sdgoij/rustfs
1
0
Fork 0
mirror of https://github.com/rustfs/rustfs.git synced 2026-01-16 17:20:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: add tls log and removing unused crates (#359)

Browse Source 
* chore: add tls log

* improve code for http

* improve code dependencies for `cargo.toml` and removing unused crates

* modify name

* improve code

* fix

* Update crates/config/src/constants/env.rs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* improve code

* fix

* add `is_enabled` and `is_disabled`

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
houseme
2025-08-07 19:02:09 +08:00
committed by GitHub
parent 130f85a575
commit e0c99bced4
16 changed files with 322 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
Cargo.lock generated
View File

@@ -788,7 +788,7 @@ dependencies = [
"http 0.2.12",
"http 1.3.1",
"http-body 0.4.6",
"lru 0.12.5",
"lru",
"percent-encoding",
"regex-lite",
"sha2 0.10.9",
@@ -5564,15 +5564,6 @@ dependencies = [
"hashbrown 0.15.4",
]
[[package]]
name = "lru"
version = "0.16.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "86ea4e65087ff52f3862caff188d489f1fab49a0cb09e01b2e3f1a617b10aaed"
dependencies = [
"hashbrown 0.15.4",
]
[[package]]
name = "lru-slab"
version = "0.1.2"
@@ -8117,30 +8108,21 @@ version = "0.0.5"
dependencies = [
"anyhow",
"async-trait",
"bytes",
"chrono",
"futures",
"lazy_static",
"once_cell",
"rmp-serde",
"rustfs-common",
"rustfs-ecstore",
"rustfs-filemeta",
"rustfs-lock",
"rustfs-madmin",
"rustfs-utils",
"serde",
"serde_json",
"serial_test",
"tempfile",
"thiserror 2.0.12",
"time",
"tokio",
"tokio-test",
"tokio-util",
"tracing",
"tracing-subscriber",
"url",
"uuid",
"walkdir",
]
@@ -8161,19 +8143,12 @@ version = "0.0.5"
dependencies = [
"base64-simd",
"bytes",
"bytes-utils",
"crc-fast",
"hex",
"http 1.3.1",
"http-body 1.0.1",
"md-5",
"pin-project-lite",
"pretty_assertions",
"sha1 0.10.6",
"sha2 0.10.9",
"tokio",
"tracing",
"tracing-test",
]
[[package]]
@@ -8249,7 +8224,6 @@ dependencies = [
"num_cpus",
"once_cell",
"path-absolutize",
"path-clean",
"pin-project-lite",
"quick-xml 0.38.0",
"rand 0.9.2",
@@ -8367,10 +8341,7 @@ dependencies = [
"async-trait",
"bytes",
"futures",
"lazy_static",
"lru 0.16.0",
"once_cell",
"rand 0.9.2",
"rustfs-protos",
"serde",
"serde_json",
@@ -8521,7 +8492,6 @@ dependencies = [
"serde",
"serde_json",
"tokio",
"tokio-test",
"tokio-util",
]
@@ -8600,12 +8570,9 @@ dependencies = [
"bytes",
"http 1.3.1",
"hyper 1.6.0",
"rand 0.9.2",
"rustfs-utils",
"s3s",
"serde",
"serde_urlencoded",
"tempfile",
"time",
"tracing",
]
@@ -10311,19 +10278,6 @@ dependencies = [
"xattr",
]
[[package]]
name = "tokio-test"
version = "0.4.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2468baabc3311435b55dd935f702f42cd1b8abb7e754fb7dfb16bd36aa88f9f7"
dependencies = [
"async-stream",
"bytes",
"futures-core",
"tokio",
"tokio-stream",
]
[[package]]
name = "tokio-util"
version = "0.7.15"
@@ -10668,27 +10622,6 @@ dependencies = [
"tracing-serde",
]
[[package]]
name = "tracing-test"
version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "557b891436fe0d5e0e363427fc7f217abf9ccd510d5136549847bdcbcd011d68"
dependencies = [
"tracing-core",
"tracing-subscriber",
"tracing-test-macro",
]
[[package]]
name = "tracing-test-macro"
version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "04659ddb06c87d233c566112c1c9c5b9e98256d9af50ec3bc9c8327f873a7568"
dependencies = [
"quote",
"syn 2.0.104",
]
[[package]]
name = "tracing-wasm"
version = "0.2.1"

8
Cargo.toml
View File

@@ -102,15 +102,12 @@ atomic_enum = "0.3.0"
aws-config = { version = "1.8.3" }
aws-sdk-s3 = "1.100.0"
axum = "0.8.4"
axum-extra = "0.10.1"
axum-server = { version = "0.7.2", features = ["tls-rustls"] }
base64-simd = "0.8.0"
base64 = "0.22.1"
brotli = "8.0.1"
bytes = { version = "1.10.1", features = ["serde"] }
bytesize = "2.0.1"
byteorder = "1.5.0"
bytes-utils = "0.1.4"
cfg-if = "1.0.1"
crc-fast = "1.3.0"
chacha20poly1305 = { version = "0.10.1" }
@@ -156,7 +153,6 @@ keyring = { version = "3.6.3", features = [
] }
lazy_static = "1.5.0"
libsystemd = { version = "0.7.2" }
lru = "0.16"
local-ip-address = "0.6.5"
lz4 = "1.28.1"
matchit = "0.8.4"
@@ -253,7 +249,6 @@ tokio = { version = "1.47.1", features = ["fs", "rt-multi-thread"] }
tokio-rustls = { version = "0.26.2", default-features = false }
tokio-stream = { version = "0.1.17" }
tokio-tar = "0.3.1"
tokio-test = "0.4.4"
tokio-util = { version = "0.7.15", features = ["io", "compat"] }
tonic = { version = "0.14.0", features = ["gzip"] }
tonic-prost = { version = "0.14.0" }
@@ -266,7 +261,6 @@ tracing-core = "0.1.34"
tracing-error = "0.2.1"
tracing-opentelemetry = "0.31.0"
tracing-subscriber = { version = "0.3.19", features = ["env-filter", "time"] }
tracing-test = "0.2.5"
transform-stream = "0.3.1"
url = "2.5.4"
urlencoding = "2.1.3"
@@ -283,7 +277,7 @@ zstd = "0.13.3"
[workspace.metadata.cargo-shear]
ignored = ["rustfs", "rust-i18n"]
ignored = ["rustfs", "rust-i18n", "rustfs-mcp"]
[profile.wasm-dev]
inherits = "dev"

10
crates/ahm/Cargo.toml
View File

@@ -17,31 +17,21 @@ rustfs-ecstore = { workspace = true }
rustfs-common = { workspace = true }
rustfs-filemeta = { workspace = true }
rustfs-madmin = { workspace = true }
rustfs-utils = { workspace = true }
tokio = { workspace = true, features = ["full"] }
tokio-util = { workspace = true }
tracing = { workspace = true }
serde = { workspace = true, features = ["derive"] }
serde_json = { workspace = true }
thiserror = { workspace = true }
bytes = { workspace = true }
time = { workspace = true, features = ["serde"] }
uuid = { workspace = true, features = ["v4", "serde"] }
anyhow = { workspace = true }
async-trait = { workspace = true }
futures = { workspace = true }
url = { workspace = true }
rustfs-lock = { workspace = true }
lazy_static = { workspace = true }
chrono = { workspace = true }
[dev-dependencies]
rmp-serde = { workspace = true }
tokio-test = { workspace = true }
serde_json = { workspace = true }
serial_test = "3.2.0"
once_cell = { workspace = true }
tracing-subscriber = { workspace = true }
walkdir = "2.5.0"
tempfile = { workspace = true }

7
crates/checksums/Cargo.toml
View File

@@ -28,18 +28,11 @@ documentation = "https://docs.rs/rustfs-signer/latest/rustfs_checksum/"
[dependencies]
bytes = { workspace = true }
crc-fast = { workspace = true }
hex = { workspace = true }
http = { workspace = true }
http-body = { workspace = true }
base64-simd = { workspace = true }
md-5 = { workspace = true }
pin-project-lite = { workspace = true }
sha1 = { workspace = true }
sha2 = { workspace = true }
tracing = { workspace = true }
[dev-dependencies]
bytes-utils = { workspace = true }
pretty_assertions = { workspace = true }
tracing-test = { workspace = true }
tokio = { workspace = true, features = ["macros", "rt"] }

262
crates/config/src/constants/env.rs
View File

@@ -19,3 +19,265 @@ pub const ENV_WORD_DELIMITER: &str = "_";
/// Medium-drawn lines separator
/// This is used to separate words in environment variable names.
pub const ENV_WORD_DELIMITER_DASH: &str = "-";
#[derive(Debug, PartialEq, Eq, Clone, Copy, Default)]
pub enum EnableState {
True,
False,
#[default]
Empty,
Yes,
No,
On,
Off,
Enabled,
Disabled,
Ok,
NotOk,
Success,
Failure,
Active,
Inactive,
One,
Zero,
}
impl std::fmt::Display for EnableState {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
f.write_str(self.as_str())
}
}
impl std::str::FromStr for EnableState {
type Err = ();
fn from_str(s: &str) -> Result<Self, Self::Err> {
match s.trim() {
s if s.eq_ignore_ascii_case("true") => Ok(EnableState::True),
s if s.eq_ignore_ascii_case("false") => Ok(EnableState::False),
"" => Ok(EnableState::Empty),
s if s.eq_ignore_ascii_case("yes") => Ok(EnableState::Yes),
s if s.eq_ignore_ascii_case("no") => Ok(EnableState::No),
s if s.eq_ignore_ascii_case("on") => Ok(EnableState::On),
s if s.eq_ignore_ascii_case("off") => Ok(EnableState::Off),
s if s.eq_ignore_ascii_case("enabled") => Ok(EnableState::Enabled),
s if s.eq_ignore_ascii_case("disabled") => Ok(EnableState::Disabled),
s if s.eq_ignore_ascii_case("ok") => Ok(EnableState::Ok),
s if s.eq_ignore_ascii_case("not_ok") => Ok(EnableState::NotOk),
s if s.eq_ignore_ascii_case("success") => Ok(EnableState::Success),
s if s.eq_ignore_ascii_case("failure") => Ok(EnableState::Failure),
s if s.eq_ignore_ascii_case("active") => Ok(EnableState::Active),
s if s.eq_ignore_ascii_case("inactive") => Ok(EnableState::Inactive),
"1" => Ok(EnableState::One),
"0" => Ok(EnableState::Zero),
_ => Err(()),
}
}
}
impl EnableState {
/// Returns the default value for the enum.
pub fn get_default() -> Self {
Self::default()
}
/// Returns the string representation of the enum.
pub fn as_str(&self) -> &str {
match self {
EnableState::True => "true",
EnableState::False => "false",
EnableState::Empty => "",
EnableState::Yes => "yes",
EnableState::No => "no",
EnableState::On => "on",
EnableState::Off => "off",
EnableState::Enabled => "enabled",
EnableState::Disabled => "disabled",
EnableState::Ok => "ok",
EnableState::NotOk => "not_ok",
EnableState::Success => "success",
EnableState::Failure => "failure",
EnableState::Active => "active",
EnableState::Inactive => "inactive",
EnableState::One => "1",
EnableState::Zero => "0",
}
}
/// is_enabled checks if the state represents an enabled condition.
pub fn is_enabled(self) -> bool {
matches!(
self,
EnableState::True
| EnableState::Yes
| EnableState::On
| EnableState::Enabled
| EnableState::Ok
| EnableState::Success
| EnableState::Active
| EnableState::One
)
}
/// is_disabled checks if the state represents a disabled condition.
pub fn is_disabled(self) -> bool {
matches!(
self,
EnableState::False
| EnableState::No
| EnableState::Off
| EnableState::Disabled
| EnableState::NotOk
| EnableState::Failure
| EnableState::Inactive
| EnableState::Zero
| EnableState::Empty
)
}
}
#[cfg(test)]
mod tests {
use super::*;
use std::str::FromStr;
#[test]
fn test_enable_state_display_and_fromstr() {
let cases = [
(EnableState::True, "true"),
(EnableState::False, "false"),
(EnableState::Empty, ""),
(EnableState::Yes, "yes"),
(EnableState::No, "no"),
(EnableState::On, "on"),
(EnableState::Off, "off"),
(EnableState::Enabled, "enabled"),
(EnableState::Disabled, "disabled"),
(EnableState::Ok, "ok"),
(EnableState::NotOk, "not_ok"),
(EnableState::Success, "success"),
(EnableState::Failure, "failure"),
(EnableState::Active, "active"),
(EnableState::Inactive, "inactive"),
(EnableState::One, "1"),
(EnableState::Zero, "0"),
];
for (variant, string) in cases.iter() {
assert_eq!(&variant.to_string(), string);
assert_eq!(EnableState::from_str(string).unwrap(), *variant);
}
// Test invalid string
assert!(EnableState::from_str("invalid").is_err());
}
#[test]
fn test_enable_state_enum() {
let cases = [
(EnableState::True, "true"),
(EnableState::False, "false"),
(EnableState::Empty, ""),
(EnableState::Yes, "yes"),
(EnableState::No, "no"),
(EnableState::On, "on"),
(EnableState::Off, "off"),
(EnableState::Enabled, "enabled"),
(EnableState::Disabled, "disabled"),
(EnableState::Ok, "ok"),
(EnableState::NotOk, "not_ok"),
(EnableState::Success, "success"),
(EnableState::Failure, "failure"),
(EnableState::Active, "active"),
(EnableState::Inactive, "inactive"),
(EnableState::One, "1"),
(EnableState::Zero, "0"),
];
for (variant, string) in cases.iter() {
assert_eq!(variant.to_string(), *string);
}
}
#[test]
fn test_enable_state_enum_from_str() {
let cases = [
("true", EnableState::True),
("false", EnableState::False),
("", EnableState::Empty),
("yes", EnableState::Yes),
("no", EnableState::No),
("on", EnableState::On),
("off", EnableState::Off),
("enabled", EnableState::Enabled),
("disabled", EnableState::Disabled),
("ok", EnableState::Ok),
("not_ok", EnableState::NotOk),
("success", EnableState::Success),
("failure", EnableState::Failure),
("active", EnableState::Active),
("inactive", EnableState::Inactive),
("1", EnableState::One),
("0", EnableState::Zero),
];
for (string, variant) in cases.iter() {
assert_eq!(EnableState::from_str(string).unwrap(), *variant);
}
}
#[test]
fn test_enable_state_default() {
let default_state = EnableState::get_default();
assert_eq!(default_state, EnableState::Empty);
assert_eq!(default_state.as_str(), "");
}
#[test]
fn test_enable_state_as_str() {
let cases = [
(EnableState::True, "true"),
(EnableState::False, "false"),
(EnableState::Empty, ""),
(EnableState::Yes, "yes"),
(EnableState::No, "no"),
(EnableState::On, "on"),
(EnableState::Off, "off"),
(EnableState::Enabled, "enabled"),
(EnableState::Disabled, "disabled"),
(EnableState::Ok, "ok"),
(EnableState::NotOk, "not_ok"),
(EnableState::Success, "success"),
(EnableState::Failure, "failure"),
(EnableState::Active, "active"),
(EnableState::Inactive, "inactive"),
(EnableState::One, "1"),
(EnableState::Zero, "0"),
];
for (variant, string) in cases.iter() {
assert_eq!(variant.as_str(), *string);
}
}
#[test]
fn test_enable_state_is_enabled() {
let enabled_states = [
EnableState::True,
EnableState::Yes,
EnableState::On,
EnableState::Enabled,
EnableState::Ok,
EnableState::Success,
EnableState::Active,
EnableState::One,
];
for state in enabled_states.iter() {
assert!(state.is_enabled());
}
let disabled_states = [
EnableState::False,
EnableState::No,
EnableState::Off,
EnableState::Disabled,
EnableState::NotOk,
EnableState::Failure,
EnableState::Inactive,
EnableState::Zero,
EnableState::Empty,
];
for state in disabled_states.iter() {
assert!(state.is_disabled());
}
}
}

1
crates/config/src/constants/mod.rs
View File

@@ -14,3 +14,4 @@
pub(crate) mod app;
pub(crate) mod env;
pub(crate) mod tls;

15
crates/config/src/constants/tls.rs Normal file
View File

@@ -0,0 +1,15 @@
// Copyright 2024 RustFS Team
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
pub const ENV_TLS_KEYLOG: &str = "RUSTFS_TLS_KEYLOG";

2
crates/config/src/lib.rs
View File

@@ -18,6 +18,8 @@ pub mod constants;
pub use constants::app::*;
#[cfg(feature = "constants")]
pub use constants::env::*;
#[cfg(feature = "constants")]
pub use constants::tls::*;
#[cfg(feature = "notify")]
pub mod notify;
#[cfg(feature = "observability")]

3
crates/ecstore/Cargo.toml
View File

@@ -69,7 +69,6 @@ hmac = { workspace = true }
sha1 = { workspace = true }
sha2 = { workspace = true }
hex-simd = { workspace = true }
path-clean = { workspace = true }
tempfile.workspace = true
hyper.workspace = true
hyper-util.workspace = true
@@ -123,4 +122,4 @@ harness = false
[[bench]]
name = "comparison_benchmark"
harness = false
harness = false

3
crates/lock/Cargo.toml
View File

@@ -32,9 +32,7 @@ workspace = true
async-trait.workspace = true
bytes.workspace = true
futures.workspace = true
lazy_static.workspace = true
rustfs-protos.workspace = true
rand.workspace = true
serde.workspace = true
serde_json.workspace = true
tokio.workspace = true
@@ -44,4 +42,3 @@ url.workspace = true
uuid.workspace = true
thiserror.workspace = true
once_cell.workspace = true
lru.workspace = true

18
crates/notify/src/registry.rs
View File

@@ -19,7 +19,7 @@ use crate::{
target::Target,
};
use futures::stream::{FuturesUnordered, StreamExt};
use rustfs_config::notify::{ENABLE_KEY, ENABLE_ON, NOTIFY_ROUTE_PREFIX};
use rustfs_config::notify::{ENABLE_KEY, NOTIFY_ROUTE_PREFIX};
use rustfs_config::{DEFAULT_DELIMITER, ENV_PREFIX};
use rustfs_ecstore::config::{Config, KVS};
use std::collections::{HashMap, HashSet};
@@ -111,10 +111,10 @@ impl TargetRegistry {
// 3.1. Instance discovery: Based on the '..._ENABLE_INSTANCEID' format
let enable_prefix = format!("{ENV_PREFIX}{NOTIFY_ROUTE_PREFIX}{target_type}_{ENABLE_KEY}_").to_uppercase();
for (key, value) in &all_env {
if value.eq_ignore_ascii_case(ENABLE_ON)
|| value.eq_ignore_ascii_case("true")
|| value.eq_ignore_ascii_case("1")
|| value.eq_ignore_ascii_case("yes")
if value.eq_ignore_ascii_case(rustfs_config::EnableState::One.as_str())
|| value.eq_ignore_ascii_case(rustfs_config::EnableState::On.as_str())
|| value.eq_ignore_ascii_case(rustfs_config::EnableState::True.as_str())
|| value.eq_ignore_ascii_case(rustfs_config::EnableState::Yes.as_str())
{
if let Some(id) = key.strip_prefix(&enable_prefix) {
if !id.is_empty() {
@@ -202,10 +202,10 @@ impl TargetRegistry {
let enabled = merged_config
.lookup(ENABLE_KEY)
.map(|v| {
v.eq_ignore_ascii_case(ENABLE_ON)
|| v.eq_ignore_ascii_case("true")
|| v.eq_ignore_ascii_case("1")
|| v.eq_ignore_ascii_case("yes")
v.eq_ignore_ascii_case(rustfs_config::EnableState::One.as_str())
|| v.eq_ignore_ascii_case(rustfs_config::EnableState::On.as_str())
|| v.eq_ignore_ascii_case(rustfs_config::EnableState::True.as_str())
|| v.eq_ignore_ascii_case(rustfs_config::EnableState::Yes.as_str())
})
.unwrap_or(false);

1
crates/rio/Cargo.toml
View File

@@ -45,4 +45,3 @@ serde_json.workspace = true
md-5 = { workspace = true }
[dev-dependencies]
tokio-test = { workspace = true }

3
crates/signer/Cargo.toml
View File

@@ -31,14 +31,11 @@ bytes = { workspace = true }
http.workspace = true
time.workspace = true
hyper.workspace = true
serde.workspace = true
serde_urlencoded.workspace = true
rustfs-utils = { workspace = true, features = ["full"] }
s3s.workspace = true
[dev-dependencies]
tempfile = { workspace = true }
rand = { workspace = true }
[lints]
workspace = true

14
crates/utils/src/certs.rs
View File

@@ -21,7 +21,7 @@ use std::collections::HashMap;
use std::io::Error;
use std::path::Path;
use std::sync::Arc;
use std::{fs, io};
use std::{env, fs, io};
use tracing::{debug, warn};
/// Load public certificate from file.
@@ -194,6 +194,18 @@ pub fn create_multi_cert_resolver(
})
}
/// Checks if TLS key logging is enabled.
pub fn tls_key_log() -> bool {
env::var(rustfs_config::ENV_TLS_KEYLOG)
.map(|v| {
v.eq_ignore_ascii_case(rustfs_config::EnableState::One.as_str())
|| v.eq_ignore_ascii_case(rustfs_config::EnableState::On.as_str())
|| v.eq_ignore_ascii_case(rustfs_config::EnableState::True.as_str())
|| v.eq_ignore_ascii_case(rustfs_config::EnableState::Yes.as_str())
})
.unwrap_or(false)
}
#[cfg(test)]
mod tests {
use super::*;

5
rustfs/Cargo.toml
View File

@@ -33,11 +33,6 @@ path = "src/main.rs"
[lints]
workspace = true
[features]
default = []
tls_fallback = []
full = ["tls_fallback"]
[dependencies]
rustfs-ahm = { workspace = true }
rustfs-zip = { workspace = true }

45
rustfs/src/server/http.rs
View File

@@ -60,9 +60,6 @@ pub async fn start_http_server(
let server_port = server_addr.port();
let server_address = server_addr.to_string();
// The listening address and port are obtained from the parameters
// let listener = TcpListener::bind(server_address.clone()).await?;
// The listening address and port are obtained from the parameters
let listener = {
let mut server_addr = server_addr;
@@ -310,7 +307,9 @@ async fn setup_tls_acceptor(tls_path: &str) -> Result<Option<TlsAcceptor>> {
server_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec(), b"http/1.0".to_vec()];
// Log SNI requests
server_config.key_log = Arc::new(rustls::KeyLogFile::new());
if rustfs_utils::tls_key_log() {
server_config.key_log = Arc::new(rustls::KeyLogFile::new());
}
return Ok(Some(TlsAcceptor::from(Arc::new(server_config))));
}
@@ -333,7 +332,9 @@ async fn setup_tls_acceptor(tls_path: &str) -> Result<Option<TlsAcceptor>> {
server_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec(), b"http/1.0".to_vec()];
// Log SNI requests
server_config.key_log = Arc::new(rustls::KeyLogFile::new());
if rustfs_utils::tls_key_log() {
server_config.key_log = Arc::new(rustls::KeyLogFile::new());
}
return Ok(Some(TlsAcceptor::from(Arc::new(server_config))));
}
@@ -431,45 +432,33 @@ fn process_connection(
Err(err) => {
// Detailed analysis of the reasons why the TLS handshake fails
let err_str = err.to_string();
let mut key_failure_type_str: &str = "UNKNOWN";
if err_str.contains("unexpected EOF") || err_str.contains("handshake eof") {
info!( peer_addr = %peer_addr,"TLS handshake failed with EOF, attempting fallback to HTTP: {}", err);
// Try falling back the connection to HTTP mode (this feature is only enabled in specific environments)
#[cfg(feature = "tls_fallback")]
{
// Since the original connection has been consumed, a new connection needs to be accepted
match TcpStream::connect(peer_addr.clone()).await {
Ok(new_socket) => {
debug!("Successfully reconnected to client for HTTP fallback");
let stream = TokioIo::new(new_socket);
let conn = http_server.serve_connection(stream, hybrid_service);
if let Err(err) = graceful.watch(conn).await {
handle_connection_error(&*err);
}
return;
}
Err(e) => {
error!("Failed to reconnect for HTTP fallback: {}", e);
}
}
}
warn!(peer_addr = %peer_addr, "TLS handshake failed. If this client needs HTTP, it should connect to the HTTP port instead");
key_failure_type_str = "UNEXPECTED_EOF";
} else if err_str.contains("protocol version") {
error!(
peer_addr = %peer_addr,
"TLS handshake failed due to protocol version mismatch: {}", err
);
key_failure_type_str = "PROTOCOL_VERSION";
} else if err_str.contains("certificate") {
error!(
peer_addr = %peer_addr,
"TLS handshake failed due to certificate issues: {}", err
);
key_failure_type_str = "CERTIFICATE";
} else {
error!(
peer_addr = %peer_addr,
"TLS handshake failed: {}", err
);
}
info!(
counter.rustfs_tls_handshake_failures = 1_u64,
key_failure_type = key_failure_type_str,
"TLS handshake failure metric"
);
// Record detailed diagnostic information
debug!(
peer_addr = %peer_addr,
@@ -478,7 +467,7 @@ fn process_connection(
"TLS handshake failure details"
);
return; // End the mission
return;
}
}
debug!("TLS handshake success");