backups/grapevine
1
0
Fork 0
mirror of https://gitlab.computer.surgery/matrix/grapevine.git synced 2025-12-17 15:51:23 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix serving tls by setting rustls default crypto provider

Browse source 
The rustls version bump in c24f79b79b
introduced a panic when serving listeners with 'tls = true':

> thread 'main' panicked at /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-vendor-cargo-deps/c19b7c6f923b580ac259164a89f2577984ad5ab09ee9d583b888f934adbbe8d0/rustls-0.23.13/src/crypto/mod.rs:265:14:
> no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point

This commit fixes this by setting the default provider to ring. I chose
ring (the old rustls default) over aws-lc-rs (the new default) for a few
reasons:

 - Judging by github issues, aws-lc-rs seems to have a lot of build problems.
   We don't need more of that.
 - The "motivation" section in the aws-lc-rs docs only talks about FIPS,
   which we do not care about.
 - My past experience with things that start with "aws-" has been very
   negative.
This commit is contained in:
Benjamin Lee 2024-09-23 23:33:29 -07:00
parent 084d862e51
commit e2318cad8a
No known key found for this signature in database
GPG key ID: FB9624E2885D55A4
3 changed files with 8 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/cli/serve.rs
View file

@ -52,6 +52,10 @@ pub(crate) async fn run(args: ServeArgs) -> Result<(), error::ServeCommand> {
let config = config::load(args.config.config.as_ref()).await?;
rustls::crypto::ring::default_provider()
.install_default()
.expect("rustls default crypto provider should not be already set");
let (_guard, reload_handles) = observability::init(&config)?;
// This is needed for opening lots of file descriptors, which tends to