fix: Use default crypto provider for TLS server

Author: Techassi

crates/stackable-webhook/src/servers/conversion.rs

@@ -101,12 +101,14 @@ impl ConversionWebhookServer {
     ///
     /// ## Example
     ///
-    /// ```
-    /// use stackable_webhook::{ConversionWebhookServer, ConversionWebhookOptions};
+    /// ```no_run
+    /// # use tokio_rustls::rustls::crypto::{CryptoProvider, ring::default_provider};
+    /// use stackable_webhook::servers::{ConversionWebhookServer, ConversionWebhookOptions};
     /// use stackable_operator::crd::s3::{S3Connection, S3ConnectionVersion};
     ///
-    /// # #[tokio::test]
+    /// # #[tokio::main]
     /// # async fn main() {
+    /// # CryptoProvider::install_default(default_provider()).unwrap();
     /// let crds_and_handlers = vec![
     ///     (
     ///         S3Connection::merged_crd(S3ConnectionVersion::V1Alpha1)
@@ -179,7 +181,7 @@ impl ConversionWebhookServer {
 
     /// Runs the [`ConversionWebhookServer`] asynchronously.
     pub async fn run(self) -> Result<(), ConversionWebhookError> {
-        tracing::info!("starting conversion webhook server");
+        tracing::info!("run conversion webhook server");
         self.0.run().await.context(RunWebhookServerSnafu)
     }
 }

crates/stackable-webhook/src/tls/cert_resolver.rs

@@ -44,7 +44,7 @@ pub enum CertificateResolverError {
     TokioSpawnBlocking { source: tokio::task::JoinError },
 
     #[snafu(display("no default rustls CryptoProvider installed"))]
-    NoDefaultCryptoProviderInstalled {},
+    NoDefaultCryptoProviderInstalled,
 }
 
 /// This struct serves as [`ResolvesServerCert`] to always hand out the current certificate for TLS

crates/stackable-webhook/src/tls/mod.rs

@@ -11,7 +11,7 @@ use hyper::{body::Incoming, service::service_fn};
 use hyper_util::rt::{TokioExecutor, TokioIo};
 use opentelemetry::trace::{FutureExt, SpanKind};
 use opentelemetry_semantic_conventions as semconv;
-use snafu::{ResultExt, Snafu};
+use snafu::{OptionExt, ResultExt, Snafu};
 use stackable_shared::time::Duration;
 use tokio::{
     net::{TcpListener, TcpStream},
@@ -21,7 +21,7 @@ use tokio_rustls::{
     TlsAcceptor,
     rustls::{
         ServerConfig,
-        crypto::ring::default_provider,
+        crypto::CryptoProvider,
         version::{TLS12, TLS13},
     },
 };
@@ -59,6 +59,9 @@ pub enum TlsServerError {
 
     #[snafu(display("failed to set safe TLS protocol versions"))]
     SetSafeTlsProtocolVersions { source: tokio_rustls::rustls::Error },
+
+    #[snafu(display("no default rustls CryptoProvider installed"))]
+    NoDefaultCryptoProviderInstalled,
 }
 
 /// A server which terminates TLS connections and allows clients to communicate
@@ -97,8 +100,10 @@ impl TlsServer {
             .context(CreateCertificateResolverSnafu)?;
         let cert_resolver = Arc::new(cert_resolver);
 
-        let tls_provider = default_provider();
-        let mut config = ServerConfig::builder_with_provider(tls_provider.into())
+        let tls_provider =
+            CryptoProvider::get_default().context(NoDefaultCryptoProviderInstalledSnafu)?;
+
+        let mut config = ServerConfig::builder_with_provider(tls_provider.clone())
             .with_protocol_versions(&[&TLS12, &TLS13])
             .context(SetSafeTlsProtocolVersionsSnafu)?
             .with_no_client_auth()