Skip to content

Commit 201217f

Browse files
tnulltnull
authored
Merge pull request #600 from tnull/2025-08-fix-rustls-crypto-provider
Ensure we always startup with a `rustls` `CryptoProvider`
2 parents 54e1953 + 9fa5686 commit 201217f

File tree

2 files changed

+23
-1
lines changed

2 files changed

+23
-1
lines changed

Cargo.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,7 @@ bdk_electrum = { version = "0.23.0", default-features = false, features = ["use-
6767
bdk_wallet = { version = "2.0.0", default-features = false, features = ["std", "keys-bip39"]}
6868

6969
reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
70+
rustls = { version = "0.23", default-features = false }
7071
rusqlite = { version = "0.31.0", features = ["bundled"] }
7172
bitcoin = "0.32.4"
7273
bip39 = "2.0.0"

src/builder.rs

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@ use std::fmt;
7474
use std::fs;
7575
use std::path::PathBuf;
7676
use std::sync::atomic::AtomicBool;
77-
use std::sync::{Arc, Mutex, RwLock};
77+
use std::sync::{Arc, Mutex, Once, RwLock};
7878
use std::time::SystemTime;
7979
use vss_client::headers::{FixedHeaders, LnurlAuthToJwtProvider, VssHeaderProvider};
8080

@@ -936,6 +936,8 @@ fn build_with_store_internal(
936936
liquidity_source_config: Option<&LiquiditySourceConfig>, seed_bytes: [u8; 64],
937937
logger: Arc<Logger>, kv_store: Arc<DynStore>,
938938
) -> Result<Node, BuildError> {
939+
optionally_install_rustls_cryptoprovider();
940+
939941
if let Err(err) = may_announce_channel(&config) {
940942
if config.announcement_addresses.is_some() {
941943
log_error!(logger, "Announcement addresses were set but some required configuration options for node announcement are missing: {}", err);
@@ -1525,6 +1527,25 @@ fn build_with_store_internal(
15251527
})
15261528
}
15271529

1530+
fn optionally_install_rustls_cryptoprovider() {
1531+
// Acquire a global Mutex, ensuring that only one process at a time install the provider. This
1532+
// is mostly required for running tests concurrently.
1533+
static INIT_CRYPTO: Once = Once::new();
1534+
1535+
INIT_CRYPTO.call_once(|| {
1536+
// Ensure we always install a `CryptoProvider` for `rustls` if it was somehow not previously installed by now.
1537+
if rustls::crypto::CryptoProvider::get_default().is_none() {
1538+
let _ = rustls::crypto::aws_lc_rs::default_provider().install_default();
1539+
}
1540+
1541+
// Refuse to startup without TLS support. Better to catch it now than even later at runtime.
1542+
assert!(
1543+
rustls::crypto::CryptoProvider::get_default().is_some(),
1544+
"We need to have a CryptoProvider"
1545+
);
1546+
});
1547+
}
1548+
15281549
/// Sets up the node logger.
15291550
fn setup_logger(
15301551
log_writer_config: &Option<LogWriterConfig>, config: &Config,

0 commit comments

Comments
 (0)