initialise default TLS crypto provider with aws_lc_rs manually

we use ring for hashing state and ruma, and reqwest/rustls defaults to aws_lc_rs, so we have to manually pick which one. there doesn't seem to be a way to just use one for some reason, so lets just use the new aws_lc_rs. Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-08-23 19:29:36 -04:00 · 2024-08-23 19:29:36 -04:00 · 47ca835c20
commit 47ca835c20
parent dc3d9ebbf1
5 changed files with 21 additions and 10 deletions
--- a/src/core/Cargo.toml
+++ b/src/core/Cargo.toml
@ -82,6 +82,7 @@ regex.workspace = true
 reqwest.workspace = true
 ring.workspace = true
 ruma.workspace = true
+rustls.workspace = true
 sanitize-filename.workspace = true
 serde_json.workspace = true
 serde_regex.workspace = true
--- a/src/router/Cargo.toml
+++ b/src/router/Cargo.toml
@ -62,6 +62,7 @@ http.workspace = true
 hyper.workspace = true
 hyper-util.workspace = true
 ruma.workspace = true
+rustls.workspace = true
 sentry.optional = true
 sentry-tower.optional = true
 sentry-tower.workspace = true
--- a/src/router/serve/tls.rs
+++ b/src/router/serve/tls.rs
@ -18,6 +18,10 @@ pub(super) async fn serve(
 	let certs = &tls.certs;
 	let key = &tls.key;

+	// we use ring for ruma and hashing state, but aws-lc-rs is the new default.
+	// without this, TLS mode will panic.
+	_ = rustls::crypto::aws_lc_rs::default_provider().install_default();
+
 	debug!("Using direct TLS. Certificate path {certs} and certificate private key path {key}",);
 	info!(
 		"Note: It is strongly recommended that you use a reverse proxy instead of running conduwuit directly with TLS."