fix: remove pgstac custom tls stuff (#587)

- Closes #575

Author: gadomski

crates/pgstac/Cargo.toml

@@ -11,19 +11,13 @@ repository.workspace = true
 license.workspace = true
 rust-version.workspace = true
 
-[features]
-tls = ["dep:rustls", "dep:tokio-postgres-rustls", "dep:webpki-roots"]
-
 [dependencies]
-rustls = { workspace = true, features = ["ring", "std"], optional = true }
 serde.workspace = true
 serde_json.workspace = true
 stac.workspace = true
 stac-api.workspace = true
 thiserror.workspace = true
 tokio-postgres = { workspace = true, features = ["with-serde_json-1"] }
-tokio-postgres-rustls = { workspace = true, optional = true }
-webpki-roots = { workspace = true, optional = true }
 
 [dev-dependencies]
 geojson.workspace = true

crates/pgstac/src/lib.rs

@@ -76,15 +76,11 @@
 #![warn(missing_docs)]
 
 mod page;
-#[cfg(feature = "tls")]
-mod tls;
 
 pub use page::Page;
 use serde::{de::DeserializeOwned, Serialize};
 use stac_api::Search;
 use tokio_postgres::{types::ToSql, GenericClient, Row};
-#[cfg(feature = "tls")]
-pub use {tls::make_unverified_tls, tokio_postgres_rustls::MakeRustlsConnect};
 
 /// Crate-specific error enum.
 #[derive(Debug, thiserror::Error)]

crates/pgstac/src/tls.rs

@@ -13,7 +13,14 @@ rust-version.workspace = true
 
 [features]
 axum = ["dep:axum", "dep:bytes", "dep:mime", "dep:tower-http"]
-pgstac = ["dep:pgstac", "dep:bb8", "dep:bb8-postgres", "dep:tokio-postgres"]
+pgstac = [
+    "dep:bb8",
+    "dep:bb8-postgres",
+    "dep:pgstac",
+    "dep:rustls",
+    "dep:tokio-postgres",
+    "dep:tokio-postgres-rustls",
+]
 
 [dependencies]
 axum = { workspace = true, optional = true }
@@ -22,14 +29,16 @@ bb8-postgres = { workspace = true, optional = true }
 bytes = { workspace = true, optional = true }
 http.workspace = true
 mime = { workspace = true, optional = true }
-pgstac = { workspace = true, features = ["tls"], optional = true }
+pgstac = { workspace = true, optional = true }
+rustls = { workspace = true, optional = true }
 serde.workspace = true
 serde_json.workspace = true
 serde_urlencoded.workspace = true
 stac.workspace = true
 stac-api = { workspace = true, features = ["geo"] }
 thiserror.workspace = true
 tokio-postgres = { workspace = true, optional = true }
+tokio-postgres-rustls = { workspace = true, optional = true }
 tower-http = { workspace = true, features = ["cors", "trace"], optional = true }
 tracing.workspace = true
 url.workspace = true

crates/server/Cargo.toml

@@ -1,15 +1,16 @@
 use crate::{Backend, Error, Result};
 use bb8::Pool;
 use bb8_postgres::PostgresConnectionManager;
-use pgstac::MakeRustlsConnect;
 use pgstac::Pgstac;
+use rustls::{ClientConfig, RootCertStore};
 use serde_json::Map;
 use stac::{Collection, Item};
 use stac_api::{ItemCollection, Items, Search};
 use tokio_postgres::{
     tls::{MakeTlsConnect, TlsConnect},
     Socket,
 };
+use tokio_postgres_rustls::MakeRustlsConnect;
 
 /// A backend for a [pgstac](https://github.com/stac-utils/pgstac) database.
 #[derive(Clone, Debug)]
@@ -40,7 +41,10 @@ impl PgstacBackend<MakeRustlsConnect> {
     pub async fn new_from_stringlike(
         params: impl ToString,
     ) -> Result<PgstacBackend<MakeRustlsConnect>> {
-        let tls = pgstac::make_unverified_tls();
+        let config = ClientConfig::builder()
+            .with_root_certificates(RootCertStore::empty())
+            .with_no_client_auth();
+        let tls = MakeRustlsConnect::new(config);
         PgstacBackend::new_from_stringlike_and_tls(params, tls).await
     }
 }
@@ -53,20 +57,6 @@ where
     <<Tls as MakeTlsConnect<Socket>>::TlsConnect as TlsConnect<Socket>>::Future: Send,
 {
     /// Creates a new PgstacBackend from a string-like configuration and a tls.
-    ///
-    /// # Examples
-    ///
-    /// ```no_run
-    /// use stac_server::PgstacBackend;
-    ///
-    /// let tls = pgstac::make_unverified_tls();
-    /// # tokio_test::block_on(async {
-    /// let backend = PgstacBackend::new_from_stringlike_and_tls(
-    ///     "postgresql://username:password@localhost:5432/postgis",
-    ///     tls
-    /// ).await.unwrap();
-    /// # })
-    /// ```
     pub async fn new_from_stringlike_and_tls(
         params: impl ToString,
         tls: Tls,