smithy-lang · drganjoo · May 26, 2023 · May 4, 2023 · May 5, 2023 · May 5, 2023
@@ -11,7 +11,6 @@ repository = "https://github.com/awslabs/smithy-rs"
 [features]
 client-hyper = ["aws-smithy-client/client-hyper"]
 rustls = ["aws-smithy-client/rustls"]
-native-tls = ["aws-smithy-client/native-tls"]
 rt-tokio = ["aws-smithy-async/rt-tokio", "tokio/rt"]
 credentials-sso = ["dep:aws-sdk-sso", "dep:ring", "dep:hex", "dep:zeroize"]
 

@@ -13,10 +13,10 @@ use std::sync::Arc;
 // unused when all crate features are disabled
 /// Unwrap an [`Option<DynConnector>`](aws_smithy_client::erase::DynConnector), and panic with a helpful error message if it's `None`
 pub(crate) fn expect_connector(connector: Option<DynConnector>) -> DynConnector {
-    connector.expect("No HTTP connector was available. Enable the `rustls` or `native-tls` crate feature or set a connector to fix this.")
+    connector.expect("No HTTP connector was available. Enable the `rustls` crate feature or set a connector to fix this.")
 }
 
-#[cfg(any(feature = "rustls", feature = "native-tls"))]
+#[cfg(feature = "rustls")]
 fn base(
     settings: &ConnectorSettings,
     sleep: Option<Arc<dyn AsyncSleep>>,
@@ -41,17 +41,7 @@ pub fn default_connector(
 }
 
 /// Given `ConnectorSettings` and an `AsyncSleep`, create a `DynConnector` from defaults depending on what cargo features are activated.
-#[cfg(all(not(feature = "rustls"), feature = "native-tls"))]
-pub fn default_connector(
-    settings: &ConnectorSettings,
-    sleep: Option<Arc<dyn AsyncSleep>>,
-) -> Option<DynConnector> {
-    let hyper = base(settings, sleep).build(aws_smithy_client::conns::native_tls());
-    Some(DynConnector::new(hyper))
-}
-
-/// Given `ConnectorSettings` and an `AsyncSleep`, create a `DynConnector` from defaults depending on what cargo features are activated.
-#[cfg(not(any(feature = "rustls", feature = "native-tls")))]
+#[cfg(not(feature = "rustls"))]
 pub fn default_connector(
     _settings: &ConnectorSettings,
     _sleep: Option<Arc<dyn AsyncSleep>>,

@@ -14,7 +14,7 @@ use crate::meta::credentials::CredentialsProviderChain;
 use crate::meta::region::ProvideRegion;
 use crate::provider_config::ProviderConfig;
 
-#[cfg(any(feature = "rustls", feature = "native-tls"))]
+#[cfg(feature = "rustls")]
 /// Default Credentials Provider chain
 ///
 /// The region from the default region provider will be used
@@ -170,8 +170,8 @@ impl Builder {
     /// Creates a `DefaultCredentialsChain`
     ///
     /// ## Panics
-    /// This function will panic if no connector has been set and neither `rustls` and `native-tls`
-    /// features have both been disabled.
+    /// This function will panic if no connector has been set or the `rustls`
+    /// feature has been disabled.
     pub async fn build(self) -> DefaultCredentialsChain {
         let region = match self.region_override {
             Some(provider) => provider.region().await,

@@ -933,7 +933,7 @@ pub(crate) mod test {
 
     /// Verify that the end-to-end real client has a 1-second connect timeout
     #[tokio::test]
-    #[cfg(any(feature = "rustls", feature = "native-tls"))]
+    #[cfg(feature = "rustls")]
     async fn one_second_connect_timeout() {
         use crate::imds::client::ImdsError;
         use aws_smithy_types::error::display::DisplayErrorContext;

@@ -390,7 +390,7 @@ mod test {
     }
 
     #[tokio::test]
-    #[cfg(any(feature = "rustls", feature = "native-tls"))]
+    #[cfg(feature = "rustls")]
     async fn read_timeout_during_credentials_refresh_should_yield_last_retrieved_credentials() {
         let client = crate::imds::Client::builder()
             // 240.* can never be resolved
@@ -409,7 +409,7 @@ mod test {
     }
 
     #[tokio::test]
-    #[cfg(any(feature = "rustls", feature = "native-tls"))]
+    #[cfg(feature = "rustls")]
     async fn read_timeout_during_credentials_refresh_should_error_without_last_retrieved_credentials(
     ) {
         let client = crate::imds::Client::builder()
@@ -430,7 +430,7 @@ mod test {
     }
 
     #[tokio::test]
-    #[cfg(any(feature = "rustls", feature = "native-tls"))]
+    #[cfg(feature = "rustls")]
     async fn external_timeout_during_credentials_refresh_should_yield_last_retrieved_credentials() {
         use aws_smithy_async::rt::sleep::AsyncSleep;
         let client = crate::imds::Client::builder()

@@ -60,7 +60,7 @@ impl CredentialsProviderChain {
     }
 
     /// Add a fallback to the default provider chain
-    #[cfg(any(feature = "rustls", feature = "native-tls"))]
+    #[cfg(feature = "rustls")]
     pub async fn or_default_provider(self) -> Self {
         self.or_else(
             "DefaultProviderChain",
@@ -69,7 +69,7 @@ impl CredentialsProviderChain {
     }
 
     /// Creates a credential provider chain that starts with the default provider
-    #[cfg(any(feature = "rustls", feature = "native-tls"))]
+    #[cfg(feature = "rustls")]
     pub async fn default_provider() -> Self {
         Self::first_try(
             "DefaultProviderChain",

@@ -97,7 +97,7 @@ impl ProvideCredentials for ProfileFileCredentialsProvider {
 ///         future::ProvideCredentials::new(self.load_credentials())
 ///     }
 /// }
-/// # if cfg!(any(feature = "rustls", feature = "native-tls")) {
+/// # if cfg!(feature = "rustls") {
 /// let provider = ProfileFileCredentialsProvider::builder()
 ///     .with_custom_provider("Custom", MyCustomProvider)
 ///     .build();
@@ -362,7 +362,7 @@ impl Builder {
     ///     }
     /// }
     ///
-    /// # if cfg!(any(feature = "rustls", feature = "native-tls")) {
+    /// # if cfg!(feature = "rustls") {
     /// let provider = ProfileFileCredentialsProvider::builder()
     ///     .with_custom_provider("Custom", MyCustomProvider)
     ///     .build();

@@ -121,7 +121,7 @@ impl ProviderConfig {
     ///
     /// # Examples
     /// ```no_run
-    /// # #[cfg(any(feature = "rustls", feature = "native-tls"))]
+    /// # #[cfg(feature = "rustls")]
     /// # fn example() {
     /// use aws_config::provider_config::ProviderConfig;
     /// use aws_sdk_sts::config::Region;

@@ -104,7 +104,7 @@ fn test_operation() -> Operation<TestOperationParser, AwsResponseRetryClassifier
         .with_metadata(operation::Metadata::new("test-op", "test-service"))
 }
 
-#[cfg(any(feature = "native-tls", feature = "rustls"))]
+#[cfg(feature = "rustls")]
 #[test]
 fn test_default_client() {
     let client = Client::builder()

@@ -19,8 +19,8 @@ aws-smithy-client = { path = "../../../rust-runtime/aws-smithy-client" }
 aws-smithy-http = { path = "../../../rust-runtime/aws-smithy-http" }
 tracing = "0.1"
 http = "0.2.6"
-# cargo does not support optional test dependencies, so to completely disable rustls when
-# the native-tls feature is enabled, we need to add the webpki-roots feature here.
+# cargo does not support optional test dependencies, so to completely disable rustls
+# we need to add the webpki-roots feature here.
 # https://github.com/rust-lang/cargo/issues/1596
 hyper-rustls = { version = "0.23.0", optional = true, features = ["rustls-native-certs", "http2", "webpki-roots"] }
 

@@ -78,7 +78,6 @@ class AwsFluentClientDecorator : ClientCodegenDecorator {
         }
         val awsSmithyClient = "aws-smithy-client"
         rustCrate.mergeFeature(Feature("rustls", default = true, listOf("$awsSmithyClient/rustls")))
-        rustCrate.mergeFeature(Feature("native-tls", default = false, listOf("$awsSmithyClient/native-tls")))
     }
 
     override fun libRsCustomizations(
@@ -163,14 +162,14 @@ private class AwsFluentClientExtensions(types: Types) {
                         // Use provided connector
                         Some(c) => builder.connector(c),
                         None =>{
-                            ##[cfg(any(feature = "rustls", feature = "native-tls"))]
+                            ##[cfg(feature = "rustls")]
                             {
                                 // Use default connector based on enabled features
                                 builder.dyn_https_connector(#{ConnectorSettings}::from_timeout_config(&timeout_config))
                             }
-                            ##[cfg(not(any(feature = "rustls", feature = "native-tls")))]
+                            ##[cfg(not(feature = "rustls"))]
                             {
-                                panic!("No HTTP connector was available. Enable the `rustls` or `native-tls` crate feature or set a connector to fix this.");
+                                panic!("No HTTP connector was available. Enable the `rustls` crate feature or set a connector to fix this.");
                             }
                         }
                     };

@@ -15,6 +15,5 @@ members = [
     "s3control",
     "sts",
     "transcribestreaming",
-    "using-native-tls-instead-of-rustls",
     "webassembly",
 ]
@@ -57,7 +57,6 @@ class FluentClientDecorator : ClientCodegenDecorator {
         }
 
         rustCrate.mergeFeature(Feature("rustls", default = true, listOf("aws-smithy-client/rustls")))
-        rustCrate.mergeFeature(Feature("native-tls", default = false, listOf("aws-smithy-client/native-tls")))
     }
 
     override fun libRsCustomizations(

@@ -0,0 +1,39 @@
+The Smithy client provides a default TLS connector, but a custom one can be plugged in.
+`rustls` is enabled with the feature flag `rustls`.
+
+The client had previously supported `native-tls`. You can use your custom connector like this.
+
+Create your connector:
+
+```rust
+/// A `hyper` connector that uses the `native-tls` crate for TLS. To use this in a smithy client,
+/// wrap it in a [hyper_ext::Adapter](crate::hyper_ext::Adapter).
+pub type NativeTls = hyper_tls::HttpsConnector<hyper::client::HttpConnector>;
+
+pub fn native_tls() -> NativeTls {
+    let mut tls = hyper_tls::native_tls::TlsConnector::builder();
+    let tls = tls
+        .min_protocol_version(Some(hyper_tls::native_tls::Protocol::Tlsv12))
+        .build()
+        .unwrap_or_else(|e| panic!("Error while creating TLS connector: {}", e));
+    let mut http = hyper::client::HttpConnector::new();
+    http.enforce_http(false);
+    hyper_tls::HttpsConnector::from((http, tls.into()))
+}
+```
+
+Plug the connector in the client:
+```rust
+let mut builder = hyper::client::Builder::default();
+builder.pool_max_idle_per_host(70);
+let connector = aws_smithy_client::erase::DynConnector::new(
+    aws_smithy_client::hyper_ext::Adapter::builder()
+        .hyper_builder(builder)
+        .connector_settings(std::default::Default::default())
+        .build(native_tls()),
+);
+let raw_client = aws_smithy_client::builder::Builder::new()
+    .connector(connector)
+    .middleware_fn(...)
+    .build_dyn();
+```
@@ -10,12 +10,10 @@ repository = "https://github.com/awslabs/smithy-rs"
 [features]
 rt-tokio = ["aws-smithy-async/rt-tokio"]
 test-util = ["dep:aws-smithy-protocol-test", "dep:hyper", "hyper?/server", "hyper?/h2", "dep:serde", "dep:serde_json", "serde?/derive", "rustls", "tokio/full"]
-native-tls = ["dep:hyper-tls", "client-hyper", "rt-tokio"]
 rustls = ["dep:hyper-rustls", "dep:lazy_static", "dep:rustls", "client-hyper", "rt-tokio"]
 client-hyper = ["dep:hyper"]
 hyper-webpki-doctest-only = ["dep:hyper-rustls", "hyper-rustls?/webpki-roots"]
 
-
 [dependencies]
 aws-smithy-async = { path = "../aws-smithy-async" }
 aws-smithy-http = { path = "../aws-smithy-http" }
@@ -27,8 +25,8 @@ fastrand = "1.4.0"
 http = "0.2.3"
 http-body = "0.4.4"
 hyper = { version = "0.14.25", features = ["client", "http2", "http1", "tcp"], optional = true }
-# cargo does not support optional test dependencies, so to completely disable rustls when
-# the native-tls feature is enabled, we need to add the webpki-roots feature here.
+# cargo does not support optional test dependencies, so to completely disable rustls
+# we need to add the webpki-roots feature here.
 # https://github.com/rust-lang/cargo/issues/1596
 hyper-rustls = { version = "0.23.0", optional = true, features = ["rustls-native-certs", "http2"] }
 hyper-tls = { version = "0.5.0", optional = true }
@@ -43,6 +41,7 @@ tracing = "0.1"
 
 [dev-dependencies]
 aws-smithy-async = { path = "../aws-smithy-async", features = ["rt-tokio"] }
+hyper-tls = { version = "0.5.0" }
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 tokio = { version = "1.23.1", features = ["full", "test-util"] }

@@ -11,7 +11,7 @@ allowed_external_types = [
     "tower::retry::policy::Policy",
     "tower_service::Service",
 
-    # TODO(https://github.com/awslabs/smithy-rs/issues/1193): Move `rustls`/`native-tls` features into separate crates
+    # TODO(https://github.com/awslabs/smithy-rs/issues/1193): Move `rustls` feature into separate crates
     "hyper::client::connect::http::HttpConnector",
     "hyper_rustls::connector::HttpsConnector",
     "hyper_tls::client::HttpsConnector",
-Original file line number
+Diff line change
@@ Expand Up / @@ -57,7 +57,6 @@ class FluentClientDecorator : ClientCodegenDecorator { @@
             }
             rustCrate.mergeFeature(Feature("rustls", default = true, listOf("aws-smithy-client/rustls")))
-            rustCrate.mergeFeature(Feature("native-tls", default = false, listOf("aws-smithy-client/native-tls")))
         }
         override fun libRsCustomizations(
@@ Expand Down @@