Implement SSL using rustls

maplibre · Feb 11, 2023 · 6954f1b · 6954f1b
1 parent 6a2268b
commit 6954f1b
Show file tree

Hide file tree

Showing 11 changed files with 267 additions and 144 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -37,20 +37,15 @@ jobs:
             cargo --version
             cargo fmt --all -- --check
             cargo clippy --all-targets --all-features -- -D warnings -W clippy::pedantic
-      - name: Install OpenSSL (Windows)
-        if: runner.os == 'Windows'
-        run: |
-          echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append
-          vcpkg install openssl:x64-windows-static-md
       - name: Run build
         shell: bash
         run: |
           if [[ "${{ matrix.target }}" == "aarch64-apple-darwin" ]]; then
             rustup target add aarch64-apple-darwin
             # compile without debug symbols
-            RUSTFLAGS='-C link-arg=-s' cargo build --release --target ${{ matrix.target }} --features=vendored-openssl
+            RUSTFLAGS='-C link-arg=-s' cargo build --release --target ${{ matrix.target }}
           else
-            cargo build --release --target ${{ matrix.target }} --features=ssl
+            cargo build --release --target ${{ matrix.target }}
           fi
           mkdir target_releases
           if [[ "${{ runner.os }}" == "Windows" ]]; then

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -23,11 +23,6 @@ path = "src/lib.rs"
 name = "martin"
 path = "src/bin/main.rs"
 
-[features]
-default = []
-ssl = ["openssl", "postgres-openssl"]
-vendored-openssl = ["ssl", "openssl/vendored"]
-
 [dependencies]
 actix = "0.13"
 actix-cors = "0.6"
@@ -45,20 +40,23 @@ log = "0.4"
 martin-mbtiles = { path = "martin-mbtiles"}
 martin-tile-utils = { path = "martin-tile-utils" }
 num_cpus = "1"
-openssl = { version = "0.10", optional = true }
 pmtiles = { version = "0.2", features = ["mmap-async-tokio", "tilejson"] }
 postgis = "0.9"
 postgres = { version = "0.19", features = ["with-time-0_3", "with-uuid-1", "with-serde_json-1"] }
-postgres-openssl = { version = "0.5", optional = true }
 postgres-protocol = "0.6"
 regex = "1"
+rustls = { version = "0.20", features = ["dangerous_configuration"] }
+rustls-native-certs = "0.6"
+rustls-pemfile = "1"
 semver = "1"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 serde_yaml = "0.9"
 subst = { version = "0.2", features = ["yaml"] }
 thiserror = "1"
 tilejson = "0.3"
+tokio-postgres-rustls = "0.9"
+webpki = "0.22"
 
 [dev-dependencies]
 cargo-husky = { version = "1", features = ["user-hooks"], default-features = false }

diff --git a/Dockerfile b/Dockerfile
@@ -1,12 +1,12 @@
 FROM rust:alpine as builder
 
-RUN apk update
-RUN apk add --no-cache openssl-dev musl-dev perl build-base
+RUN apk add --no-cache musl-dev
 
 WORKDIR /usr/src/martin
 ADD . .
-RUN cargo build --release --features=vendored-openssl
+RUN cargo build --release
 
+# ---------------------------------------------------
 
 FROM alpine:latest
 

diff --git a/justfile b/justfile
@@ -14,6 +14,12 @@ export CARGO_TERM_COLOR := "always"
 run *ARGS: start
     cargo run -- {{ARGS}}
 
+# Start Martin server and a test database with SSL enabled
+run-ssl *ARGS: start-ssl
+    #!/usr/bin/env bash
+    export DATABASE_URL="${DATABASE_URL}?sslmode=require"
+    cargo run -- {{ARGS}}
+
 # Start Martin server and open a test page
 debug-page *ARGS: start
     open tests/debug.html  # run will not exit, so open debug page first