment.
thanks, cargo fmt done as suggested on all files.
alexpyattaev
force-pushed
the
organize_tls_utils
branch
4 times, most recently
from
0474c3f
to
87b4eae
Compare
tls-utils/Cargo.toml
Outdated
| description = "Solana TLS utilities" | ||
| documentation = "https://docs.rs/solana-tls-utils" | ||
| publish = false | ||
|
|
There was a problem hiding this comment.
publish=false will have to go away after this is merged as far as I understand.
There was a problem hiding this comment.
ya are we going to publish this on crates.io? or no?
There was a problem hiding this comment.
I have no idea if anyone would ever use it there. Probably there is no benefit to that in this case.
alexpyattaev
force-pushed
the
organize_tls_utils
branch
from
87b4eae
to
3becfc7
Compare
|
Yes, I have changed the code to remove the #allow directive, even though it was present in the streamer crate, as it could be masking other possible bugs (and still probably does in streamer).
3 Dec 2024 19.19.36 Greg Cusack ***@***.***>:
…
***@***.**** commented on this pull request.
----------------------------------------
In tls-utils/src/tls_certificates.rs[#3835 (comment)]:
> @@ -1,3 +1,4 @@
+#![allow(clippy::arithmetic_side_effects)]
looks like you removed this?
—
Reply to this email directly, view it on GitHub[#3835 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/ABNIL3UROYIOELDJ33LDQBL2DXR2RAVCNFSM6AAAAABSVNUOZGVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDINZWGMZTQMZQGI].
You are receiving this because you authored the thread.
[Tracking image][https://github.com/notifications/beacon/ABNIL3WHRMVNVU7P6ZENOUD2DXR2RA5CNFSM6AAAAABSVNUOZGWGG33NNVSW45C7OR4XAZNRKB2WY3CSMVYXKZLTORJGK5TJMV32UY3PNVWWK3TUL5UWJTUTTHWH4.gif]
|
tls-utils/src/tls_certificates.rs
Outdated
| if keypair_secret_len != 32 { | ||
| panic!("Unexpected secret key length!"); | ||
| } | ||
| let need_buffer = PKCS8_PREFIX |
There was a problem hiding this comment.
| let need_buffer = PKCS8_PREFIX | |
| let buffer_size = PKCS8_PREFIX |
tls-utils/src/tls_certificates.rs
Outdated
| .len() | ||
| .checked_add(keypair_secret_len) //clippy being overly guarded here but optimizer will elide checked_add | ||
| .expect("Unexpected secret key length!"); | ||
| let mut key_pkcs8_der = Vec::<u8>::with_capacity(need_buffer); |
There was a problem hiding this comment.
| let mut key_pkcs8_der = Vec::<u8>::with_capacity(need_buffer); | |
| let mut key_pkcs8_der = Vec::<u8>::with_capacity(buffer_size); |
tls-utils/Cargo.toml
Outdated
| edition = { workspace = true } | ||
|
|
||
| [dependencies] | ||
|
|
There was a problem hiding this comment.
nit: shouldn't be a blank line at line 15
… to avoid duplication. Also move SkipClientVerification
alexpyattaev
force-pushed
the
organize_tls_utils
branch
from
3f96c5c
to
f884350
Compare
|
This crate needs to be published -- solana-quic-client depends on it, which is used by the CLI and many other clients. We can also remove the dependency on solana-sdk. I'll put in a PR for all that |
Problem
A whole bunch of places in the code have been defining the same structure SkipServerVerification for use in quic related code. There were at least 3 independent definitions for this struct with zero functional differences in different project locations.
This created unnecessary duplication as well as strange code dependencies where turbine would depend on quic-client for this one struct, even though logically it makes no sense for turbine to depend on quic-client.
Summary of Changes
The following moved to tls-utils crate:
SkipServerVerification
SkipClientVerification
new_dummy_x509_certificate
All references to them redirected. Multiple redundant definitions removed.