align hostaddr tls behavior with documentation

Author: sfackler

tokio-postgres/src/cancel_query.rs

@@ -1,5 +1,5 @@
 use crate::client::SocketConfig;
-use crate::config::{Host, SslMode};
+use crate::config::SslMode;
 use crate::tls::MakeTlsConnect;
 use crate::{cancel_query_raw, connect_socket, Error, Socket};
 use std::io;
@@ -24,14 +24,10 @@ where
         }
     };
 
-    let hostname = match &config.host {
-        Host::Tcp(host) => &**host,
-        // postgres doesn't support TLS over unix sockets, so the choice here doesn't matter
-        #[cfg(unix)]
-        Host::Unix(_) => "",
-    };
-    let tls = tls
-        .make_tls_connect(hostname)
+    let tls = config
+        .hostname
+        .map(|s| tls.make_tls_connect(&s))
+        .transpose()
         .map_err(|e| Error::tls(e.into()))?;
 
     let socket = connect_socket::connect_socket(

tokio-postgres/src/cancel_query_raw.rs

@@ -8,7 +8,7 @@ use tokio::io::{AsyncRead, AsyncWrite, AsyncWriteExt};
 pub async fn cancel_query_raw<S, T>(
     stream: S,
     mode: SslMode,
-    tls: T,
+    tls: Option<T>,
     process_id: i32,
     secret_key: i32,
 ) -> Result<(), Error>

tokio-postgres/src/cancel_token.rs

@@ -54,7 +54,7 @@ impl CancelToken {
         cancel_query_raw::cancel_query_raw(
             stream,
             self.ssl_mode,
-            tls,
+            Some(tls),
             self.process_id,
             self.secret_key,
         )

tokio-postgres/src/client.rs

@@ -154,6 +154,7 @@ impl InnerClient {
 #[derive(Clone)]
 pub(crate) struct SocketConfig {
     pub host: Host,
+    pub hostname: Option<String>,
     pub port: u16,
     pub connect_timeout: Option<Duration>,
     pub tcp_user_timeout: Option<Duration>,

tokio-postgres/src/config.rs

@@ -97,9 +97,9 @@ pub enum Host {
 /// * `hostaddr` - Numeric IP address of host to connect to. This should be in the standard IPv4 address format,
 ///     e.g., 172.28.40.9. If your machine supports IPv6, you can also use those addresses.
 ///     If this parameter is not specified, the value of `host` will be looked up to find the corresponding IP address,
-///     - or if host specifies an IP address, that value will be used directly.
+///     or if host specifies an IP address, that value will be used directly.
 ///     Using `hostaddr` allows the application to avoid a host name look-up, which might be important in applications
-///     with time constraints. However, a host name is required for verify-full SSL certificate verification.
+///     with time constraints. However, a host name is required for TLS certificate verification.
 ///     Specifically:
 ///         * If `hostaddr` is specified without `host`, the value for `hostaddr` gives the server network address.
 ///             The connection attempt will fail if the authentication method requires a host name;
@@ -645,7 +645,7 @@ impl Config {
         S: AsyncRead + AsyncWrite + Unpin,
         T: TlsConnect<S>,
     {
-        connect_raw(stream, tls, self).await
+        connect_raw(stream, Some(tls), self).await
     }
 }
 

tokio-postgres/src/connect.rs

@@ -52,16 +52,17 @@ where
             .unwrap_or(5432);
 
         // The value of host is used as the hostname for TLS validation,
-        // if it's not present, use the value of hostaddr.
         let hostname = match host {
-            Some(Host::Tcp(host)) => host.clone(),
+            Some(Host::Tcp(host)) => Some(host.clone()),
             // postgres doesn't support TLS over unix sockets, so the choice here doesn't matter
             #[cfg(unix)]
-            Some(Host::Unix(_)) => "".to_string(),
-            None => hostaddr.map_or("".to_string(), |ipaddr| ipaddr.to_string()),
+            Some(Host::Unix(_)) => None,
+            None => None,
         };
-        let tls = tls
-            .make_tls_connect(&hostname)
+        let tls = hostname
+            .as_ref()
+            .map(|s| tls.make_tls_connect(s))
+            .transpose()
             .map_err(|e| Error::tls(e.into()))?;
 
         // Try to use the value of hostaddr to establish the TCP connection,
@@ -78,7 +79,7 @@ where
             }
         };
 
-        match connect_once(&addr, port, tls, config).await {
+        match connect_once(addr, hostname, port, tls, config).await {
             Ok((client, connection)) => return Ok((client, connection)),
             Err(e) => error = Some(e),
         }
@@ -88,16 +89,17 @@ where
 }
 
 async fn connect_once<T>(
-    host: &Host,
+    host: Host,
+    hostname: Option<String>,
     port: u16,
-    tls: T,
+    tls: Option<T>,
     config: &Config,
 ) -> Result<(Client, Connection<Socket, T::Stream>), Error>
 where
     T: TlsConnect<Socket>,
 {
     let socket = connect_socket(
-        host,
+        &host,
         port,
         config.connect_timeout,
         config.tcp_user_timeout,
@@ -151,7 +153,8 @@ where
     }
 
     client.set_socket_config(SocketConfig {
-        host: host.clone(),
+        host,
+        hostname,
         port,
         connect_timeout: config.connect_timeout,
         tcp_user_timeout: config.tcp_user_timeout,

tokio-postgres/src/connect_raw.rs

@@ -80,7 +80,7 @@ where
 
 pub async fn connect_raw<S, T>(
     stream: S,
-    tls: T,
+    tls: Option<T>,
     config: &Config,
 ) -> Result<(Client, Connection<S, T::Stream>), Error>
 where

tokio-postgres/src/connect_tls.rs

@@ -10,15 +10,19 @@ use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt};
 pub async fn connect_tls<S, T>(
     mut stream: S,
     mode: SslMode,
-    tls: T,
+    tls: Option<T>,
 ) -> Result<MaybeTlsStream<S, T::Stream>, Error>
 where
     S: AsyncRead + AsyncWrite + Unpin,
     T: TlsConnect<S>,
 {
     match mode {
         SslMode::Disable => return Ok(MaybeTlsStream::Raw(stream)),
-        SslMode::Prefer if !tls.can_connect(ForcePrivateApi) => {
+        SslMode::Prefer
+            if tls
+                .as_ref()
+                .map_or(false, |tls| !tls.can_connect(ForcePrivateApi)) =>
+        {
             return Ok(MaybeTlsStream::Raw(stream))
         }
         SslMode::Prefer | SslMode::Require => {}
@@ -40,6 +44,7 @@ where
     }
 
     let stream = tls
+        .ok_or_else(|| Error::tls("no hostname provided for TLS handshake".into()))?
         .connect(stream)
         .await
         .map_err(|e| Error::tls(e.into()))?;