From 1f56282ceb91007a1503004c6345b88417929b4a Mon Sep 17 00:00:00 2001
From: Igor Novgorodov <igor.novgorodov@dfinity.org>
Date: Wed, 4 Sep 2024 18:00:10 +0200
Subject: [PATCH 1/6] use rustls ring backend by default

---
 Cargo.toml | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index f5a0f44..69ef228 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -9,7 +9,7 @@ homepage = "https://clickhouse.com"
 license = "MIT OR Apache-2.0"
 readme = "README.md"
 edition = "2021"
-rust-version = "1.67.0" # update `derive/Cargo.toml` and CI if changed
+rust-version = "1.67.0"                                                  # update `derive/Cargo.toml` and CI if changed
 
 [lints.rust]
 rust_2018_idioms = { level = "warn", priority = -1 }
@@ -57,7 +57,8 @@ uuid = ["dep:uuid"]
 time = ["dep:time"]
 lz4 = ["dep:lz4_flex", "dep:cityhash-rs"]
 native-tls = ["dep:hyper-tls"]
-rustls-tls = ["dep:hyper-rustls"]
+rustls-tls = ["dep:hyper-rustls", "hyper-rustls?/ring"]
+rustls-tls-aws = ["dep:hyper-rustls", "hyper-rustls?/aws-lc-rs"]
 
 [dependencies]
 clickhouse-derive = { version = "0.2.0", path = "derive" }
@@ -70,7 +71,13 @@ http-body-util = "0.1.2"
 hyper = "1.4"
 hyper-util = { version = "0.1.6", features = ["client-legacy", "http1"] }
 hyper-tls = { version = "0.6.0", optional = true }
-hyper-rustls = { version = "0.27.2", features = ["webpki-roots"], optional = true }
+hyper-rustls = { version = "0.27.2", default-features = false, features = [
+    "http1",
+    "http2",
+    "native-tokio",
+    "tls12",
+    "webpki-roots",
+], optional = true }
 url = "2.1.1"
 futures = "0.3.5"
 futures-channel = "0.3.30"
@@ -78,7 +85,9 @@ static_assertions = "1.1"
 sealed = "0.5"
 sha-1 = { version = "0.10", optional = true }
 serde_json = { version = "1.0.68", optional = true }
-lz4_flex = { version = "0.11.3", default-features = false, features = ["std"], optional = true }
+lz4_flex = { version = "0.11.3", default-features = false, features = [
+    "std",
+], optional = true }
 cityhash-rs = { version = "=1.0.1", optional = true } # exact version for safety
 uuid = { version = "1", optional = true }
 time = { version = "0.3", optional = true }

From fad1be77ec9e3a9d3f7d730281b188c3934a564b Mon Sep 17 00:00:00 2001
From: Igor Novgorodov <igor.novgorodov@dfinity.org>
Date: Wed, 4 Sep 2024 18:02:32 +0200
Subject: [PATCH 2/6] comment

---
 Cargo.toml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index 69ef228..ee30344 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -9,7 +9,8 @@ homepage = "https://clickhouse.com"
 license = "MIT OR Apache-2.0"
 readme = "README.md"
 edition = "2021"
-rust-version = "1.67.0"                                                  # update `derive/Cargo.toml` and CI if changed
+# update `derive/Cargo.toml` and CI if changed
+rust-version = "1.67.0"
 
 [lints.rust]
 rust_2018_idioms = { level = "warn", priority = -1 }

From 3efa7ce6f4d493092a3443d83f78863e84d2ddf7 Mon Sep 17 00:00:00 2001
From: Igor Novgorodov <igor.novgorodov@dfinity.org>
Date: Wed, 4 Sep 2024 20:13:50 +0200
Subject: [PATCH 3/6] bump rust version, init crypto provider explicitly

---
 .github/workflows/ci.yml |  1 +
 Cargo.toml               |  7 ++++---
 derive/Cargo.toml        |  3 ++-
 src/lib.rs               | 35 ++++++++++++++++++++++++++++-------
 4 files changed, 35 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e066c51..c15fbdb 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -60,6 +60,7 @@ jobs:
     - run: cargo clippy --all-targets --no-default-features
     - run: cargo build --all-targets --features native-tls
     - run: cargo build --all-targets --features rustls-tls
+    - run: cargo build --all-targets --features rustls-tls-aws
     - run: cargo clippy --all-targets --all-features
 
   test:
diff --git a/Cargo.toml b/Cargo.toml
index ee30344..9672043 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -10,7 +10,7 @@ license = "MIT OR Apache-2.0"
 readme = "README.md"
 edition = "2021"
 # update `derive/Cargo.toml` and CI if changed
-rust-version = "1.67.0"
+rust-version = "1.70.0"
 
 [lints.rust]
 rust_2018_idioms = { level = "warn", priority = -1 }
@@ -58,8 +58,8 @@ uuid = ["dep:uuid"]
 time = ["dep:time"]
 lz4 = ["dep:lz4_flex", "dep:cityhash-rs"]
 native-tls = ["dep:hyper-tls"]
-rustls-tls = ["dep:hyper-rustls", "hyper-rustls?/ring"]
-rustls-tls-aws = ["dep:hyper-rustls", "hyper-rustls?/aws-lc-rs"]
+rustls-tls = ["dep:hyper-rustls", "dep:rustls", "hyper-rustls?/ring"]
+rustls-tls-aws = ["dep:hyper-rustls", "dep:rustls", "hyper-rustls?/aws-lc-rs"]
 
 [dependencies]
 clickhouse-derive = { version = "0.2.0", path = "derive" }
@@ -72,6 +72,7 @@ http-body-util = "0.1.2"
 hyper = "1.4"
 hyper-util = { version = "0.1.6", features = ["client-legacy", "http1"] }
 hyper-tls = { version = "0.6.0", optional = true }
+rustls = { version = "0.23", default-features = false, optional = true }
 hyper-rustls = { version = "0.27.2", default-features = false, features = [
     "http1",
     "http2",
diff --git a/derive/Cargo.toml b/derive/Cargo.toml
index e0b86ec..d1129c1 100644
--- a/derive/Cargo.toml
+++ b/derive/Cargo.toml
@@ -7,7 +7,8 @@ repository = "https://github.com/ClickHouse/clickhouse-rs"
 homepage = "https://clickhouse.com"
 edition = "2021"
 license = "MIT OR Apache-2.0"
-rust-version = "1.67.0" # update `Cargo.toml` and CI if changed
+# update `Cargo.toml` and CI if changed
+rust-version = "1.70.0"
 
 [lib]
 proc-macro = true
diff --git a/src/lib.rs b/src/lib.rs
index 112a14e..584b86c 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -48,6 +48,19 @@ const TCP_KEEPALIVE: Duration = Duration::from_secs(60);
 // See https://github.com/ClickHouse/ClickHouse/blob/368cb74b4d222dc5472a7f2177f6bb154ebae07a/programs/server/config.xml#L201
 const POOL_IDLE_TIMEOUT: Duration = Duration::from_secs(2);
 
+#[cfg(any(feature = "rustls-tls", feature = "rustls-tls-aws"))]
+fn prepare_hyper_rustls_client(
+    connector: HttpConnector,
+    provider: impl Into<Arc<rustls::crypto::CryptoProvider>>,
+) -> hyper_rustls::HttpsConnector<HttpConnector> {
+    hyper_rustls::HttpsConnectorBuilder::new()
+        .with_provider_and_webpki_roots(provider)
+        .unwrap()
+        .https_or_http()
+        .enable_http1()
+        .wrap_connector(connector)
+}
+
 /// A client containing HTTP pool.
 #[derive(Clone)]
 pub struct Client {
@@ -70,18 +83,26 @@ impl Default for Client {
         // TODO: make configurable in `Client::builder()`.
         connector.set_keepalive(Some(TCP_KEEPALIVE));
 
-        #[cfg(any(feature = "native-tls", feature = "rustls-tls"))]
+        #[cfg(any(
+            feature = "native-tls",
+            feature = "rustls-tls",
+            feature = "rustls-tls-aws"
+        ))]
         connector.enforce_http(false);
 
-        #[cfg(all(feature = "native-tls", not(feature = "rustls-tls")))]
+        #[cfg(all(
+            feature = "native-tls",
+            not(feature = "rustls-tls"),
+            not(feature = "rustls-tls-aws")
+        ))]
         let connector = hyper_tls::HttpsConnector::new_with_connector(connector);
 
         #[cfg(feature = "rustls-tls")]
-        let connector = hyper_rustls::HttpsConnectorBuilder::new()
-            .with_webpki_roots()
-            .https_or_http()
-            .enable_http1()
-            .wrap_connector(connector);
+        let connector =
+            prepare_hyper_rustls_client(connector, rustls::crypto::ring::default_provider());
+        #[cfg(feature = "rustls-tls-aws")]
+        let connector =
+            prepare_hyper_rustls_client(connector, rustls::crypto::aws_lc_rs::default_provider());
 
         let client = HyperClient::builder(TokioExecutor::new())
             .pool_idle_timeout(POOL_IDLE_TIMEOUT)

From a228d44a71930893e338853c39fa49a6991cf58e Mon Sep 17 00:00:00 2001
From: Igor Novgorodov <igor.novgorodov@dfinity.org>
Date: Wed, 4 Sep 2024 20:54:17 +0200
Subject: [PATCH 4/6] bump ci to rust 1.70.0

---
 .github/workflows/ci.yml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c15fbdb..41f1b52 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -11,7 +11,7 @@ env:
   RUSTFLAGS: -Dwarnings
   RUSTDOCFLAGS: -Dwarnings
   RUST_BACKTRACE: 1
-  MSRV: 1.67.0
+  MSRV: 1.70.0
 
 jobs:
   build:
@@ -32,9 +32,6 @@ jobs:
     - run: rustup toolchain install ${{ env.MSRV }} --profile minimal
     - run: rustup override set ${{ env.MSRV }}
     - run: rustup show active-toolchain -v
-    # cargo from toolchain v1.67 doesn't choose versions based on MSRV,
-    # so we downgrade tokio because since v1.39 it requires rustc >=1.70.
-    - run: cargo update -p tokio --precise 1.38.1
     - run: cargo build
     - run: cargo build --no-default-features
     - run: cargo build --features uuid,time

From 52d41ee0e7f0ec36fc6ffafe9d25110edb2ec6e9 Mon Sep 17 00:00:00 2001
From: Igor Novgorodov <igor.novgorodov@dfinity.org>
Date: Wed, 4 Sep 2024 20:57:49 +0200
Subject: [PATCH 5/6] fix features

---
 src/lib.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib.rs b/src/lib.rs
index 584b86c..46049fb 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -97,10 +97,10 @@ impl Default for Client {
         ))]
         let connector = hyper_tls::HttpsConnector::new_with_connector(connector);
 
-        #[cfg(feature = "rustls-tls")]
+        #[cfg(all(feature = "rustls-tls", not(feature = "rustls-tls-aws")))]
         let connector =
             prepare_hyper_rustls_client(connector, rustls::crypto::ring::default_provider());
-        #[cfg(feature = "rustls-tls-aws")]
+        #[cfg(all(feature = "rustls-tls-aws", not(feature = "rustls-tls")))]
         let connector =
             prepare_hyper_rustls_client(connector, rustls::crypto::aws_lc_rs::default_provider());
 

From e2e7a48508afadf55c643c83374fa2c38f446b90 Mon Sep 17 00:00:00 2001
From: Igor Novgorodov <igor.novgorodov@dfinity.org>
Date: Wed, 4 Sep 2024 21:07:20 +0200
Subject: [PATCH 6/6] fix cfg again

---
 src/lib.rs | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/lib.rs b/src/lib.rs
index 46049fb..dc89680 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -48,8 +48,11 @@ const TCP_KEEPALIVE: Duration = Duration::from_secs(60);
 // See https://github.com/ClickHouse/ClickHouse/blob/368cb74b4d222dc5472a7f2177f6bb154ebae07a/programs/server/config.xml#L201
 const POOL_IDLE_TIMEOUT: Duration = Duration::from_secs(2);
 
-#[cfg(any(feature = "rustls-tls", feature = "rustls-tls-aws"))]
-fn prepare_hyper_rustls_client(
+#[cfg(all(
+    not(feature = "native-tls"),
+    any(feature = "rustls-tls", feature = "rustls-tls-aws")
+))]
+fn prepare_hyper_rustls_connector(
     connector: HttpConnector,
     provider: impl Into<Arc<rustls::crypto::CryptoProvider>>,
 ) -> hyper_rustls::HttpsConnector<HttpConnector> {
@@ -99,10 +102,12 @@ impl Default for Client {
 
         #[cfg(all(feature = "rustls-tls", not(feature = "rustls-tls-aws")))]
         let connector =
-            prepare_hyper_rustls_client(connector, rustls::crypto::ring::default_provider());
+            prepare_hyper_rustls_connector(connector, rustls::crypto::ring::default_provider());
         #[cfg(all(feature = "rustls-tls-aws", not(feature = "rustls-tls")))]
-        let connector =
-            prepare_hyper_rustls_client(connector, rustls::crypto::aws_lc_rs::default_provider());
+        let connector = prepare_hyper_rustls_connector(
+            connector,
+            rustls::crypto::aws_lc_rs::default_provider(),
+        );
 
         let client = HyperClient::builder(TokioExecutor::new())
             .pool_idle_timeout(POOL_IDLE_TIMEOUT)