Mirrors/continuwuity
1
0
Fork 0
mirror of https://forgejo.ellis.link/continuwuation/continuwuity.git synced 2026-05-26 20:49:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Explicitly set TLS backends

Browse Source 
Dependency updates mean we have to set a custom TLS backend sooner.
Also some groundwork for being able to use aws-lc in future
This commit is contained in:
Jade Ellis
2026-04-24 14:19:12 +01:00
parent 7ca0d137c4
commit e31c5997b7
9 changed files with 170 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Cargo.lock
Generated
+145
View File
@@ -382,6 +382,28 @@ dependencies = [
"arrayvec", "arrayvec",
] ]
[[package]]
name = "aws-lc-rs"
version = "1.16.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0ec6fb3fe69024a75fa7e1bfb48aa6cf59706a101658ea01bfd33b2b248a038f"
dependencies = [
"aws-lc-sys",
"zeroize",
]
[[package]]
name = "aws-lc-sys"
version = "0.40.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f50037ee5e1e41e7b8f9d161680a725bd1626cb6f8c7e901f91f942850852fe7"
dependencies = [
"cc",
"cmake",
"dunce",
"fs_extra",
]
[[package]] [[package]]
name = "axum" name = "axum"
version = "0.8.9" version = "0.8.9"
@@ -876,6 +898,15 @@ dependencies = [
"http", "http",
] ]
[[package]]
name = "cmake"
version = "0.1.58"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c0f78a02292a74a88ac736019ab962ece0bc380e3f977bf72e376c5d78ff0678"
dependencies = [
"cc",
]
[[package]] [[package]]
name = "cmov" name = "cmov"
version = "0.5.3" version = "0.5.3"
@@ -931,6 +962,7 @@ dependencies = [
name = "conduwuit" name = "conduwuit"
version = "0.5.7" version = "0.5.7"
dependencies = [ dependencies = [
"aws-lc-rs",
"clap", "clap",
"conduwuit_admin", "conduwuit_admin",
"conduwuit_api", "conduwuit_api",
@@ -949,6 +981,8 @@ dependencies = [
"opentelemetry-otlp", "opentelemetry-otlp",
"opentelemetry_sdk", "opentelemetry_sdk",
"parking_lot", "parking_lot",
"reqwest 0.13.2",
"rustls",
"sentry", "sentry",
"sentry-tower", "sentry-tower",
"sentry-tracing", "sentry-tracing",
@@ -1771,6 +1805,12 @@ version = "0.0.13"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2647271c92754afcb174e758003cfd1cbf1e43e5a7853d7b1813e63e19e39a73" checksum = "2647271c92754afcb174e758003cfd1cbf1e43e5a7853d7b1813e63e19e39a73"
[[package]]
name = "dunce"
version = "1.0.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
[[package]] [[package]]
name = "ed25519" name = "ed25519"
version = "2.2.3" version = "2.2.3"
@@ -2047,6 +2087,12 @@ dependencies = [
"tokio", "tokio",
] ]
[[package]]
name = "fs_extra"
version = "1.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
[[package]] [[package]]
name = "futf" name = "futf"
version = "0.1.5" version = "0.1.5"
@@ -2168,8 +2214,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0"
dependencies = [ dependencies = [
"cfg-if", "cfg-if",
"js-sys",
"libc", "libc",
"wasi", "wasi",
"wasm-bindgen",
] ]
[[package]] [[package]]
@@ -2260,6 +2308,34 @@ dependencies = [
"tracing", "tracing",
] ]
[[package]]
name = "h3"
version = "0.0.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "10872b55cfb02a821b69dc7cf8dc6a71d6af25eb9a79662bec4a9d016056b3be"
dependencies = [
"bytes",
"fastrand",
"futures-util",
"http",
"pin-project-lite",
"tokio",
]
[[package]]
name = "h3-quinn"
version = "0.0.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b2e732c8d91a74731663ac8479ab505042fbf547b9a207213ab7fbcbfc4f8b4"
dependencies = [
"bytes",
"futures",
"h3",
"quinn",
"tokio",
"tokio-util",
]
[[package]] [[package]]
name = "half" name = "half"
version = "2.7.1" version = "2.7.1"
@@ -3162,6 +3238,12 @@ dependencies = [
"linked-hash-map", "linked-hash-map",
] ]
[[package]]
name = "lru-slab"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154"
[[package]] [[package]]
name = "lz4-sys" name = "lz4-sys"
version = "1.11.1+lz4-1.10.0" version = "1.11.1+lz4-1.10.0"
@@ -4208,6 +4290,63 @@ version = "2.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3" checksum = "a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3"
[[package]]
name = "quinn"
version = "0.11.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b9e20a958963c291dc322d98411f541009df2ced7b5a4f2bd52337638cfccf20"
dependencies = [
"bytes",
"cfg_aliases",
"futures-io",
"pin-project-lite",
"quinn-proto",
"quinn-udp",
"rustc-hash",
"rustls",
"socket2",
"thiserror 2.0.18",
"tokio",
"tracing",
"web-time",
]
[[package]]
name = "quinn-proto"
version = "0.11.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "434b42fec591c96ef50e21e886936e66d3cc3f737104fdb9b737c40ffb94c098"
dependencies = [
"aws-lc-rs",
"bytes",
"getrandom 0.3.4",
"lru-slab",
"rand 0.9.4",
"ring",
"rustc-hash",
"rustls",
"rustls-pki-types",
"slab",
"thiserror 2.0.18",
"tinyvec",
"tracing",
"web-time",
]
[[package]]
name = "quinn-udp"
version = "0.5.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "addec6a0dcad8a8d96a771f815f0eaf55f9d1805756410b39f5fa81332574cbd"
dependencies = [
"cfg_aliases",
"libc",
"once_cell",
"socket2",
"tracing",
"windows-sys 0.52.0",
]
[[package]] [[package]]
name = "quote" name = "quote"
version = "1.0.45" version = "1.0.45"
@@ -4464,6 +4603,8 @@ dependencies = [
"futures-core", "futures-core",
"futures-util", "futures-util",
"h2", "h2",
"h3",
"h3-quinn",
"hickory-resolver", "hickory-resolver",
"http", "http",
"http-body", "http-body",
@@ -4476,6 +4617,7 @@ dependencies = [
"once_cell", "once_cell",
"percent-encoding", "percent-encoding",
"pin-project-lite", "pin-project-lite",
"quinn",
"rustls", "rustls",
"rustls-pki-types", "rustls-pki-types",
"rustls-platform-verifier", "rustls-platform-verifier",
@@ -4797,6 +4939,7 @@ version = "0.23.39"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7c2c118cb077cca2822033836dfb1b975355dfb784b5e8da48f7b6c5db74e60e" checksum = "7c2c118cb077cca2822033836dfb1b975355dfb784b5e8da48f7b6c5db74e60e"
dependencies = [ dependencies = [
"aws-lc-rs",
"log", "log",
"once_cell", "once_cell",
"ring", "ring",
@@ -4824,6 +4967,7 @@ version = "1.14.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd" checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd"
dependencies = [ dependencies = [
"web-time",
"zeroize", "zeroize",
] ]
@@ -4860,6 +5004,7 @@ version = "0.103.13"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e" checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e"
dependencies = [ dependencies = [
"aws-lc-rs",
"ring", "ring",
"rustls-pki-types", "rustls-pki-types",
"untrusted", "untrusted",
Cargo.toml
-1
View File
@@ -137,7 +137,6 @@ features = [
[workspace.dependencies.rustls] [workspace.dependencies.rustls]
version = "0.23.25" version = "0.23.25"
default-features = false default-features = false
features = ["ring"]
[workspace.dependencies.reqwest] [workspace.dependencies.reqwest]
version = "0.13.2" version = "0.13.2"
docker/Dockerfile
+1 -1
View File
@@ -162,7 +162,7 @@ ENV CONDUWUIT_VERSION_EXTRA=$CONDUWUIT_VERSION_EXTRA
ENV CONTINUWUITY_VERSION_EXTRA=$CONTINUWUITY_VERSION_EXTRA ENV CONTINUWUITY_VERSION_EXTRA=$CONTINUWUITY_VERSION_EXTRA
ARG RUST_PROFILE=release ARG RUST_PROFILE=release
ARG CARGO_FEATURES="default,http3" ARG CARGO_FEATURES="default"
# Build the binary # Build the binary
RUN --mount=type=cache,target=/usr/local/cargo/registry \ RUN --mount=type=cache,target=/usr/local/cargo/registry \
src/api/Cargo.toml
-4
View File
@@ -29,10 +29,6 @@ gzip_compression = [
"conduwuit-service/gzip_compression", "conduwuit-service/gzip_compression",
"reqwest/gzip", "reqwest/gzip",
] ]
http3 = [
"conduwuit-core/http3",
"conduwuit-service/http3",
]
io_uring = [ io_uring = [
"conduwuit-service/io_uring", "conduwuit-service/io_uring",
] ]
src/core/Cargo.toml
-3
View File
@@ -25,9 +25,6 @@ conduwuit_mods = [
gzip_compression = [ gzip_compression = [
"reqwest/gzip", "reqwest/gzip",
] ]
http3 = [
# "reqwest/http3", # TODO: Depends on aws-lc
]
hardened_malloc = [ hardened_malloc = [
"dep:hardened_malloc-rs" "dep:hardened_malloc-rs"
] ]
src/main/Cargo.toml
+12 -3
View File
@@ -43,6 +43,7 @@ assets = [
default = [ default = [
"standard", "standard",
"release_max_log_level", "release_max_log_level",
"ring",
"bindgen-runtime", # replace with bindgen-static on alpine "bindgen-runtime", # replace with bindgen-static on alpine
] ]
standard = [ standard = [
@@ -100,9 +101,14 @@ hardened_malloc = [
"conduwuit-core/hardened_malloc", "conduwuit-core/hardened_malloc",
] ]
http3 = [ http3 = [
"conduwuit-api/http3", "reqwest/http3"
"conduwuit-core/http3", ]
"conduwuit-service/http3", ring = [
"rustls/ring"
]
aws_lc_rs = [
"rustls/aws_lc_rs",
"dep:aws-lc-rs"
] ]
io_uring = [ io_uring = [
"conduwuit-database/io_uring", "conduwuit-database/io_uring",
@@ -238,6 +244,9 @@ tracing-subscriber.workspace = true
tracing.workspace = true tracing.workspace = true
tracing-journald = { workspace = true, optional = true } tracing-journald = { workspace = true, optional = true }
parking_lot.workspace = true parking_lot.workspace = true
reqwest = { workspace = true, default-features = false }
rustls = { workspace = true, default-features = false }
aws-lc-rs = { version = "1.16.3", default-features = false, optional = true }
[target.'cfg(all(not(target_env = "msvc"), target_os = "linux"))'.dependencies] [target.'cfg(all(not(target_env = "msvc"), target_os = "linux"))'.dependencies]
src/main/mod.rs
+12
View File
@@ -33,6 +33,18 @@ pub fn run_with_args(args: &Args) -> Result<()> {
// Spawn deadlock detection thread // Spawn deadlock detection thread
deadlock::spawn(); deadlock::spawn();
// Because we're not using rustls default-tls, we have to initialise a TLS
// provider
#[cfg(feature = "aws_lc_rs")]
rustls::crypto::aws_lc_rs::default_provider()
.install_default()
.expect("failed to initialise ring rustls crypto provider");
#[cfg(all(feature = "ring", not(feature = "aws_lc_rs")))]
rustls::crypto::ring::default_provider()
.install_default()
.expect("failed to initialise ring rustls crypto provider");
let runtime = runtime::new(args)?; let runtime = runtime::new(args)?;
let server = Server::new(args, Some(runtime.handle()))?; let server = Server::new(args, Some(runtime.handle()))?;
src/router/serve/tls.rs
-7
View File
@@ -24,13 +24,6 @@ pub(super) async fn serve(
.key .key
.as_ref() .as_ref()
.ok_or_else(|| err!(Config("tls.key", "Missing required value in tls config section")))?; .ok_or_else(|| err!(Config("tls.key", "Missing required value in tls config section")))?;
// we use ring for ruma and hashing state, but aws-lc-rs is the new default.
// without this, TLS mode will panic.
rustls::crypto::ring::default_provider()
.install_default()
.expect("failed to initialise ring rustls crypto provider");
info!( info!(
"Note: It is strongly recommended that you use a reverse proxy instead of running \ "Note: It is strongly recommended that you use a reverse proxy instead of running \
conduwuit directly with TLS." conduwuit directly with TLS."
src/service/Cargo.toml
-3
View File
@@ -33,9 +33,6 @@ gzip_compression = [
"conduwuit-core/gzip_compression", "conduwuit-core/gzip_compression",
"reqwest/gzip", "reqwest/gzip",
] ]
http3 = [
"conduwuit-core/http3",
]
io_uring = [ io_uring = [
"conduwuit-database/io_uring", "conduwuit-database/io_uring",
] ]