From edd68ef1d75c321f32eb844803dce81a7013581f Mon Sep 17 00:00:00 2001
From: Zhang Jingqiang <zh_jq@outlook.com>
Date: Wed, 13 Nov 2024 22:47:12 +0800
Subject: [PATCH] add rustls-ring feature to make ring optional

---
 Cargo.lock                           | 20 +++++++++++++-------
 Cargo.toml                           |  4 ++--
 g3bench/Cargo.toml                   |  5 +++--
 g3bench/debian/rules                 |  2 +-
 g3bench/g3bench.spec                 |  2 +-
 g3proxy/Cargo.toml                   |  5 +++--
 g3proxy/debian/rules                 |  2 +-
 g3proxy/docker/alpine.Dockerfile     |  2 +-
 g3proxy/docker/debian.Dockerfile     |  2 +-
 g3proxy/docker/lua.alpine.Dockerfile |  2 +-
 g3proxy/g3proxy.spec                 |  2 +-
 g3proxy/src/main.rs                  |  2 +-
 g3tiles/Cargo.toml                   |  5 +++--
 g3tiles/debian/rules                 |  2 +-
 g3tiles/g3tiles.spec                 |  2 +-
 lib/g3-build-env/src/rustls.rs       | 12 ++++++------
 lib/g3-msgpack/Cargo.toml            |  3 +--
 lib/g3-types/Cargo.toml              |  6 ++++--
 lib/g3-types/src/net/rustls/ext.rs   |  4 ++--
 19 files changed, 47 insertions(+), 37 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index e4627e83c..c87b33ff9 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1400,7 +1400,6 @@ dependencies = [
  "g3-types",
  "ip_network",
  "rmpv",
- "rustls",
  "rustls-pki-types",
  "uuid",
  "variant-ssl",
@@ -3081,9 +3080,9 @@ dependencies = [
 
 [[package]]
 name = "quinn"
-version = "0.11.5"
+version = "0.11.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8c7c5fdde3cdae7203427dc4f0a68fe0ed09833edc525a03456b153b79828684"
+checksum = "62e96808277ec6f97351a2380e6c25114bc9e67037775464979f3037c92d05ef"
 dependencies = [
  "bytes",
  "futures-io",
@@ -3093,26 +3092,30 @@ dependencies = [
  "rustc-hash 2.0.0",
  "rustls",
  "socket2",
- "thiserror 1.0.69",
+ "thiserror 2.0.3",
  "tokio",
  "tracing",
 ]
 
 [[package]]
 name = "quinn-proto"
-version = "0.11.8"
+version = "0.11.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fadfaed2cd7f389d0161bb73eeb07b7b78f8691047a6f3e73caaeae55310a4a6"
+checksum = "a2fe5ef3495d7d2e377ff17b1a8ce2ee2ec2a18cde8b6ad6619d65d0701c135d"
 dependencies = [
+ "aws-lc-rs",
  "bytes",
+ "getrandom",
  "rand",
  "ring",
  "rustc-hash 2.0.0",
  "rustls",
+ "rustls-pki-types",
  "slab",
- "thiserror 1.0.69",
+ "thiserror 2.0.3",
  "tinyvec",
  "tracing",
+ "web-time",
 ]
 
 [[package]]
@@ -3368,6 +3371,9 @@ name = "rustls-pki-types"
 version = "1.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "16f1201b3c9a7ee8039bcadc17b7e605e2945b27eee7631788c1bd2b0643674b"
+dependencies = [
+ "web-time",
+]
 
 [[package]]
 name = "rustls-webpki"
diff --git a/Cargo.toml b/Cargo.toml
index 6cc5d5416..609063149 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -150,8 +150,8 @@ async-recursion = "1.1"
 pin-project-lite = "0.2"
 #
 rustls-pki-types = { version = "1", default-features = false }
-rustls = { version = "0.23.15", default-features = false, features = ["std", "tls12", "ring", "brotli"] }
-tokio-rustls = { version = "0.26", default-features = false, features = ["tls12", "ring"] }
+rustls = { version = "0.23.15", default-features = false, features = ["std", "tls12", "brotli"] }
+tokio-rustls = { version = "0.26", default-features = false, features = ["tls12"] }
 quinn = { version = "0.11", default-features = false, features = ["runtime-tokio"] }
 quinn-udp = { version = "0.5.6", default-features = false, features = ["fast-apple-datapath"] }
 #
diff --git a/g3bench/Cargo.toml b/g3bench/Cargo.toml
index f258c2ac1..8e77c5d14 100644
--- a/g3bench/Cargo.toml
+++ b/g3bench/Cargo.toml
@@ -55,9 +55,10 @@ g3-hickory-client.workspace = true
 g3-build-env.workspace = true
 
 [features]
-default = ["quic"]
+default = ["quic", "rustls-ring"]
 quic = ["g3-types/quic", "g3-socks/quic", "g3-io-ext/quic", "g3-hickory-client/quic", "dep:quinn", "dep:h3", "dep:h3-quinn"]
-rustls-aws-lc = ["rustls/aws-lc-rs"]
+rustls-ring = ["rustls/ring", "quinn?/rustls-ring"]
+rustls-aws-lc = ["rustls/aws-lc-rs", "quinn?/rustls-aws-lc-rs"]
 vendored-openssl = ["openssl/vendored", "openssl-probe"]
 vendored-tongsuo = ["openssl/tongsuo", "openssl-probe", "g3-types/tongsuo"]
 vendored-aws-lc = ["rustls-aws-lc", "openssl/aws-lc", "openssl-probe", "g3-types/aws-lc", "g3-tls-cert/aws-lc", "g3-openssl/aws-lc"]
diff --git a/g3bench/debian/rules b/g3bench/debian/rules
index f90a2095b..87e00265f 100755
--- a/g3bench/debian/rules
+++ b/g3bench/debian/rules
@@ -15,7 +15,7 @@ override_dh_auto_clean:
 override_dh_auto_build:
 	G3_PACKAGE_VERSION=$(DEB_VERSION) \
 	  cargo build --frozen --offline --profile $(BUILD_PROFILE) \
-	    --no-default-features --features $(SSL_FEATURE),quic \
+	    --no-default-features --features $(SSL_FEATURE),rustls-ring,quic \
 	    --package g3bench
 
 override_dh_auto_install:
diff --git a/g3bench/g3bench.spec b/g3bench/g3bench.spec
index ac4ffdf88..7fb85a33e 100644
--- a/g3bench/g3bench.spec
+++ b/g3bench/g3bench.spec
@@ -31,7 +31,7 @@ G3 Benchmark Tool
 G3_PACKAGE_VERSION="%{version}-%{release}"
 export G3_PACKAGE_VERSION
 SSL_FEATURE=$(sh scripts/package/detect_openssl_feature.sh)
-cargo build --frozen --offline --profile %{build_profile} --no-default-features --features $SSL_FEATURE,quic --package g3bench
+cargo build --frozen --offline --profile %{build_profile} --no-default-features --features $SSL_FEATURE,rustls-ring,quic --package g3bench
 
 
 %install
diff --git a/g3proxy/Cargo.toml b/g3proxy/Cargo.toml
index bd4d6322e..5799d3662 100644
--- a/g3proxy/Cargo.toml
+++ b/g3proxy/Cargo.toml
@@ -100,7 +100,7 @@ tokio-stream.workspace = true
 g3-build-env.workspace = true
 
 [features]
-default = ["lua54", "python", "c-ares", "hickory", "quic"]
+default = ["lua54", "python", "c-ares", "hickory", "quic", "rustls-ring"]
 lua = ["mlua"]
 luajit = ["lua", "mlua/luajit"]
 lua51 = ["lua", "mlua/lua51"]
@@ -110,7 +110,8 @@ python = ["pyo3"]
 c-ares = ["g3-resolver/c-ares"]
 hickory = ["g3-resolver/hickory"]
 quic = ["g3-daemon/quic", "g3-resolver/quic", "g3-yaml/quinn", "g3-types/quinn", "g3-dpi/quic", "dep:quinn"]
-rustls-aws-lc = ["rustls/aws-lc-rs"]
+rustls-ring = ["g3-types/rustls-ring", "rustls/ring", "quinn?/rustls-ring"]
+rustls-aws-lc = ["g3-types/rustls-aws-lc", "rustls/aws-lc-rs", "quinn?/rustls-aws-lc-rs"]
 vendored-openssl = ["openssl/vendored", "openssl-probe"]
 vendored-tongsuo = ["openssl/tongsuo", "openssl-probe", "g3-yaml/tongsuo", "g3-json/tongsuo", "g3-cert-agent/tongsuo"]
 vendored-aws-lc = ["rustls-aws-lc", "openssl/aws-lc", "openssl-probe", "g3-types/aws-lc", "g3-openssl/aws-lc"]
diff --git a/g3proxy/debian/rules b/g3proxy/debian/rules
index d4d037805..ddf120733 100755
--- a/g3proxy/debian/rules
+++ b/g3proxy/debian/rules
@@ -17,7 +17,7 @@ override_dh_auto_clean:
 override_dh_auto_build:
 	G3_PACKAGE_VERSION=$(DEB_VERSION) \
 	  cargo build --frozen --profile $(BUILD_PROFILE) \
-	    --no-default-features --features $(LUA_FEATURE),$(SSL_FEATURE),quic,$(CARES_FEATURE),hickory \
+	    --no-default-features --features $(LUA_FEATURE),$(SSL_FEATURE),rustls-ring,quic,$(CARES_FEATURE),hickory \
 	    --package g3proxy --package g3proxy-ctl --package g3proxy-lua
 	cargo build --frozen --profile $(BUILD_PROFILE) --package g3proxy-ftp
 	sh $(PACKAGE_NAME)/service/generate_systemd.sh
diff --git a/g3proxy/docker/alpine.Dockerfile b/g3proxy/docker/alpine.Dockerfile
index fb619ffd3..825de9dda 100644
--- a/g3proxy/docker/alpine.Dockerfile
+++ b/g3proxy/docker/alpine.Dockerfile
@@ -4,7 +4,7 @@ COPY . .
 RUN apk add --no-cache musl-dev cmake capnproto-dev openssl-dev c-ares-dev
 ENV RUSTFLAGS="-Ctarget-feature=-crt-static"
 RUN cargo build --profile release-lto \
- --no-default-features --features quic,c-ares,hickory \
+ --no-default-features --features rustls-ring,quic,c-ares,hickory \
  -p g3proxy -p g3proxy-ctl
 
 FROM alpine:latest
diff --git a/g3proxy/docker/debian.Dockerfile b/g3proxy/docker/debian.Dockerfile
index c4ebdbdf7..8a25e4e58 100644
--- a/g3proxy/docker/debian.Dockerfile
+++ b/g3proxy/docker/debian.Dockerfile
@@ -3,7 +3,7 @@ WORKDIR /usr/src/g3
 COPY . .
 RUN apt-get update && apt-get install -y libclang-dev cmake capnproto
 RUN cargo build --profile release-lto \
- --no-default-features --features vendored-boringssl,quic,vendored-c-ares,hickory \
+ --no-default-features --features vendored-boringssl,rustls-ring,quic,vendored-c-ares,hickory \
  -p g3proxy -p g3proxy-ctl
 
 FROM debian:bookworm-slim
diff --git a/g3proxy/docker/lua.alpine.Dockerfile b/g3proxy/docker/lua.alpine.Dockerfile
index 001518fc1..ca46c711b 100644
--- a/g3proxy/docker/lua.alpine.Dockerfile
+++ b/g3proxy/docker/lua.alpine.Dockerfile
@@ -11,7 +11,7 @@ RUN apk add --no-cache musl-dev cmake capnproto-dev openssl-dev c-ares-dev lua5.
 ENV PKG_CONFIG_PATH=/usr/lib/pkgconfig
 ENV RUSTFLAGS="-Ctarget-feature=-crt-static"
 RUN cargo build --profile release-lto \
- --no-default-features --features quic,c-ares,hickory,lua54 \
+ --no-default-features --features rustls-ring,quic,c-ares,hickory,lua54 \
  -p g3proxy -p g3proxy-ctl -p g3proxy-lua
 
 FROM alpine:latest
diff --git a/g3proxy/g3proxy.spec b/g3proxy/g3proxy.spec
index dab8b919a..3c822fa7d 100644
--- a/g3proxy/g3proxy.spec
+++ b/g3proxy/g3proxy.spec
@@ -43,7 +43,7 @@ LUA_FEATURE=lua$LUA_VERSION
 SSL_FEATURE=$(sh scripts/package/detect_openssl_feature.sh)
 CARES_FEATURE=$(sh scripts/package/detect_c-ares_feature.sh)
 export CMAKE="%{cmake_real}"
-cargo build --frozen --profile %{build_profile} --no-default-features --features $LUA_FEATURE,$SSL_FEATURE,quic,$CARES_FEATURE,hickory --package g3proxy --package g3proxy-ctl --package g3proxy-lua
+cargo build --frozen --profile %{build_profile} --no-default-features --features $LUA_FEATURE,$SSL_FEATURE,rustls-ring,quic,$CARES_FEATURE,hickory --package g3proxy --package g3proxy-ctl --package g3proxy-lua
 cargo build --frozen --profile %{build_profile} --package g3proxy-ftp
 sh %{name}/service/generate_systemd.sh
 
diff --git a/g3proxy/src/main.rs b/g3proxy/src/main.rs
index f3f3efed3..5263febf5 100644
--- a/g3proxy/src/main.rs
+++ b/g3proxy/src/main.rs
@@ -30,7 +30,7 @@ fn main() -> anyhow::Result<()> {
     rustls::crypto::aws_lc_rs::default_provider()
         .install_default()
         .unwrap();
-    #[cfg(not(feature = "rustls-aws-lc"))]
+    #[cfg(feature = "rustls-ring")]
     rustls::crypto::ring::default_provider()
         .install_default()
         .unwrap();
diff --git a/g3tiles/Cargo.toml b/g3tiles/Cargo.toml
index 1625c47ab..f6ce83ee5 100644
--- a/g3tiles/Cargo.toml
+++ b/g3tiles/Cargo.toml
@@ -58,9 +58,10 @@ g3tiles-proto = { path = "proto" }
 g3-build-env.workspace = true
 
 [features]
-default = ["quic"]
+default = ["quic", "rustls-ring"]
 quic = ["g3-daemon/quic", "g3-yaml/quinn", "g3-types/quinn", "dep:quinn"]
-rustls-aws-lc = ["rustls/aws-lc-rs"]
+rustls-ring = ["rustls/ring", "quinn?/rustls-ring"]
+rustls-aws-lc = ["rustls/aws-lc-rs", "quinn?/rustls-aws-lc-rs"]
 vendored-openssl = ["openssl/vendored", "openssl-probe"]
 vendored-tongsuo = ["openssl/tongsuo", "openssl-probe", "g3-yaml/tongsuo", "g3-types/tongsuo"]
 vendored-aws-lc = ["rustls-aws-lc", "openssl/aws-lc", "openssl-probe", "g3-types/aws-lc", "g3-openssl/aws-lc"]
diff --git a/g3tiles/debian/rules b/g3tiles/debian/rules
index 9502a1c10..1bb9408f3 100755
--- a/g3tiles/debian/rules
+++ b/g3tiles/debian/rules
@@ -15,7 +15,7 @@ override_dh_auto_clean:
 override_dh_auto_build:
 	G3_PACKAGE_VERSION=$(DEB_VERSION) \
 	  cargo build --frozen --offline --profile $(BUILD_PROFILE) \
-	    --no-default-features --features $(SSL_FEATURE),quic \
+	    --no-default-features --features $(SSL_FEATURE),rustls-ring,quic \
 	    --package g3tiles --package g3tiles-ctl
 	sh $(PACKAGE_NAME)/service/generate_systemd.sh
 
diff --git a/g3tiles/g3tiles.spec b/g3tiles/g3tiles.spec
index ab0ac287d..00227d2c8 100644
--- a/g3tiles/g3tiles.spec
+++ b/g3tiles/g3tiles.spec
@@ -37,7 +37,7 @@ Generic reverse proxy for G3 Project
 G3_PACKAGE_VERSION="%{version}-%{release}"
 export G3_PACKAGE_VERSION
 SSL_FEATURE=$(sh scripts/package/detect_openssl_feature.sh)
-cargo build --frozen --offline --profile %{build_profile} --no-default-features --features $SSL_FEATURE,quic --package g3tiles --package g3tiles-ctl
+cargo build --frozen --offline --profile %{build_profile} --no-default-features --features $SSL_FEATURE,rustls-ring,quic --package g3tiles --package g3tiles-ctl
 sh %{name}/service/generate_systemd.sh
 
 
diff --git a/lib/g3-build-env/src/rustls.rs b/lib/g3-build-env/src/rustls.rs
index 3a3d426df..90a9adfd0 100644
--- a/lib/g3-build-env/src/rustls.rs
+++ b/lib/g3-build-env/src/rustls.rs
@@ -17,10 +17,10 @@
 use std::env;
 
 pub fn check_rustls_provider() {
-    let provider = if env::var("CARGO_FEATURE_RUSTLS_AWS_LC").is_ok() {
-        "aws-lc"
-    } else {
-        "ring"
-    };
-    println!("cargo:rustc-env=G3_RUSTLS_PROVIDER={provider}");
+    if env::var("CARGO_FEATURE_RUSTLS_RING").is_ok() {
+        println!("cargo:rustc-env=G3_RUSTLS_PROVIDER=ring");
+    }
+    if env::var("CARGO_FEATURE_RUSTLS_AWS_LC").is_ok() {
+        println!("cargo:rustc-env=G3_RUSTLS_PROVIDER=aws-lc");
+    }
 }
diff --git a/lib/g3-msgpack/Cargo.toml b/lib/g3-msgpack/Cargo.toml
index f1ba06f91..ee22623d7 100644
--- a/lib/g3-msgpack/Cargo.toml
+++ b/lib/g3-msgpack/Cargo.toml
@@ -13,7 +13,6 @@ rmpv.workspace = true
 uuid.workspace = true
 atoi.workspace = true
 chrono = { workspace = true, features = ["std"] }
-rustls = { workspace = true, optional = true }
 rustls-pki-types = { workspace = true, optional = true, features = ["std"] }
 openssl = { workspace = true, optional = true }
 ip_network = { workspace = true, optional = true }
@@ -22,6 +21,6 @@ g3-geoip-types = { workspace = true, optional = true }
 
 [features]
 default = []
-rustls = ["g3-types/rustls", "dep:rustls", "dep:rustls-pki-types"]
+rustls = ["g3-types/rustls", "dep:rustls-pki-types"]
 openssl = ["g3-types/openssl", "dep:openssl"]
 geoip = ["dep:g3-geoip-types", "dep:ip_network"]
diff --git a/lib/g3-types/Cargo.toml b/lib/g3-types/Cargo.toml
index a3b3b3c54..a09e2737e 100644
--- a/lib/g3-types/Cargo.toml
+++ b/lib/g3-types/Cargo.toml
@@ -59,10 +59,12 @@ quic = []
 auth-crypt = ["dep:digest", "dep:md-5", "dep:sha-1", "dep:blake3", "dep:hex"]
 resolve = ["dep:radix_trie", "dep:fastrand"]
 quinn = ["dep:quinn", "quic"]
-rustls = ["dep:rustls", "dep:rustls-pki-types", "dep:webpki-roots", "dep:rustls-native-certs", "dep:lru", "quinn?/rustls"]
+rustls = ["dep:rustls", "dep:rustls-pki-types", "dep:webpki-roots", "dep:rustls-native-certs", "dep:lru"]
+rustls-ring = ["rustls", "rustls/ring", "quinn?/rustls-ring"]
+rustls-aws-lc = ["rustls", "rustls/aws-lc-rs", "quinn?/rustls-aws-lc-rs"]
 openssl = ["dep:openssl", "dep:lru", "dep:bytes"]
 tongsuo = ["openssl", "openssl/tongsuo", "dep:brotli"]
-aws-lc = ["openssl", "openssl/aws-lc", "rustls?/aws-lc-rs", "dep:brotli"]
+aws-lc = ["openssl", "openssl/aws-lc", "dep:brotli"]
 boringssl = ["openssl", "openssl/boringssl", "dep:brotli"]
 acl-rule = ["resolve", "dep:ip_network", "dep:ip_network_table", "dep:regex", "dep:radix_trie"]
 http = ["dep:http", "dep:bytes", "dep:base64"]
diff --git a/lib/g3-types/src/net/rustls/ext.rs b/lib/g3-types/src/net/rustls/ext.rs
index 6fd4f0709..f5ec0c220 100644
--- a/lib/g3-types/src/net/rustls/ext.rs
+++ b/lib/g3-types/src/net/rustls/ext.rs
@@ -17,9 +17,9 @@
 use std::sync::Arc;
 
 use anyhow::anyhow;
-#[cfg(feature = "aws-lc")]
+#[cfg(feature = "rustls-aws-lc")]
 use rustls::crypto::aws_lc_rs::Ticketer;
-#[cfg(not(feature = "aws-lc"))]
+#[cfg(feature = "rustls-ring")]
 use rustls::crypto::ring::Ticketer;
 use rustls::server::{NoServerSessionStorage, ProducesTickets};
 use rustls::{ClientConnection, HandshakeKind, ServerConfig, ServerConnection};