Add ability to use rustls over native-tls #209
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"services" cannot be used right now because now container depends on the repository already checkedout, while this is not true for "services". Fix this by manually starting docker as a separate step.
CI reports [1]:
---- pool::test::test_many_connection stdout ----
thread 'pool::test::test_many_connection' panicked at src/pool/mod.rs:380:9:
assertion failed: spent < Duration::from_millis(2500)
[1]: https://github.com/azat-rust/clickhouse-rs/actions/runs/7323232432/job/19945622315?pr=1
…t_concurrent_queries)
This was referenced Dec 25, 2023
|
@suharev7 can you take a look please? |
|
@suharev7 kind ping |
|
It's looking great! Thanks. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds ability to use rustls over native-tls, this can be useful for two reasons:
Previous feature
tlsis now an alias totls-native-tls(and "meta" feature_tlsis now shows that some of TLS features had been enabled), so on other words everything should be backward compatible.Also I've extended CI to make cover native-tls and rustls as well (for that builds I have to run docker manually, since
servicesexecuted before cloning repo, while I need some files from it), and clickhouse-server in that checks does not expose9000port, which should ensure that everything goes via secure protocol.P.S. one interesting thing that I found out is that rustls is faster for establishing connections (though I did not dig deeply enough, since there are tons of reasons for this, especially in the library that doing cryptography).
Refs: https://users.rust-lang.org/t/any-reasons-to-prefer-native-tls-over-rustls/37626/7