From 03913b987ea75ac6902799f0cfa36b583b5d40e1 Mon Sep 17 00:00:00 2001
From: Mikhail Katychev <mkatych@gmail.com>
Date: Fri, 9 Aug 2024 14:39:14 -0500
Subject: [PATCH 1/3] tls feature flag for Endpoint::new

---
 tests/integration_tests/tests/connection.rs |  1 +
 tonic/src/transport/channel/endpoint.rs     | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/tests/integration_tests/tests/connection.rs b/tests/integration_tests/tests/connection.rs
index bb67adf55..f5679b4af 100644
--- a/tests/integration_tests/tests/connection.rs
+++ b/tests/integration_tests/tests/connection.rs
@@ -22,6 +22,7 @@ impl test_server::Test for Svc {
 #[tokio::test]
 async fn connect_returns_err() {
     let res = TestClient::connect("http://thisdoesntexist").await;
+    dbg!(&res);
 
     assert!(res.is_err());
 }
diff --git a/tonic/src/transport/channel/endpoint.rs b/tonic/src/transport/channel/endpoint.rs
index 37ace4f12..488160a01 100644
--- a/tonic/src/transport/channel/endpoint.rs
+++ b/tonic/src/transport/channel/endpoint.rs
@@ -49,6 +49,24 @@ impl Endpoint {
         D::Error: Into<crate::Error>,
     {
         let me = dst.try_into().map_err(|e| Error::from_source(e.into()))?;
+        #[cfg(feature = "tls")]
+        if let Some(tls_config) = me
+            .uri
+            .scheme()
+            .map(|s| s.as_str() == http::uri::Scheme::HTTPS.as_str())
+            .unwrap_or(false)
+            .then(|| {
+                let config = ClientTlsConfig::new();
+                #[cfg(feature = "tls-native-roots")]
+                let config = config.with_native_roots();
+                #[cfg(feature = "tls-webpki-roots")]
+                let config = config.with_webpki_roots();
+                config
+            })
+        {
+            return me.tls_config(tls_config);
+        }
+
         Ok(me)
     }
 

From 55bb1864c39026ca6b38502826abdd9ddd2cee1d Mon Sep 17 00:00:00 2001
From: Mikhail Katychev <mkatych@gmail.com>
Date: Fri, 9 Aug 2024 14:43:37 -0500
Subject: [PATCH 2/3] added unit test

---
 tests/integration_tests/tests/connection.rs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tests/integration_tests/tests/connection.rs b/tests/integration_tests/tests/connection.rs
index f5679b4af..841600bcf 100644
--- a/tests/integration_tests/tests/connection.rs
+++ b/tests/integration_tests/tests/connection.rs
@@ -22,11 +22,15 @@ impl test_server::Test for Svc {
 #[tokio::test]
 async fn connect_returns_err() {
     let res = TestClient::connect("http://thisdoesntexist").await;
-    dbg!(&res);
 
     assert!(res.is_err());
 }
 
+#[tokio::test]
+async fn connect_handles_tls() {
+    TestClient::connect("https://example.com").await.unwrap();
+}
+
 #[tokio::test]
 async fn connect_returns_err_via_call_after_connected() {
     let (tx, rx) = oneshot::channel();

From de5cec8c50c9dc62e8df67e08fa194aee4ad79e1 Mon Sep 17 00:00:00 2001
From: Mikhail Katychev <mkatych@gmail.com>
Date: Mon, 19 Aug 2024 14:44:24 -0500
Subject: [PATCH 3/3] Simplified `Endpoint::new` initialization

---
 tonic/src/transport/channel/endpoint.rs | 17 ++---------------
 tonic/src/transport/channel/tls.rs      | 10 ++++++++++
 2 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/tonic/src/transport/channel/endpoint.rs b/tonic/src/transport/channel/endpoint.rs
index 488160a01..419d0399f 100644
--- a/tonic/src/transport/channel/endpoint.rs
+++ b/tonic/src/transport/channel/endpoint.rs
@@ -50,21 +50,8 @@ impl Endpoint {
     {
         let me = dst.try_into().map_err(|e| Error::from_source(e.into()))?;
         #[cfg(feature = "tls")]
-        if let Some(tls_config) = me
-            .uri
-            .scheme()
-            .map(|s| s.as_str() == http::uri::Scheme::HTTPS.as_str())
-            .unwrap_or(false)
-            .then(|| {
-                let config = ClientTlsConfig::new();
-                #[cfg(feature = "tls-native-roots")]
-                let config = config.with_native_roots();
-                #[cfg(feature = "tls-webpki-roots")]
-                let config = config.with_webpki_roots();
-                config
-            })
-        {
-            return me.tls_config(tls_config);
+        if me.uri.scheme() == Some(&http::uri::Scheme::HTTPS) {
+            return me.tls_config(ClientTlsConfig::new().with_enabled_roots());
         }
 
         Ok(me)
diff --git a/tonic/src/transport/channel/tls.rs b/tonic/src/transport/channel/tls.rs
index 8c845f0ef..0e1ec254c 100644
--- a/tonic/src/transport/channel/tls.rs
+++ b/tonic/src/transport/channel/tls.rs
@@ -81,6 +81,16 @@ impl ClientTlsConfig {
         }
     }
 
+    /// Activates all TLS roots enabled through `tls-*-roots` feature flags
+    pub fn with_enabled_roots(self) -> Self {
+        let config = ClientTlsConfig::new();
+        #[cfg(feature = "tls-native-roots")]
+        let config = config.with_native_roots();
+        #[cfg(feature = "tls-webpki-roots")]
+        let config = config.with_webpki_roots();
+        config
+    }
+
     pub(crate) fn into_tls_connector(self, uri: &Uri) -> Result<TlsConnector, crate::Error> {
         let domain = match &self.domain {
             Some(domain) => domain,