initialise default TLS crypto provider with aws_lc_rs manually

we use ring for hashing state and ruma, and reqwest/rustls defaults
to aws_lc_rs, so we have to manually pick which one. there doesn't
seem to be a way to just use one for some reason, so lets just use
the new aws_lc_rs.

Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-08-23 19:29:36 -04:00 committed by Jason Volk
parent dc3d9ebbf1
commit 47ca835c20
5 changed files with 21 additions and 10 deletions

22
Cargo.lock generated
View file

@ -484,9 +484,9 @@ dependencies = [
[[package]]
name = "cc"
version = "1.1.13"
version = "1.1.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "72db2f7947ecee9b03b510377e8bb9077afa27176fdbff55c51027e976fdcc48"
checksum = "50d2eb3cd3d1bf4529e31c215ee6f93ec5a3d536d9f578f93d9d33ee19562932"
dependencies = [
"jobserver",
"libc",
@ -708,6 +708,7 @@ dependencies = [
"reqwest",
"ring",
"ruma",
"rustls 0.23.12",
"sanitize-filename",
"serde",
"serde_json",
@ -767,6 +768,7 @@ dependencies = [
"hyper-util",
"log",
"ruma",
"rustls 0.23.12",
"sd-notify",
"sentry",
"sentry-tower",
@ -1946,9 +1948,9 @@ dependencies = [
[[package]]
name = "lazy-regex"
version = "3.2.0"
version = "3.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "576c8060ecfdf2e56995cf3274b4f2d71fa5e4fa3607c1c0b63c10180ee58741"
checksum = "8d8e41c97e6bc7ecb552016274b99fbb5d035e8de288c582d9b933af6677bfda"
dependencies = [
"lazy-regex-proc_macros",
"once_cell",
@ -1957,9 +1959,9 @@ dependencies = [
[[package]]
name = "lazy-regex-proc_macros"
version = "3.2.0"
version = "3.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9efb9e65d4503df81c615dc33ff07042a9408ac7f26b45abee25566f7fbfd12c"
checksum = "76e1d8b05d672c53cb9c7b920bbba8783845ae4f0b076e02a3db1d02c81b4163"
dependencies = [
"proc-macro2",
"quote",
@ -2806,9 +2808,9 @@ dependencies = [
[[package]]
name = "quote"
version = "1.0.36"
version = "1.0.37"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7"
checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af"
dependencies = [
"proc-macro2",
]
@ -3591,9 +3593,9 @@ dependencies = [
[[package]]
name = "serde_json"
version = "1.0.125"
version = "1.0.127"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "83c8e735a073ccf5be70aa8066aa984eaf2fa000db6c8d0100ae605b366d31ed"
checksum = "8043c06d9f82bd7271361ed64f415fe5e12a77fdb52e573e7f06a516dea329ad"
dependencies = [
"itoa",
"memchr",

View file

@ -128,6 +128,9 @@ features = [
"catch-panic",
]
[workspace.dependencies.rustls]
version = "0.23.12"
[workspace.dependencies.reqwest]
version = "0.12.7"
default-features = false

View file

@ -82,6 +82,7 @@ regex.workspace = true
reqwest.workspace = true
ring.workspace = true
ruma.workspace = true
rustls.workspace = true
sanitize-filename.workspace = true
serde_json.workspace = true
serde_regex.workspace = true

View file

@ -62,6 +62,7 @@ http.workspace = true
hyper.workspace = true
hyper-util.workspace = true
ruma.workspace = true
rustls.workspace = true
sentry.optional = true
sentry-tower.optional = true
sentry-tower.workspace = true

View file

@ -18,6 +18,10 @@ pub(super) async fn serve(
let certs = &tls.certs;
let key = &tls.key;
// we use ring for ruma and hashing state, but aws-lc-rs is the new default.
// without this, TLS mode will panic.
_ = rustls::crypto::aws_lc_rs::default_provider().install_default();
debug!("Using direct TLS. Certificate path {certs} and certificate private key path {key}",);
info!(
"Note: It is strongly recommended that you use a reverse proxy instead of running conduwuit directly with TLS."