feature-gate direct TLS mode to make rustls/aws-lc-rs optional

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-10-10 16:23:38 -04:00 · 2024-10-10 16:23:38 -04:00 · e5efd55838
commit e5efd55838
parent 87734a074f
7 changed files with 29 additions and 11 deletions
--- a/src/router/serve/mod.rs
+++ b/src/router/serve/mod.rs
@ -1,4 +1,5 @@
 mod plain;
+#[cfg(feature = "direct_tls")]
 mod tls;
 mod unix;

@ -23,7 +24,14 @@ pub(super) async fn serve(
 	if cfg!(unix) && config.unix_socket_path.is_some() {
 		unix::serve(server, app, shutdown).await
 	} else if config.tls.is_some() {
-		tls::serve(server, app, handle, addrs).await
+		#[cfg(feature = "direct_tls")]
+		return tls::serve(server, app, handle, addrs).await;
+
+		#[cfg(not(feature = "direct_tls"))]
+		return conduit::Err!(Config(
+			"tls",
+			"conduwuit was not built with direct TLS support (\"direct_tls\")"
+		));
 	} else {
 		plain::serve(server, app, handle, addrs).await
 	}
--- a/src/router/serve/tls.rs
+++ b/src/router/serve/tls.rs
@ -20,7 +20,9 @@ pub(super) async fn serve(

 	// we use ring for ruma and hashing state, but aws-lc-rs is the new default.
 	// without this, TLS mode will panic.
-	_ = rustls::crypto::aws_lc_rs::default_provider().install_default();
+	rustls::crypto::aws_lc_rs::default_provider()
+		.install_default()
+		.expect("failed to initialise aws-lc-rs rustls crypto provider");

 	debug!("Using direct TLS. Certificate path {certs} and certificate private key path {key}",);
 	info!(