Add ability to use rustls over native-tls #209
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds ability to use rustls over native-tls, this can be useful for two reasons:
Previous feature
tls
is now an alias totls-native-tls
(and "meta" feature_tls
is now shows that some of TLS features had been enabled), so on other words everything should be backward compatible.Also I've extended CI to make cover native-tls and rustls as well (for that builds I have to run docker manually, since
services
executed before cloning repo, while I need some files from it), and clickhouse-server in that checks does not expose9000
port, which should ensure that everything goes via secure protocol.P.S. one interesting thing that I found out is that rustls is faster for establishing connections (though I did not dig deeply enough, since there are tons of reasons for this, especially in the library that doing cryptography).
Refs: https://users.rust-lang.org/t/any-reasons-to-prefer-native-tls-over-rustls/37626/7