Add TLS support for NIOPosix H2 client #2036
Conversation
Sources/GRPCHTTP2TransportNIOPosix/HTTP2ClientTransport+Posix.swift
Outdated
Show resolved
Hide resolved
Sources/GRPCHTTP2TransportNIOPosix/HTTP2ClientTransport+Posix.swift
Outdated
Show resolved
Hide resolved
gjcairo
force-pushed
the
ssl-nioposix-client
branch
from
f389a06 to
9590227
Compare
| serverHostname = nil | ||
| case .tls(let tlsConfig): | ||
| do { | ||
| nioSSLContext = try NIOSSLContext(configuration: TLSConfiguration(tlsConfig)) |
There was a problem hiding this comment.
These are expensive to create (IIRC it's of the order 20k allocations!) and at the moment we do it per connection. Can we do it in init instead and then reuse it?
There was a problem hiding this comment.
While making this change I realised that we're exposing the tls case for TransportSecurity even when NIOSSL cannot be imported. I think this is unsafe, because it means users may be able to add a TLSConfig to their server/client, which then simply will be ignored if the platform the code's being built on doesn't support NIOSSL. If this happens on both the server and the client, it could mean the connection is plaintext and there would be no warnings that the config wasn't used.
I've wrapped the tls case of TransportSecurity in #if canImport(NIOSSL) to avoid this. Let me know if you agree with it or if I'm missing something/think it should be resolved in some other way.
Sources/GRPCHTTP2TransportNIOPosix/HTTP2ServerTransport+Posix.swift
Outdated
Show resolved
Hide resolved
Sources/GRPCHTTP2TransportNIOPosix/HTTP2ServerTransport+Posix.swift
Outdated
Show resolved
Hide resolved
gjcairo
force-pushed
the
ssl-nioposix-client
branch
from
4f19c21 to
8853b7e
Compare
2 participants
Motivation
We currently have a
NIOPosixclient transport implementation in gRPC v2, but it doesn't support TLS.Modifications
This PR adds support for TLS in the NIOPosix-backed HTTP/2 implementation of the client transport for gRPC v2.
Result
We now support TLS when using the NIOPosix client transport in gRPC V2.