[PR #3313] proto: make tls feature runtime-agnostic #3739

New issue

Open

opened 2026-03-16 11:59:57 +03:00 by kerem · 0 comments

kerem commented

2026-03-16 11:59:57 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/3313
Author: @CathalMullan
Created: 10/15/2025
Status: 🔄 Open

Base: main ← Head: proto-tls

📝 Commits (1)

1beaacf proto: make tls feature runtime-agnostic

📊 Changes

17 files changed (+295 additions, -119 deletions)

View changed files

📝 Cargo.lock (+2 -0)
📝 conformance/Cargo.lock (+41 -0)
📝 crates/proto/Cargo.toml (+7 -7)
📝 crates/proto/src/h2/h2_client_stream.rs (+17 -31)
📝 crates/proto/src/runtime.rs (+41 -2)
📝 crates/proto/src/rustls/tls_client_stream.rs (+25 -19)
📝 crates/proto/src/rustls/tls_stream.rs (+44 -47)
📝 crates/proto/src/xfer/dns_exchange.rs (+6 -6)
📝 crates/recursor/Cargo.toml (+2 -0)
📝 crates/recursor/src/metrics_tests.rs (+13 -3)
📝 crates/resolver/Cargo.toml (+2 -2)
📝 crates/resolver/examples/custom_provider.rs (+22 -0)
📝 crates/resolver/src/connection_provider.rs (+2 -0)
📝 crates/resolver/src/name_server.rs (+11 -0)
📝 fuzz/Cargo.lock (+42 -1)
📝 tests/integration-tests/Cargo.toml (+1 -1)
📝 tests/integration-tests/src/mock_client.rs (+17 -0)

📄 Description

Part of https://github.com/hickory-dns/hickory-dns/issues/3304, aiming to make proto less tokio dependent.

Added a connect method and an associated type for TLS to the runtime provider, in order to abstract TLS connections away from tokio-rustls. Also made use of the runtime timer to handle timeouts in the rustls module.

These changes do require adding rustls and rustls-pki-types to the proto public API (only when the __tls feature is enabled).

The current set of features proto exposes aren't expressive enough to handle mixing runtime choice and TLS choice. As such, I've had to move the dep:tokio-rustls under the tokio feature. There would need to be a bridge feature like tokio-tls to handle making it optional, but that would complicate things greatly.

Encountered broken pipe issues when running the tests both locally and on CI. Narrowed down the issue to the AsyncIoStdAsTokio::poll_read implementation. Swapping the buf.initialized_mut() call to buf.initialize_unfilled() resolved the problem. This copies the behavior of tokio-util/compat.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/3313 **Author:** [@CathalMullan](https://github.com/CathalMullan) **Created:** 10/15/2025 **Status:** 🔄 Open **Base:** `main` ← **Head:** `proto-tls` --- ### 📝 Commits (1) - [`1beaacf`](https://github.com/hickory-dns/hickory-dns/commit/1beaacfa707b3ba10c1a99c4f99e1af398dd9cdf) proto: make tls feature runtime-agnostic ### 📊 Changes **17 files changed** (+295 additions, -119 deletions) <details> <summary>View changed files</summary> 📝 `Cargo.lock` (+2 -0) 📝 `conformance/Cargo.lock` (+41 -0) 📝 `crates/proto/Cargo.toml` (+7 -7) 📝 `crates/proto/src/h2/h2_client_stream.rs` (+17 -31) 📝 `crates/proto/src/runtime.rs` (+41 -2) 📝 `crates/proto/src/rustls/tls_client_stream.rs` (+25 -19) 📝 `crates/proto/src/rustls/tls_stream.rs` (+44 -47) 📝 `crates/proto/src/xfer/dns_exchange.rs` (+6 -6) 📝 `crates/recursor/Cargo.toml` (+2 -0) 📝 `crates/recursor/src/metrics_tests.rs` (+13 -3) 📝 `crates/resolver/Cargo.toml` (+2 -2) 📝 `crates/resolver/examples/custom_provider.rs` (+22 -0) 📝 `crates/resolver/src/connection_provider.rs` (+2 -0) 📝 `crates/resolver/src/name_server.rs` (+11 -0) 📝 `fuzz/Cargo.lock` (+42 -1) 📝 `tests/integration-tests/Cargo.toml` (+1 -1) 📝 `tests/integration-tests/src/mock_client.rs` (+17 -0) </details> ### 📄 Description Part of https://github.com/hickory-dns/hickory-dns/issues/3304, aiming to make `proto` less `tokio` dependent. Added a connect method and an associated type for TLS to the runtime provider, in order to abstract TLS connections away from `tokio-rustls`. Also made use of the runtime timer to handle timeouts in the `rustls` module. These changes do require adding `rustls` and `rustls-pki-types` to the `proto` public API (only when the `__tls` feature is enabled). The current set of features `proto` exposes aren't expressive enough to handle mixing runtime choice and TLS choice. As such, I've had to move the `dep:tokio-rustls` under the `tokio` feature. There would need to be a bridge feature like `tokio-tls` to handle making it optional, but that would complicate things greatly. Encountered broken pipe issues when running the tests both locally and on CI. Narrowed down the issue to the `AsyncIoStdAsTokio::poll_read` implementation. Swapping the `buf.initialized_mut()` call to `buf.initialize_unfilled()` resolved the problem. This [copies the behavior of `tokio-util/compat`](https://github.com/tokio-rs/tokio/blob/2137f7d953df2c65ad254aba41e7e403905dda91/tokio-util/src/compat.rs#L222-L237). --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>