Bump required version of NIOSSL (#559)

Motivation:

Prior to NIOSSL 2.4 it was possible to silently drop some certificates
from a PEM bundle when loading from a file or buffer. These APIs were
deprecated in 2.4 and our usage of them was causing compiler warnings.

Modifications:

Set the minimum version of NIOSSL to 2.4; update usage to the new APIs.

Result:

Fewer compiler warnings.

Package.resolved

@@ -33,8 +33,8 @@
         "repositoryURL": "https://github.com/apple/swift-nio.git",
         "state": {
           "branch": null,
-          "revision": "26586835fd327f754efdebe3b9869f1e6f7cc298",
-          "version": "2.6.1"
+          "revision": "790827800d6af12ca6a8b1dca7a9072606fd2a1e",
+          "version": "2.7.0"
         }
       },
       {

Package.swift

@@ -33,7 +33,7 @@ let package = Package(
     // HTTP2 via SwiftNIO
     .package(url: "https://github.com/apple/swift-nio-http2.git", from: "1.5.0"),
     // TLS via SwiftNIO
-    .package(url: "https://github.com/apple/swift-nio-ssl.git", from: "2.0.0"),
+    .package(url: "https://github.com/apple/swift-nio-ssl.git", from: "2.4.0"),
     // Support for Network.framework where possible. Note: from 1.0.2 the package
     // is essentially an empty import on platforms where it isn't supported.
     .package(url: "https://github.com/apple/swift-nio-transport-services.git", from: "1.0.2"),

Sources/GRPCInteroperabilityTestsImplementation/InteroperabilityTestCredentials.swift

@@ -28,7 +28,7 @@ public struct InteroperabilityTestCredentials {
 
   /// Self signed gRPC interoperability test CA certificate.
   public static let caCertificate = try! NIOSSLCertificate(
-    buffer: Array(caCertificatePem.utf8CString),
+    bytes: .init(caCertificatePem.utf8),
     format: .pem)
 
   /// gRPC interoperability test server certificate.
@@ -36,7 +36,7 @@ public struct InteroperabilityTestCredentials {
   /// Note: the specification refers to the certificate and key as "server1", this name is carried
   /// across here.
   public static let server1Certificate = try! NIOSSLCertificate(
-    buffer: Array(server1CertificatePem.utf8CString),
+    bytes: .init(server1CertificatePem.utf8),
     format: .pem)
 
   /// gRPC interoperability test server private key.
@@ -44,7 +44,7 @@ public struct InteroperabilityTestCredentials {
   /// Note: the specification refers to the certificate and key as "server1", this name is carried
   /// across here.
   public static let server1Key = try! NIOSSLPrivateKey(
-    buffer: Array(server1KeyPem.utf8CString),
+    bytes: .init(server1KeyPem.utf8),
     format: .pem)
 
   private static let caCertificatePem = """

Sources/GRPCPerformanceTests/main.swift

@@ -217,7 +217,7 @@ func measure(description: String, benchmark: Benchmark, repeats: Int) -> Benchma
 /// - Parameter certificatePath: The path to the certificate.
 /// - Parameter privateKeyPath: The path to the private key.
 /// - Parameter server: Whether this is for the server or not.
-private func makeServerTLSConfiguration(caCertificatePath: String, certificatePath: String, privateKeyPath: String) -> Server.Configuration.TLS? {
+private func makeServerTLSConfiguration(caCertificatePath: String, certificatePath: String, privateKeyPath: String) throws -> Server.Configuration.TLS? {
   // Commander doesn't have Optional options; we use empty strings to indicate no value.
   guard certificatePath.isEmpty == privateKeyPath.isEmpty &&
     privateKeyPath.isEmpty == caCertificatePath.isEmpty else {
@@ -231,7 +231,7 @@ private func makeServerTLSConfiguration(caCertificatePath: String, certificatePa
   }
 
   return .init(
-    certificateChain: [.file(certificatePath)],
+    certificateChain: try NIOSSLCertificate.fromPEMFile(certificatePath).map { .certificate($0) },
     privateKey: .file(privateKeyPath),
     trustRoots: .file(caCertificatePath)
   )
@@ -241,7 +241,7 @@ private func makeClientTLSConfiguration(
   caCertificatePath: String,
   certificatePath: String,
   privateKeyPath: String
-) -> ClientConnection.Configuration.TLS? {
+) throws -> ClientConnection.Configuration.TLS? {
   // Commander doesn't have Optional options; we use empty strings to indicate no value.
   guard certificatePath.isEmpty == privateKeyPath.isEmpty &&
     privateKeyPath.isEmpty == caCertificatePath.isEmpty else {
@@ -255,7 +255,7 @@ private func makeClientTLSConfiguration(
   }
 
   return .init(
-    certificateChain: [.file(certificatePath)],
+    certificateChain: try NIOSSLCertificate.fromPEMFile(certificatePath).map { .certificate($0) },
     privateKey: .file(privateKeyPath),
     trustRoots: .file(caCertificatePath)
   )
@@ -363,7 +363,7 @@ Group { group in
     privateKeyOption,
     hostOverrideOption
   ) { benchmarkNames, host, port, caCertificatePath, certificatePath, privateKeyPath, hostOverride in
-    let tlsConfiguration = makeClientTLSConfiguration(
+    let tlsConfiguration = try makeClientTLSConfiguration(
       caCertificatePath: caCertificatePath,
       certificatePath: certificatePath,
       privateKeyPath: privateKeyPath)
@@ -402,7 +402,7 @@ Group { group in
   ) { host, port, caCertificatePath, certificatePath, privateKeyPath in
     let group = MultiThreadedEventLoopGroup(numberOfThreads: System.coreCount)
 
-    let tlsConfiguration = makeServerTLSConfiguration(
+    let tlsConfiguration = try makeServerTLSConfiguration(
       caCertificatePath: caCertificatePath,
       certificatePath: certificatePath,
       privateKeyPath: privateKeyPath)

Sources/GRPCSampleData/GRPCSwiftCertificate.swift

@@ -23,26 +23,26 @@ public struct SampleCertificate {
   public var notAfter: Date
 
   public static let ca = SampleCertificate(
-    certificate: try! NIOSSLCertificate(buffer: Array(caCert.utf8CString), format: .pem),
+    certificate: try! NIOSSLCertificate(bytes: .init(caCert.utf8), format: .pem),
     commonName: "foo",
     // 22/07/2024 16:32:23
     notAfter: Date(timeIntervalSince1970: 1721662343.0))
 
   public static let server = SampleCertificate(
-    certificate: try! NIOSSLCertificate(buffer: Array(serverCert.utf8CString), format: .pem),
+    certificate: try! NIOSSLCertificate(bytes: .init(serverCert.utf8), format: .pem),
     commonName: "localhost",
     // 22/07/2024 16:32:23
     notAfter: Date(timeIntervalSince1970: 1721662343.0))
 
   public static let exampleServer = SampleCertificate(
-    certificate: try! NIOSSLCertificate(buffer: Array(exampleServerCert.utf8CString), format: .pem),
+    certificate: try! NIOSSLCertificate(bytes: .init(exampleServerCert.utf8), format: .pem),
     commonName: "example.com",
     // 22/07/2024 16:43:12
     notAfter: Date(timeIntervalSince1970: 1721662992.0)
   )
 
   public static let client = SampleCertificate(
-    certificate: try! NIOSSLCertificate(buffer: Array(clientCert.utf8CString), format: .pem),
+    certificate: try! NIOSSLCertificate(bytes: .init(clientCert.utf8), format: .pem),
     commonName: "localhost",
     // 22/07/2024 16:32:23
     notAfter: Date(timeIntervalSince1970: 1721662343.0))
@@ -59,9 +59,9 @@ extension SampleCertificate {
 public struct SamplePrivateKey {
   private init() { }
 
-  public static let server = try! NIOSSLPrivateKey(buffer: Array(serverKey.utf8CString), format: .pem)
-  public static let exampleServer = try! NIOSSLPrivateKey(buffer: Array(exampleServerKey.utf8CString), format: .pem)
-  public static let client = try! NIOSSLPrivateKey(buffer: Array(clientKey.utf8CString), format: .pem)
+  public static let server = try! NIOSSLPrivateKey(bytes: .init(serverKey.utf8), format: .pem)
+  public static let exampleServer = try! NIOSSLPrivateKey(bytes: .init(exampleServerKey.utf8), format: .pem)
+  public static let client = try! NIOSSLPrivateKey(bytes: .init(clientKey.utf8), format: .pem)
 }
 
 // MARK: - Certificates and private keys