Introduce an example using TLS

[blt]

The use of TLS connectors with tower-grpc seems to be a common sticking point for this library, see #59 and @ian-p-cooke's example https://github.com/ian-p-cooke/tower-grpc-tls-client-auth-example given in these issues though I've quite lost where. While it is clear that tower-grpc is not responsible for setting up a connector it's not entirely clear, at least to me, how a TlsStream should be hooked up into tower-grpc's machinery.

I've tried to cobble together an up to date example from bits and pieces I've found in conversations here and by reading project docs. You can find it here: https://github.com/blt/spike Unfortunately the client code doesn't compile yet and I don't have a ton of confidence that it would function if it did compile. I'd be interested in thoughts on what needs to change in spike to get it compiling.

Anyhow, would adding a TLS example to this project be a reasonable addition? I'd be happy to contribute something if there were an interest, but I'd need a touch of help.

[carllerche]

I’m hoping to get some full stack examples with tower-hyper (as a preview to using real hyper) including TLS. I think this is pending a tower-hyper release which @LucioFranco is leading. I will defer to him on this.

[LucioFranco]

@carllerche i think we need to figure out a tower-http-connection crate to provide a type alias for http connections.

[LucioFranco]

Initial work is being worked on here https://github.com/tower-rs/tower-http/pull/19

[davidvartan]

Can't wait to see this in. Currently have implemented a server but am blocked on client functionality because I can't figure out how to get TLS/ALPN working. I did see https://github.com/tower-rs/tower-grpc/issues/101#issuecomment-479592214 but haven't had success plumbing this over.

(TLS on the client, specifically, because on the server side gRPC will be sitting behind a proxy that handles that stuff already, which is how probably most people will deploy.)

[LucioFranco]

@davidvartan sorry this TLS work has taken a long time as we have been distracted moving to std::Future. What issues are you running into with TLS/ALPN?

[davidvartan]

Thanks for the reply! So I'm using the example code (with the addition of http_connector.enforce_http(false); which may or may not be supported) and am getting ERR = Status { code: Unknown, message: "h2 protocol error: protocol error: frame with invalid size" }. From some Googling (e.g. https://github.com/hyperium/hyper/issues/1574#issuecomment-399223014) and the comment I linked above it appears that ALPN is what's missing. This is client-side only. Am I going about this incorrectly?

[LucioFranco]

So I'm not sure the http_connector from hyper does ALPN negotiation. That said, you should be able to use this example + MakeConnection to produce a AsyncRead + AsyncWrite stream that is http2 ready. I would suggest looking at the open PR for how I went about it. Unfortunately, I'm a bit swamped right now so I will not be able to get to that PR for a long time. That said, feel free to come into the tower gitter and ask some questions :)

[davidvartan]

For anyone who is following there is a working example in https://github.com/tower-rs/tower-grpc/issues/59 (thank you @kiratp)