Add rustls support

Author: jplatte

Cargo.lock

@@ -63,6 +63,10 @@ runtime-actix-native-tls = [ "sqlx-core/runtime-actix-native-tls", "sqlx-macros/
 runtime-async-std-native-tls = [ "sqlx-core/runtime-async-std-native-tls", "sqlx-macros/runtime-async-std-native-tls", "_rt-async-std" ]
 runtime-tokio-native-tls = [ "sqlx-core/runtime-tokio-native-tls", "sqlx-macros/runtime-tokio-native-tls", "_rt-tokio" ]
 
+runtime-actix-rustls = [ "sqlx-core/runtime-actix-rustls", "sqlx-macros/runtime-actix-rustls", "_rt-actix" ]
+runtime-async-std-rustls = [ "sqlx-core/runtime-async-std-rustls", "sqlx-macros/runtime-async-std-rustls", "_rt-async-std" ]
+runtime-tokio-rustls = [ "sqlx-core/runtime-tokio-rustls", "sqlx-macros/runtime-tokio-rustls", "_rt-tokio" ]
+
 # for conditional compilation
 _rt-actix = []
 _rt-async-std = []

Cargo.toml

@@ -66,7 +66,7 @@ SQLx is an async, pure Rust<sub>†</sub> SQL crate featuring compile-time check
 
  * **Pure Rust**. The Postgres and MySQL/MariaDB drivers are written in pure Rust using **zero** unsafe<sub>††</sub> code.
 
- * **Runtime Agnostic**. Works on different runtimes ([async-std](https://crates.io/crates/async-std) / [tokio](https://crates.io/crates/tokio) / [actix](https://crates.io/crates/actix-rt)).
+ * **Runtime Agnostic**. Works on different runtimes ([async-std](https://crates.io/crates/async-std) / [tokio](https://crates.io/crates/tokio) / [actix](https://crates.io/crates/actix-rt)) and TLS backends ([native-tls](https://crates.io/crates/native-tls), [rustls](https://crates.io/crates/rustls)).
 
 <sub><sup>† The SQLite driver uses the libsqlite3 C library as SQLite is an embedded database (the only way
 we could be pure Rust for SQLite is by porting _all_ of SQLite to Rust).</sup></sub>
@@ -109,12 +109,14 @@ SQLx is compatible with the [`async-std`], [`tokio`] and [`actix`] runtimes.
 [`tokio`]: https://github.com/tokio-rs/tokio
 [`actix`]: https://github.com/actix/actix-net
 
-By default, you get `async-std`. If you want a different runtime or TLS backend, just disable the default features and activate the corresponding feature, for example for tokio:
+You can also select between [`native-tls`] and [`rustls`] for the TLS backend.
+
+By default, you get `async-std` + `native-tls`. If you want a different runtime or TLS backend, just disable the default features and activate the corresponding feature, for example for tokio + rustls:
 
 ```toml
 # Cargo.toml
 [dependencies]
-sqlx = { version = "0.4.0-beta.1", default-features = false, features = [ "runtime-tokio-native-tls", "macros" ] }
+sqlx = { version = "0.4.0-beta.1", default-features = false, features = [ "runtime-tokio-rustls", "macros" ] }
 ```
 
 <sub><sup>The runtime and TLS backend not being separate feature sets to select is a workaround for a [Cargo issue](https://github.com/rust-lang/cargo/issues/3494).</sup></sub>
@@ -123,10 +125,16 @@ sqlx = { version = "0.4.0-beta.1", default-features = false, features = [ "runti
 
  * `runtime-async-std-native-tls` (on by default): Use the `async-std` runtime and `native-tls` TLS backend.
 
+ * `runtime-async-std-rustls`: Use the `async-std` runtime and `rustls` TLS backend.
+
  * `runtime-tokio-native-tls`: Use the `tokio` runtime and `native-tls` TLS backend.
 
+ * `runtime-tokio-rustls`: Use the `tokio` runtime and `rustls` TLS backend.
+
  * `runtime-actix-native-tls`: Use the `actix` runtime and `native-tls` TLS backend.
 
+ * `runtime-actix-rustls`: Use the `actix` runtime and `rustls` TLS backend.
+
  * `postgres`: Add support for the Postgres database server.
 
  * `mysql`: Add support for the MySQL (and MariaDB) database server.

README.md

@@ -10,6 +10,10 @@ runtime-actix-native-tls = [ "sqlx/runtime-actix-native-tls", "sqlx-rt/runtime-a
 runtime-async-std-native-tls = [ "sqlx/runtime-async-std-native-tls", "sqlx-rt/runtime-async-std-native-tls" ]
 runtime-tokio-native-tls = [ "sqlx/runtime-tokio-native-tls", "sqlx-rt/runtime-tokio-native-tls" ]
 
+runtime-actix-rustls = [ "sqlx/runtime-actix-rustls", "sqlx-rt/runtime-actix-rustls" ]
+runtime-async-std-rustls = [ "sqlx/runtime-async-std-rustls", "sqlx-rt/runtime-async-std-rustls" ]
+runtime-tokio-rustls = [ "sqlx/runtime-tokio-rustls", "sqlx-rt/runtime-tokio-rustls" ]
+
 postgres = ["sqlx/postgres"]
 
 [dependencies]

sqlx-bench/Cargo.toml

@@ -24,7 +24,7 @@ You must choose a runtime to execute the benchmarks on; the feature flags are th
 
 ```bash
 cargo bench --features runtime-tokio-native-tls
-cargo bench --features runtime-async-std-native-tls
+cargo bench --features runtime-async-std-rustls
 ```
 
 When complete, the benchmark results will be in `target/criterion/`. 

sqlx-bench/README.md

@@ -34,14 +34,20 @@ decimal = [ "rust_decimal", "num-bigint" ]
 json = [ "serde", "serde_json" ]
 
 # runtimes
-runtime-actix-native-tls = [ "sqlx-rt/runtime-actix-native-tls", "_rt-actix" ]
-runtime-async-std-native-tls = [ "sqlx-rt/runtime-async-std-native-tls", "_rt-async-std" ]
-runtime-tokio-native-tls = [ "sqlx-rt/runtime-tokio-native-tls", "_rt-tokio" ]
+runtime-actix-native-tls = [ "sqlx-rt/runtime-actix-native-tls", "_tls-native-tls", "_rt-actix" ]
+runtime-async-std-native-tls = [ "sqlx-rt/runtime-async-std-native-tls", "_tls-native-tls", "_rt-async-std" ]
+runtime-tokio-native-tls = [ "sqlx-rt/runtime-tokio-native-tls", "_tls-native-tls", "_rt-tokio" ]
+
+runtime-actix-rustls = [ "sqlx-rt/runtime-actix-rustls", "_tls-rustls", "_rt-actix" ]
+runtime-async-std-rustls = [ "sqlx-rt/runtime-async-std-rustls", "_tls-rustls", "_rt-async-std" ]
+runtime-tokio-rustls = [ "sqlx-rt/runtime-tokio-rustls", "_tls-rustls", "_rt-tokio" ]
 
 # for conditional compilation
 _rt-actix = []
 _rt-async-std = []
 _rt-tokio = []
+_tls-native-tls = []
+_tls-rustls = [ "webpki" ]
 
 # support offline/decoupled building (enables serialization of `Describe`)
 offline = [ "serde", "either/serde" ]
@@ -98,3 +104,4 @@ uuid = { version = "0.8.1", default-features = false, optional = true, features
 whoami = "0.9.0"
 stringprep = "0.1.2"
 lru-cache = "0.1.2"
+webpki = { version = "0.21.3", optional = true }

sqlx-core/Cargo.toml

@@ -240,6 +240,14 @@ impl From<crate::migrate::MigrateError> for Error {
     }
 }
 
+#[cfg(feature = "_tls-rustls")]
+impl From<webpki::InvalidDNSNameError> for Error {
+    #[inline]
+    fn from(error: webpki::InvalidDNSNameError) -> Self {
+        Error::Tls(Box::new(error))
+    }
+}
+
 // Format an error message as a `Protocol` error
 macro_rules! err_protocol {
     ($expr:expr) => {

sqlx-core/src/error.rs

@@ -44,6 +44,9 @@ where
             }
         };
 
+        #[cfg(feature = "_tls-rustls")]
+        let host = webpki::DNSNameRef::try_from_ascii_str(host)?;
+
         *self = MaybeTlsStream::Tls(
             connector
                 .connect(host, stream)
@@ -166,12 +169,15 @@ where
         match self {
             MaybeTlsStream::Raw(s) => s,
 
-            #[cfg(not(feature = "_rt-async-std"))]
-            MaybeTlsStream::Tls(s) => s.get_ref().get_ref().get_ref(),
+            #[cfg(feature = "_tls-rustls")]
+            MaybeTlsStream::Tls(s) => s.get_ref().0,
 
-            #[cfg(feature = "_rt-async-std")]
+            #[cfg(all(feature = "_rt-async-std", feature = "_tls-native-tls"))]
             MaybeTlsStream::Tls(s) => s.get_ref(),
 
+            #[cfg(all(not(feature = "_rt-async-std"), feature = "_tls-native-tls"))]
+            MaybeTlsStream::Tls(s) => s.get_ref().get_ref().get_ref(),
+
             MaybeTlsStream::Upgrading => panic!(io::Error::from(io::ErrorKind::ConnectionAborted)),
         }
     }
@@ -185,12 +191,15 @@ where
         match self {
             MaybeTlsStream::Raw(s) => s,
 
-            #[cfg(not(feature = "_rt-async-std"))]
-            MaybeTlsStream::Tls(s) => s.get_mut().get_mut().get_mut(),
+            #[cfg(feature = "_tls-rustls")]
+            MaybeTlsStream::Tls(s) => s.get_mut().0,
 
-            #[cfg(feature = "_rt-async-std")]
+            #[cfg(all(feature = "_rt-async-std", feature = "_tls-native-tls"))]
             MaybeTlsStream::Tls(s) => s.get_mut(),
 
+            #[cfg(all(not(feature = "_rt-async-std"), feature = "_tls-native-tls"))]
+            MaybeTlsStream::Tls(s) => s.get_mut().get_mut().get_mut(),
+
             MaybeTlsStream::Upgrading => panic!(io::Error::from(io::ErrorKind::ConnectionAborted)),
         }
     }

sqlx-core/src/net/tls.rs

@@ -24,6 +24,10 @@ runtime-actix-native-tls = [ "sqlx-core/runtime-actix-native-tls", "sqlx-rt/runt
 runtime-async-std-native-tls = [ "sqlx-core/runtime-async-std-native-tls", "sqlx-rt/runtime-async-std-native-tls", "_rt-async-std" ]
 runtime-tokio-native-tls = [ "sqlx-core/runtime-tokio-native-tls", "sqlx-rt/runtime-tokio-native-tls", "_rt-tokio" ]
 
+runtime-actix-rustls = [ "sqlx-core/runtime-actix-rustls", "sqlx-rt/runtime-actix-rustls", "_rt-actix" ]
+runtime-async-std-rustls = [ "sqlx-core/runtime-async-std-rustls", "sqlx-rt/runtime-async-std-rustls", "_rt-async-std" ]
+runtime-tokio-rustls = [ "sqlx-core/runtime-tokio-rustls", "sqlx-rt/runtime-tokio-rustls", "_rt-tokio" ]
+
 # for conditional compilation
 _rt-actix = []
 _rt-async-std = []