Add TLS support, gated by a feature flag

[gferon]

Following up on my earlier attempt in MR #244.

TODO:

• Implement TLS for synchronous client with native-tls
• Implement TLS with tokio-tls
• Implement TLS with async-native-tls
• Add testing facilities for redis+tls

Resolves issue #241

[gferon]

@Marwes I guess I should also add something in the documentation about the new feature flag?

[Marwes]

There doesn't seem to be a place where features are documented atm (though it would be nice, problably in the top level docs in src/lib.rs).

Adding some/a test for TLS, even without certificate validation would be useful.

[gferon]

There doesn't seem to be a place where features are documented atm (though it would be nice, problably in the top level docs in src/lib.rs).

Adding some/a test for TLS, even without certificate validation would be useful.

Alright, I'll figure something out later then.

[gferon]

@Marwes could you try to help me figure out what's going on with the test suite? It's most probably linked to my change, but I can't figure it out right now.

[badboy]

I gave this a rough review now.

Good work so far.
I'm surprised how simple the overall logic is.
I had some nits and comments about the feature usage, some clarification there would be nice.
I will also give that another look with a less-sleep brain.

There are some merge conflicts right now, if you can get them fixed that would be helpful.

[Terkwood]

Curious about the build errors here. The summary text says they were stopped, but the logs were a little bit harder to understand -- did someone intervene to stop the builds, or did they just idle for a long time and then fail?

[Marwes]

travis stops the build automatically if no output has been received for 10 minutes. So there is a bug in here somewhere.

[Terkwood]

👍

[Terkwood]

Potentially related, in the travis log: https://travis-ci.org/github/mitsuhiko/redis-rs/jobs/693945209#L253

Warning: The home dir /var/run/stunnel4 you specified can't be accessed: No such file or directory

But probably benign. I worry that something related to travis might be the issue here, not the change set. I'll pull down the repo and try running tests on my own machine.

[Terkwood]

On my local machine (a linux laptop built in approximately 1433 AD), I was able to get the tests to pass:

REDISRS_SERVER_TYPE=tcp RUST_TEST_THREADS=1 cargo test --no-default-features --tests -- --nocapture

This is the same spot that failed in the travis build. So I'm not sure there's anything wrong with the change set, and I'm a little bit more suspicious of the travis build's config. Too -- and I haven't dug into this -- some of the other builds attached to the last commit, here, passed.

Just out of sheer masochism, I wonder if re-triggering the builds causes different results than the last run.

[Terkwood]

There have been changes since then, but previous iterations of this work got 100% green-lights on Travis:

https://travis-ci.org/github/mitsuhiko/redis-rs/builds/669753751

789b308

[Terkwood]

Someone has kindly kicked off the build for the latest commit: https://travis-ci.org/github/mitsuhiko/redis-rs/builds/693945206

Thank you!

[Terkwood]

Seems to be hanging at the same spot (test_getset). Run hasn't terminated yet...

[Terkwood]

Failures on all of the non-lint builds, but not in the same places. 🔬

[gferon]

I was excited when I saw the update to redis 6.0, and I was too fast... the build from the ppa:chris-lea/redis-server isn't built with TLS support 😿

[Terkwood]

😔 Thanks for looking into it... Worth a try

[gferon]

I finally figured it out.

I introduced the issue in my PR when I changed the match arm in tests/support/mod.rs (see the fix that restores this code to its original state).

Before my change, the net2::TcpListener2 was dropped before the redis-server is spawned. After I changed it, well... it didn't work anymore 💥

I thought I knew enough about sockets... It turns out that SO_REUSEADDR on Linux does not behave exactly as I thought it would. But hey, I learned a lot in the process!

@Terkwood I think it's finally ready to be merged.

[Terkwood]

👍🏼

[Terkwood]

Huge progress!! 🏁🏁

[badboy]

Awesome!
I'm going to land this.

@gferon Can you add some documentation in lib.rs for this in a follow up PR?

[tibbon]

How does one use the TLS feature?

[tibbon]

I'm getting this error:

david@MacBook-Pro-2 crane % cargo run -- -tls
   Compiling redis v0.17.0
error[E0432]: unresolved import `async_native_tls`
 --> /Users/david/.cargo/registry/src/github.com-1ecc6299db9ec823/redis-0.17.0/src/aio_async_std.rs:4:5
  |
4 | use async_native_tls::{TlsConnector, TlsStream};
  |     ^^^^^^^^^^^^^^^^ use of undeclared crate or module `async_native_tls`

error[E0433]: failed to resolve: use of undeclared crate or module `tokio_tls`
   --> /Users/david/.cargo/registry/src/github.com-1ecc6299db9ec823/redis-0.17.0/src/aio.rs:100:32
    |
100 |             let tls_connector: tokio_tls::TlsConnector = if insecure {
    |                                ^^^^^^^^^ use of undeclared crate or module `tokio_tls`

error[E0599]: no variant or associated item named `TcpTlsTokio` found for enum `aio::ActualConnection` in the current scope
   --> /Users/david/.cargo/registry/src/github.com-1ecc6299db9ec823/redis-0.17.0/src/aio.rs:113:40
    |
113 |                 .map(ActualConnection::TcpTlsTokio)?)
    |                                        ^^^^^^^^^^^
    |                                        |
    |                                        variant or associated item not found in `aio::ActualConnection`
    |                                        help: there is a variant with a similar name: `TcpTokio`
...
125 | pub(crate) enum ActualConnection {
    | -------------------------------- variant or associated item `TcpTlsTokio` not found here

error[E0599]: no variant or associated item named `TcpTlsAsyncStd` found for enum `aio::ActualConnection` in the current scope
   --> /Users/david/.cargo/registry/src/github.com-1ecc6299db9ec823/redis-0.17.0/src/aio_async_std.rs:161:42
    |
161 |             .map(|con| ActualConnection::TcpTlsAsyncStd(TlsStreamAsyncStdWrapped(con)))?)
    |                                          ^^^^^^^^^^^^^^
    |                                          |
    |                                          variant or associated item not found in `aio::ActualConnection`
    |                                          help: there is a variant with a similar name: `TcpAsyncStd`
    |
   ::: /Users/david/.cargo/registry/src/github.com-1ecc6299db9ec823/redis-0.17.0/src/aio.rs:125:1
    |
125 | pub(crate) enum ActualConnection {
    | -------------------------------- variant or associated item `TcpTlsAsyncStd` not found here

error: aborting due to 4 previous errors

I've included these in my Cargo.toml:

redis = { version = "0.17.0" , features = ["tls"] }
native-tls = { version = "0.2" }
tokio-tls = { version = "0.3" }
async-native-tls = { version = "0.3" }

[tibbon]

Seems to be that this is the magic line: redis = { version = "0.17.0" , features = ["tls", "async-std-tls-comp", "tokio-tls-comp"] }

[gferon]

Seems to be that this is the magic line: redis = { version = "0.17.0" , features = ["tls", "async-std-tls-comp", "tokio-tls-comp"] }

You're right, I just pushed #382 to make sure those features are more discoverable.