From 2ec8df52f4ea242e733179d62ee9206994a4eb69 Mon Sep 17 00:00:00 2001
From: Nicolas Stinus <nicolas.stinus@gmail.com>
Date: Thu, 30 Nov 2023 12:15:48 -0500
Subject: [PATCH] Make tls optional and add rustls support (#418)

This change removed the required dependency to hyper-tls and openssl.
The allow tls, clients will now have to enable either the `native-tls`
or `rustls-tls` features.

BREAKING: tls isn't enabled by default anymore.
---
 metrics-exporter-prometheus/Cargo.toml     |  5 ++++-
 metrics-exporter-prometheus/src/builder.rs | 26 +++++++++++++++++++---
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/metrics-exporter-prometheus/Cargo.toml b/metrics-exporter-prometheus/Cargo.toml
index 308a11be..6959495c 100644
--- a/metrics-exporter-prometheus/Cargo.toml
+++ b/metrics-exporter-prometheus/Cargo.toml
@@ -20,7 +20,9 @@ keywords = ["metrics", "telemetry", "prometheus"]
 default = ["http-listener", "push-gateway"]
 async-runtime = ["tokio", "hyper"]
 http-listener = ["async-runtime", "hyper/server", "ipnet"]
-push-gateway = ["async-runtime", "hyper/client", "hyper-tls", "tracing"]
+push-gateway = ["async-runtime", "hyper/client", "tracing"]
+native-tls = ["hyper-tls"]
+rustls-tls = ["hyper-rustls"]
 
 [dependencies]
 metrics = { version = "^0.21", path = "../metrics" }
@@ -36,6 +38,7 @@ ipnet = { version = "2", optional = true }
 tokio = { version = "1", features = ["rt", "net", "time"], optional = true }
 tracing = { version = "0.1.26", optional = true }
 hyper-tls = { version = "0.5.0", optional = true }
+hyper-rustls = { version = "0.24.2", optional = true }
 
 [dev-dependencies]
 tracing = "0.1"
diff --git a/metrics-exporter-prometheus/src/builder.rs b/metrics-exporter-prometheus/src/builder.rs
index 8c41ce15..651ad0f6 100644
--- a/metrics-exporter-prometheus/src/builder.rs
+++ b/metrics-exporter-prometheus/src/builder.rs
@@ -29,7 +29,6 @@ use hyper::{
     http::HeaderValue,
     Method, Request, Uri,
 };
-use hyper_tls::HttpsConnector;
 
 use indexmap::IndexMap;
 #[cfg(feature = "http-listener")]
@@ -461,8 +460,8 @@ impl PrometheusBuilder {
             #[cfg(feature = "push-gateway")]
             ExporterConfig::PushGateway { endpoint, interval, username, password } => {
                 let exporter = async move {
-                    let https = HttpsConnector::new();
-                    let client = Client::builder().build::<_, hyper::Body>(https);
+                    let client = make_http_client();
+
                     let auth = username.as_ref().map(|name| basic_auth(name, password.as_deref()));
 
                     loop {
@@ -568,6 +567,27 @@ fn basic_auth(username: &str, password: Option<&str>) -> HeaderValue {
     header
 }
 
+#[cfg(all(feature = "rustls-tls", not(feature = "native-tls")))]
+fn make_http_client(
+) -> Client<hyper_rustls::HttpsConnector<hyper::client::HttpConnector>, hyper::Body> {
+    let tls = hyper_rustls::HttpsConnectorBuilder::new()
+        .with_native_roots()
+        .https_or_http()
+        .enable_http1()
+        .build();
+    Client::builder().build::<_, hyper::Body>(tls)
+}
+
+#[cfg(all(not(feature = "rustls-tls"), feature = "native-tls"))]
+fn make_http_client() -> Client<hyper_tls::HttpsConnector, hyper::Body> {
+    Client::builder().build::<_, hyper::Body>(hyper_tls::HttpsConnector::new())
+}
+
+#[cfg(not(any(feature = "rustls-tls", feature = "native-tls")))]
+fn make_http_client() -> Client<hyper::client::HttpConnector, hyper::Body> {
+    Client::builder().build_http()
+}
+
 #[cfg(test)]
 mod tests {
     use std::time::Duration;