Xuanwo commented on code in PR #7377:
URL: https://github.com/apache/arrow-rs/pull/7377#discussion_r2081350385
##########
arrow-flight/README.md:
##########
@@ -46,7 +46,7 @@ that demonstrate how to build a Flight server implemented
with [tonic](https://d
- `flight-sql-experimental`: Enables experimental support for
[Apache Arrow FlightSQL], a protocol for interacting with SQL databases.
-- `tls`: Enables `tls` on `tonic`
+- `tls`: Enables `_tls-any` on `tonic`
Review Comment:
As mentioned in previous comments, we should encourage users to enable
correct tonic's feature instead.
Or we can re-export the same feature flags.
##########
arrow-flight/Cargo.toml:
##########
@@ -62,7 +62,8 @@ all-features = true
[features]
default = []
flight-sql-experimental = ["dep:arrow-arith", "dep:arrow-data",
"dep:arrow-ord", "dep:arrow-row", "dep:arrow-select", "dep:arrow-string",
"dep:once_cell", "dep:paste"]
-tls = ["tonic/tls"]
+tls = ["tonic/_tls-any"]
Review Comment:
Maybe we can simply remove this feature and let users enable it directly on
`tonic`. Since it doesn't work even when users enable this feature, they still
need to enable `ring` or `aws-lc` directly on `tonic` anyway.
We should document this behavior change.
##########
arrow-flight/examples/flight_sql_server.rs:
##########
@@ -917,6 +917,9 @@ mod tests {
let svc = FlightServiceServer::new(FlightSqlServiceImpl {});
+ // Set dafault crypto provider to use
+ // See:
https://docs.rs/rustls/latest/rustls/crypto/struct.CryptoProvider.html#using-the-per-process-default-cryptoprovider
+ rustls::crypto::ring::default_provider();
Review Comment:
As explained in previous comments.
##########
arrow-flight/Cargo.toml:
##########
@@ -73,6 +74,7 @@ http = "1.1.0"
http-body = "1.0.0"
hyper-util = "0.1"
pin-project-lite = "0.2"
+rustls = { version = "0.23", default-features = false, features = ["ring"] }
Review Comment:
We should enable it using `tonic = { .., features = ["transport", "codegen",
"prost", "tls-ring"]}` instead of relying directly on rustls.
Tracks happened at
https://docs.rs/tonic/latest/src/tonic/transport/channel/service/tls.rs.html#48-57
```rust
#[allow(unreachable_patterns)]
let builder = match crypto::CryptoProvider::get_default() {
Some(provider) => with_provider(provider.clone()),
#[cfg(feature = "tls-ring")]
None => with_provider(Arc::new(crypto::ring::default_provider())),
#[cfg(feature = "tls-aws-lc")]
None => with_provider(Arc::new(crypto::aws_lc_rs::default_provider())),
// somehow tls is enabled, but neither of the crypto features are
enabled.
_ => ClientConfig::builder(),
};
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
