Merge branch 'master' of https://github.com/hyperium/tonic

.github/workflows/CI.yml

@@ -149,11 +149,11 @@ jobs:
     - uses: actions/checkout@v4
     - uses: dtolnay/rust-toolchain@master
       with:
-        toolchain: nightly-2024-05-01
+        toolchain: nightly-2024-06-30
     - name: Install cargo-check-external-types
       uses: taiki-e/cache-cargo-install-action@v2
       with:
-        tool: [email protected].12
+        tool: [email protected].13
     - uses: taiki-e/install-action@cargo-hack
     - uses: Swatinem/rust-cache@v2
     - run: cargo hack --no-private check-external-types

deny.toml

@@ -5,22 +5,22 @@ all-features = true
 multiple-versions = "deny"
 deny = [
     # color-backtrace is nice but brings in too many dependencies and that are often outdated, so not worth it for us.
-    { name = "color-backtrace" },
+    { crate = "color-backtrace" },
 
     # dirs crate has a lot of dependencies and there are better alternatives
-    { name = "dirs" },
-    { name = "dirs-sys" },
+    { crate = "dirs" },
+    { crate = "dirs-sys" },
 
     # deprecated
-    { name = "quickersort" },
+    { crate = "quickersort" },
 
     # term is not fully maintained, and termcolor is replacing it
-    { name = "term" },
+    { crate = "term" },
 ]
 skip-tree = [
-    { name = "windows-sys" },
-    { name = "hermit-abi" },
-    { name = "examples" },
+    { crate = "windows-sys" },
+    { crate = "hermit-abi" },
+    { crate = "examples" },
 ]
 
 [licenses]
@@ -39,7 +39,7 @@ allow = [
 ]
 
 [[licenses.clarify]]
-name = "ring"
+crate = "ring"
 # SPDX considers OpenSSL to encompass both the OpenSSL and SSLeay licenses
 # https://spdx.org/licenses/OpenSSL.html
 # ISC - Both BoringSSL and ring use this for their new files

tonic/src/body.rs

@@ -11,7 +11,14 @@ where
     B: http_body::Body<Data = bytes::Bytes> + Send + 'static,
     B::Error: Into<crate::BoxError>,
 {
-    body.map_err(crate::Status::map_error).boxed_unsync()
+    let mut body = Some(body);
+    if let Some(body) = <dyn std::any::Any>::downcast_mut::<Option<BoxBody>>(&mut body) {
+        body.take().unwrap()
+    } else {
+        body.unwrap()
+            .map_err(crate::Status::map_error)
+            .boxed_unsync()
+    }
 }
 
 /// Create an empty `BoxBody`

tonic/src/transport/channel/service/tls.rs

@@ -1,5 +1,4 @@
 use std::fmt;
-use std::io::Cursor;
 use std::sync::Arc;
 
 use hyper_util::rt::TokioIo;
@@ -13,7 +12,9 @@ use tokio_rustls::{
 };
 
 use super::io::BoxedIo;
-use crate::transport::service::tls::{add_certs_from_pem, load_identity, TlsError, ALPN_H2};
+use crate::transport::service::tls::{
+    convert_certificate_to_pki_types, convert_identity_to_pki_types, TlsError, ALPN_H2,
+};
 use crate::transport::tls::{Certificate, Identity};
 
 #[derive(Clone)]
@@ -55,13 +56,13 @@ impl TlsConnector {
         }
 
         for cert in ca_certs {
-            add_certs_from_pem(&mut Cursor::new(cert), &mut roots)?;
+            roots.add_parsable_certificates(convert_certificate_to_pki_types(&cert)?);
         }
 
         let builder = builder.with_root_certificates(roots);
         let mut config = match identity {
             Some(identity) => {
-                let (client_cert, client_key) = load_identity(identity)?;
+                let (client_cert, client_key) = convert_identity_to_pki_types(&identity)?;
                 builder.with_client_auth_cert(client_cert, client_key)?
             }
             None => builder.with_no_client_auth(),

tonic/src/transport/server/mod.rs

@@ -543,7 +543,6 @@ impl<L> Server<L> {
             Into<crate::BoxError> + Send + 'static,
         I: Stream<Item = Result<IO, IE>>,
         IO: AsyncRead + AsyncWrite + Connected + Unpin + Send + 'static,
-        IO::ConnectInfo: Clone + Send + Sync + 'static,
         IE: Into<crate::BoxError>,
         F: Future<Output = ()>,
         ResBody: http_body::Body<Data = Bytes> + Send + 'static,
@@ -844,7 +843,6 @@ impl<L> Router<L> {
     where
         I: Stream<Item = Result<IO, IE>>,
         IO: AsyncRead + AsyncWrite + Connected + Unpin + Send + 'static,
-        IO::ConnectInfo: Clone + Send + Sync + 'static,
         IE: Into<crate::BoxError>,
         L: Layer<Routes>,
         L::Service:
@@ -880,7 +878,6 @@ impl<L> Router<L> {
     where
         I: Stream<Item = Result<IO, IE>>,
         IO: AsyncRead + AsyncWrite + Connected + Unpin + Send + 'static,
-        IO::ConnectInfo: Clone + Send + Sync + 'static,
         IE: Into<crate::BoxError>,
         F: Future<Output = ()>,
         L: Layer<Routes>,

tonic/src/transport/server/service/tls.rs

@@ -1,4 +1,4 @@
-use std::{fmt, io::Cursor, sync::Arc};
+use std::{fmt, sync::Arc};
 
 use tokio::io::{AsyncRead, AsyncWrite};
 use tokio_rustls::{
@@ -8,7 +8,7 @@ use tokio_rustls::{
 };
 
 use crate::transport::{
-    service::tls::{add_certs_from_pem, load_identity, ALPN_H2},
+    service::tls::{convert_certificate_to_pki_types, convert_identity_to_pki_types, ALPN_H2},
     Certificate, Identity,
 };
 
@@ -29,7 +29,7 @@ impl TlsAcceptor {
             None => builder.with_no_client_auth(),
             Some(cert) => {
                 let mut roots = RootCertStore::empty();
-                add_certs_from_pem(&mut Cursor::new(cert), &mut roots)?;
+                roots.add_parsable_certificates(convert_certificate_to_pki_types(&cert)?);
                 let verifier = if client_auth_optional {
                     WebPkiClientVerifier::builder(roots.into()).allow_unauthenticated()
                 } else {
@@ -40,7 +40,7 @@ impl TlsAcceptor {
             }
         };
 
-        let (cert, key) = load_identity(identity)?;
+        let (cert, key) = convert_identity_to_pki_types(&identity)?;
         let mut config = builder.with_single_cert(cert, key)?;
 
         config.alpn_protocols.push(ALPN_H2.into());

tonic/src/transport/service/tls.rs

@@ -1,11 +1,8 @@
 use std::{fmt, io::Cursor};
 
-use tokio_rustls::rustls::{
-    pki_types::{CertificateDer, PrivateKeyDer},
-    RootCertStore,
-};
+use tokio_rustls::rustls::pki_types::{CertificateDer, PrivateKeyDer};
 
-use crate::transport::Identity;
+use crate::transport::{Certificate, Identity};
 
 /// h2 alpn in plain format for rustls.
 pub(crate) const ALPN_H2: &[u8] = b"h2";
@@ -38,29 +35,20 @@ impl fmt::Display for TlsError {
 
 impl std::error::Error for TlsError {}
 
-pub(crate) fn load_identity(
-    identity: Identity,
-) -> Result<(Vec<CertificateDer<'static>>, PrivateKeyDer<'static>), TlsError> {
-    let cert = rustls_pemfile::certs(&mut Cursor::new(identity.cert))
+pub(crate) fn convert_certificate_to_pki_types(
+    certificate: &Certificate,
+) -> Result<Vec<CertificateDer<'static>>, TlsError> {
+    rustls_pemfile::certs(&mut Cursor::new(certificate))
         .collect::<Result<Vec<_>, _>>()
-        .map_err(|_| TlsError::CertificateParseError)?;
+        .map_err(|_| TlsError::CertificateParseError)
+}
 
-    let Ok(Some(key)) = rustls_pemfile::private_key(&mut Cursor::new(identity.key)) else {
+pub(crate) fn convert_identity_to_pki_types(
+    identity: &Identity,
+) -> Result<(Vec<CertificateDer<'static>>, PrivateKeyDer<'static>), TlsError> {
+    let cert = convert_certificate_to_pki_types(&identity.cert)?;
+    let Ok(Some(key)) = rustls_pemfile::private_key(&mut Cursor::new(&identity.key)) else {
         return Err(TlsError::PrivateKeyParseError);
     };
-
     Ok((cert, key))
 }
-
-pub(crate) fn add_certs_from_pem(
-    mut certs: &mut dyn std::io::BufRead,
-    roots: &mut RootCertStore,
-) -> Result<(), crate::BoxError> {
-    for cert in rustls_pemfile::certs(&mut certs).collect::<Result<Vec<_>, _>>()? {
-        roots
-            .add(cert)
-            .map_err(|_| TlsError::CertificateParseError)?;
-    }
-
-    Ok(())
-}