Make tls optional and add rustls support (metrics-rs#418)

This change removed the required dependency to hyper-tls and openssl. The allow tls, clients will now have to enable either the `native-tls` or `rustls-tls` features. BREAKING: tls isn't enabled by default anymore.
nstinus · Nov 30, 2023 · 2ec8df5 · 2ec8df5
1 parent c37a407
commit 2ec8df5
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 4 deletions.
diff --git a/metrics-exporter-prometheus/Cargo.toml b/metrics-exporter-prometheus/Cargo.toml
@@ -20,7 +20,9 @@ keywords = ["metrics", "telemetry", "prometheus"]
 default = ["http-listener", "push-gateway"]
 async-runtime = ["tokio", "hyper"]
 http-listener = ["async-runtime", "hyper/server", "ipnet"]
-push-gateway = ["async-runtime", "hyper/client", "hyper-tls", "tracing"]
+push-gateway = ["async-runtime", "hyper/client", "tracing"]
+native-tls = ["hyper-tls"]
+rustls-tls = ["hyper-rustls"]
 
 [dependencies]
 metrics = { version = "^0.21", path = "../metrics" }
@@ -36,6 +38,7 @@ ipnet = { version = "2", optional = true }
 tokio = { version = "1", features = ["rt", "net", "time"], optional = true }
 tracing = { version = "0.1.26", optional = true }
 hyper-tls = { version = "0.5.0", optional = true }
+hyper-rustls = { version = "0.24.2", optional = true }
 
 [dev-dependencies]
 tracing = "0.1"

diff --git a/metrics-exporter-prometheus/src/builder.rs b/metrics-exporter-prometheus/src/builder.rs
@@ -29,7 +29,6 @@ use hyper::{
     http::HeaderValue,
     Method, Request, Uri,
 };
-use hyper_tls::HttpsConnector;
 
 use indexmap::IndexMap;
 #[cfg(feature = "http-listener")]
@@ -461,8 +460,8 @@ impl PrometheusBuilder {
             #[cfg(feature = "push-gateway")]
             ExporterConfig::PushGateway { endpoint, interval, username, password } => {
                 let exporter = async move {
-                    let https = HttpsConnector::new();
-                    let client = Client::builder().build::<_, hyper::Body>(https);
+                    let client = make_http_client();
+
                     let auth = username.as_ref().map(|name| basic_auth(name, password.as_deref()));
 
                     loop {
@@ -568,6 +567,27 @@ fn basic_auth(username: &str, password: Option<&str>) -> HeaderValue {
     header
 }
 
+#[cfg(all(feature = "rustls-tls", not(feature = "native-tls")))]
+fn make_http_client(
+) -> Client<hyper_rustls::HttpsConnector<hyper::client::HttpConnector>, hyper::Body> {
+    let tls = hyper_rustls::HttpsConnectorBuilder::new()
+        .with_native_roots()
+        .https_or_http()
+        .enable_http1()
+        .build();
+    Client::builder().build::<_, hyper::Body>(tls)
+}
+
+#[cfg(all(not(feature = "rustls-tls"), feature = "native-tls"))]
+fn make_http_client() -> Client<hyper_tls::HttpsConnector, hyper::Body> {
+    Client::builder().build::<_, hyper::Body>(hyper_tls::HttpsConnector::new())
+}
+
+#[cfg(not(any(feature = "rustls-tls", feature = "native-tls")))]
+fn make_http_client() -> Client<hyper::client::HttpConnector, hyper::Body> {
+    Client::builder().build_http()
+}
+
 #[cfg(test)]
 mod tests {
     use std::time::Duration;