Skip to content

Commit 90c67ca

Browse files
tnulltnull
committed
Ensure we always startup with a rustls CryptoProvider
The `rustls` library recently introduced this weird behavior where they expect users to, apart from configuring the respective feature, also explictly call `CryptoProvider::install_default`. Otherwise they'd simply panic at runtime whenever the first network call requiring TLS would be made. While we already made a change upstream at `rust-electrum-client`, we also make sure here that we definitely, always, absolutley are sure that we have a `CryptoProvider` set on startup.
1 parent 93858b3 commit 90c67ca

File tree

2 files changed

+19
-0
lines changed

2 files changed

+19
-0
lines changed

Cargo.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,7 @@ bdk_electrum = { version = "0.23.0", default-features = false, features = ["use-
6767
bdk_wallet = { version = "2.0.0", default-features = false, features = ["std", "keys-bip39"]}
6868

6969
reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
70+
rustls = { version = "0.23", default-features = false }
7071
rusqlite = { version = "0.31.0", features = ["bundled"] }
7172
bitcoin = "0.32.4"
7273
bip39 = "2.0.0"

src/builder.rs

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -936,6 +936,8 @@ fn build_with_store_internal(
936936
liquidity_source_config: Option<&LiquiditySourceConfig>, seed_bytes: [u8; 64],
937937
logger: Arc<Logger>, kv_store: Arc<DynStore>,
938938
) -> Result<Node, BuildError> {
939+
optionally_install_rustls_cryptoprovider();
940+
939941
if let Err(err) = may_announce_channel(&config) {
940942
if config.announcement_addresses.is_some() {
941943
log_error!(logger, "Announcement addresses were set but some required configuration options for node announcement are missing: {}", err);
@@ -1525,6 +1527,22 @@ fn build_with_store_internal(
15251527
})
15261528
}
15271529

1530+
fn optionally_install_rustls_cryptoprovider() {
1531+
// Ensure we always install a `CryptoProvider` for `rustls` if it was somehow not previously installed by now.
1532+
if rustls::crypto::CryptoProvider::get_default().is_none() {
1533+
let res = rustls::crypto::aws_lc_rs::default_provider()
1534+
.install_default()
1535+
.or(rustls::crypto::ring::default_provider().install_default());
1536+
debug_assert!(res.is_ok(), "We need to install a CryptoProvider");
1537+
}
1538+
1539+
// Refuse to startup without TLS support. Better to catch it now than even later at runtime.
1540+
assert!(
1541+
rustls::crypto::CryptoProvider::get_default().is_some(),
1542+
"We need to have a CryptoProvider"
1543+
);
1544+
}
1545+
15281546
/// Sets up the node logger.
15291547
fn setup_logger(
15301548
log_writer_config: &Option<LogWriterConfig>, config: &Config,

0 commit comments

Comments
 (0)