fix: better HTTPS errors with disabled native-tls or rustls-tls (#229)

Author: slvrtrn

.github/workflows/ci.yml

@@ -100,12 +100,14 @@ jobs:
       - run: cargo test --features uuid,time
       - run: cargo test --all-features
 
-      # Temporary runs tests with `cloud_` prefix only until we validate that the rest of the tests are working
       - name: Run tests with ClickHouse Cloud
         env:
           CLICKHOUSE_TEST_ENVIRONMENT: cloud
           CLICKHOUSE_CLOUD_HOST: ${{ secrets.INTEGRATIONS_TEAM_TESTS_CLOUD_HOST_SMT }}
           CLICKHOUSE_CLOUD_PASSWORD: ${{ secrets.INTEGRATIONS_TEAM_TESTS_CLOUD_PASSWORD_SMT }}
           CLICKHOUSE_CLOUD_JWT_ACCESS_TOKEN: ${{ secrets.INTEGRATIONS_TEAM_TESTS_CLOUD_JWT_DESERT_VM_43 }}
+        # Temporary runs tests with `cloud_` prefix only until we validate that the rest of the tests are working
+        # `https_errors` should assert ClickHouse Cloud connection errors without enabled TLS features
         run: |
           cargo test cloud_ --features rustls-tls -- --nocapture
+          cargo test https_errors -- --nocapture

src/error.rs

@@ -58,6 +58,20 @@ impl From<hyper::Error> for Error {
 
 impl From<hyper_util::client::legacy::Error> for Error {
     fn from(error: hyper_util::client::legacy::Error) -> Self {
+        #[cfg(not(any(feature = "rustls-tls", feature = "native-tls")))]
+        if error.is_connect() {
+            static SCHEME_IS_NOT_HTTP: &str = "invalid URL, scheme is not http";
+
+            let src = error.source().unwrap();
+            // Unfortunately, this seems to be the only way, as `INVALID_NOT_HTTP` is not public.
+            // See https://github.com/hyperium/hyper-util/blob/v0.1.14/src/client/legacy/connect/http.rs#L491-L495
+            if src.to_string() == SCHEME_IS_NOT_HTTP {
+                return Self::Unsupported(format!(
+                    "{SCHEME_IS_NOT_HTTP}; if you are trying to connect via HTTPS, \
+                    consider enabling `native-tls` or `rustls-tls` feature"
+                ));
+            }
+        }
         Self::Network(Box::new(error))
     }
 }

tests/it/https_errors.rs

@@ -0,0 +1,30 @@
+use crate::{get_cloud_url, require_env_var};
+use clickhouse::Client;
+
+#[tokio::test]
+async fn test_https_error_on_missing_feature() {
+    check_cloud_test_env!();
+    let valid_token = require_env_var("CLICKHOUSE_CLOUD_JWT_ACCESS_TOKEN");
+    let client = Client::default()
+        .with_url(get_cloud_url())
+        .with_access_token(valid_token);
+    let result = client
+        .query("SELECT 42")
+        .fetch_one::<u8>()
+        .await
+        .err()
+        .map(|e| e.to_string())
+        .expect("expected a TLS Error, got Ok instead");
+
+    for fragment in [
+        "invalid URL, scheme is not http",
+        "HTTPS",
+        "`native-tls` or `rustls-tls`",
+    ] {
+        assert!(
+            result.contains(fragment),
+            "TLS error message should contain `{}`",
+            fragment
+        );
+    }
+}

tests/it/main.rs

@@ -115,6 +115,7 @@ mod compression;
 mod cursor_error;
 mod cursor_stats;
 mod fetch_bytes;
+mod https_errors;
 mod insert;
 mod inserter;
 mod int128;