Add support for Network.framework TLS options #1221
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Motivation: gRPC Swift currently half supports Network.framework via NIOTransportServices, that is, we make use of the network stack where it's available but we always use NIOSSL for TLS. We should offer users a way to use Network.framework's TLS stack. Modifications: - Add 'GRPCTLSConfiguration' which is a wrapper around configuration structures for both NIOSSL and Network.framework. This is for both client and server configuration. - Add static factory methods making it easier for callers to construct the right configuration with the right defauls. - Add static factory methods allowing the caller to construct a `GRPCTLSConfiguration` from the 'base' configuration (i.e. a `NIOSSL.TLSConfiguration` or `NWProtocolTLS.Options`) - Add new methods to the client and server builders to make a builder backed by a given TLS backend. In addition the client has a helper for automatically choosing the right backend from the type of the provided event loop group. - Add backend specific options to each builder. - Deprecate the generic 'secure' builders for both the client and the server. Result: Users can configure their client/server to use the TLS implementation provided by Network.framework where appropriate.
Lukasa
reviewed
Jul 12, 2021
| // | ||
| // 'nil' means we're not using TLS, or we're using the Network.framework TLS backend. We'll | ||
| // check and apply the Network.framework TLS options when we create a bootstrap. | ||
| let sslContext: Result<NIOSSLContext, Error>? |
There was a problem hiding this comment.
Hmm, Optional<Result> is sufficiently opaque that I'm never going to be quite sure what each thing means. I wonder if this needs a temporary type.
There was a problem hiding this comment.
Yeah, it is a little unclear. I extracted this into a TLSMode.
Lukasa
approved these changes
Jul 13, 2021
glbrntt
added a commit
to glbrntt/grpc-swift
that referenced
this pull request
Aug 3, 2021
Motivation: In grpc#1221 we added Network.framework as a provider for TLS. However in a few places we incorrectly set the availability for watchOS as 5.0. It should be 6.0 (as required by NIOTS). If the watchOS deployment target was set to 5.0 then the build would result in a number of errors (as the availability requirements for using various NIOTS types would not be sufficient). Modifications: - Raise the availability version for various APIs which use Network.framework Result: No build errors for types which aren't availabile on watchOS 5.0.
glbrntt
added a commit
that referenced
this pull request
Aug 6, 2021
Motivation: In #1221 we added Network.framework as a provider for TLS. However in a few places we incorrectly set the availability for watchOS as 5.0. It should be 6.0 (as required by NIOTS). If the watchOS deployment target was set to 5.0 then the build would result in a number of errors (as the availability requirements for using various NIOTS types would not be sufficient). Modifications: - Raise the availability version for various APIs which use Network.framework Result: No build errors for types which aren't availabile on watchOS 5.0.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation:
gRPC Swift currently half supports Network.framework via
NIOTransportServices, that is, we make use of the network stack where
it's available but we always use NIOSSL for TLS. We should offer users a
way to use Network.framework's TLS stack.
Modifications:
structures for both NIOSSL and Network.framework. This is for both
client and server configuration.
the right configuration with the right defauls.
GRPCTLSConfigurationfrom the 'base' configuration (i.e. aNIOSSL.TLSConfigurationorNWProtocolTLS.Options)backed by a given TLS backend. In addition the client has a helper for
automatically choosing the right backend from the type of the provided
event loop group.
server.
Result:
Users can configure their client/server to use the TLS implementation
provided by Network.framework where appropriate.