Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use rustls instead of OpenSSL #124

Open
ozgrakkurt opened this issue Dec 7, 2021 · 3 comments
Open

Use rustls instead of OpenSSL #124

ozgrakkurt opened this issue Dec 7, 2021 · 3 comments

Comments

@ozgrakkurt
Copy link

This would greatly simplify building process on Windows. Is this something that can be done?
@corrieriluca
Copy link
Contributor

corrieriluca commented Dec 7, 2021
edited
Loading

This could be done easily by removing the openssl-sys dependency and using the rustls feature of the reqwest crate. But there's a better way...

As a matter of fact, the OpenSSL dependency is not even used on Windows.

This project is using [email protected]. As it can be seen in the "Requirements" section of the README, "OpenSSL 1.0.1, 1.0.2, or 1.1.0 with headers" is needed only on Linux targets. For Windows and macOS targets, reqwest relies on the native TLS framework of the OS. In this case, specifying the openssl-sys crate as a direct dependency does not make sense because it is already a indirect dependency from reqwest only for Linux targets (and actually from rust-native-tls under the hood).

So why is openssl-sys referenced as a direct dependency of Drill? Well, it started in #86, which adds the support for cross-compiling Drill to x86_64-unknown-linux-musl. The musl libc is known for being more lightweight than the GNU's glibc and offers also static linking (i.e. producing a binary with all its dependencies bundled). In order to produce a static binary for this target one must also statically link the binary to the OpenSSL library. This is what the openssl-sys crate with the vendored feature offers and this is why it is needed... only for the x86_64-unknown-linux-musl target!

So, in order to greatly simplify the building process on Windows (and even on macOS!), we just need to use one of Cargo's feature: Platform specific dependencies! We just need to change the Cargo.toml file this way:

# Add openssl-sys as a direct dependency so it can be cross compiled to
# x86_64-unknown-linux-musl using the "vendored" feature below
+[target.x86_64-unknown-linux-musl.dependencies]
openssl-sys = "0.9.66"

[features]
# Force openssl-sys to staticly link in the openssl library. Necessary when
# cross compiling to x86_64-unknown-linux-musl.
vendored = ["openssl-sys/vendored"]

(Tested on Windows, it does not require OpenSSL anymore, not yet tested on other platforms.)

@ozgrakkurt
Copy link
Author

That is very nice. I would say rustls still might be better than using openssl. What would be the pros and cons of openssl vs rustls in the context of drill?

@corrieriluca
Copy link
Contributor

As far as I know, Rustls is a nice drop-in replacement of OpenSSL. It's a pure Rust TLS library, only supporting modern protocols like TLS 1.2 and 1.3.

The major advantage is portability. Being written in pure Rust, it is portable and statically linked for every target Rust supports (at least Tier 1 ones). No more system library to rely on during compilation and linking of Drill.

The major downsides are:

  • No support of unsecured (as of today) protocols (SSL1, SSL2, SSL3, TLS1 or TLS1.1)
  • Binary size increase (on Windows I noticed a 1 MB difference between Drill with native TLS and Drill with Rustls)

Note that I expected an increase in compilation and linking time, but it seems that it's not the case.

In order for Drill to use Rustls the changes below are needed in the Cargo manifest file:

 url = "2.1.1"
 linked-hash-map = "0.5.3"
 tokio = { version = "0.2.20", features = ["rt-core", "rt-threaded", "time", "net", "io-driver"] }
-reqwest = { version = "0.10.4", features = ["cookies", "trust-dns"] }
+reqwest = { version = "0.10.4", default-features = false, features = ["rustls-tls", "cookies", "trust-dns"] }
 async-trait = "0.1.30"
 futures = "0.3.5"
 lazy_static = "1.4.0"
 num_cpus = "1.13.0"
 rand = "0.7.3"
 hdrhistogram = "7.4.0"
-
-# Add openssl-sys as a direct dependency so it can be cross compiled to
-# x86_64-unknown-linux-musl using the "vendored" feature below
-openssl-sys = "0.9.66"
-
-[features]
-# Force openssl-sys to staticly link in the openssl library. Necessary when
-# cross compiling to x86_64-unknown-linux-musl.
-vendored = ["openssl-sys/vendored"]

This config has been tested (build in release mode and run of an example benchmark) on the following targets:

  • stable-x86_64-pc-windows-msvc
  • x86_64-unknown-linux-gnu
  • x86_64-unknown-linux-musl (no platform specific dependency on OpenSSL needed anymore!)

@josecelano josecelano mentioned this issue Feb 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@corrieriluca @ozgrakkurt