Skip to content

Commit 5a59322

Browse files
authored
Merge pull request #863 from flavio/fix-continuous-integration
fix: properly configure rustls stack
2 parents bd13a5a + b216ccc commit 5a59322

File tree

4 files changed

+28
-6
lines changed

4 files changed

+28
-6
lines changed

Cargo.lock

+5-4
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

+8-2
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,12 @@ opentelemetry = { version = "0.24.0", default-features = false, features = [
3030
opentelemetry_sdk = { version = "0.24.1", features = ["rt-tokio"] }
3131
pprof = { version = "0.13", features = ["prost-codec"] }
3232
policy-evaluator = { git = "https://github.com/kubewarden/policy-evaluator", tag = "v0.18.4" }
33+
rustls = { version = "0.23", default-features = false, features = [
34+
"ring",
35+
"logging",
36+
"std",
37+
"tls12",
38+
] }
3339
rustls-pki-types = { version = "1", features = ["alloc"] }
3440
rayon = "1.10"
3541
regex = "1.10"
@@ -45,7 +51,7 @@ tracing-subscriber = { version = "0.3", features = ["ansi", "fmt", "json"] }
4551
semver = { version = "1.0.22", features = ["serde"] }
4652
mockall_double = "0.3"
4753
axum = { version = "0.7.5", features = ["macros", "query"] }
48-
axum-server = { version = "0.7.1", features = ["tls-rustls-no-provider"] }
54+
axum-server = { version = "0.7.1", features = ["tls-rustls"] }
4955
tower-http = { version = "0.5.2", features = ["trace"] }
5056
tikv-jemallocator = { version = "0.5.4", features = [
5157
"profiling",
@@ -65,7 +71,7 @@ rstest = "0.22"
6571
tempfile = "3.12.0"
6672
tower = { version = "0.4", features = ["util"] }
6773
http-body-util = "0.1.1"
68-
testcontainers = { version = "0.21.1", features = ["watchdog"] }
74+
testcontainers = { version = "0.21", features = ["watchdog"] }
6975
backon = "0.4.4"
7076

7177
[target.'cfg(target_os = "linux")'.dev-dependencies]

src/main.rs

+6
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,12 @@ use policy_server::PolicyServer;
1212

1313
#[tokio::main]
1414
async fn main() -> Result<()> {
15+
// Starting from rustls 0.22, each application must set its default crypto provider.
16+
let crypto_provider = rustls::crypto::ring::default_provider();
17+
crypto_provider
18+
.install_default()
19+
.expect("Failed to install crypto provider");
20+
1521
let matches = cli::build_cli().get_matches();
1622
let config = policy_server::config::Config::from_args(&matches)?;
1723

tests/integration_test.rs

+9
Original file line numberDiff line numberDiff line change
@@ -637,6 +637,15 @@ mod certificate_reload_helpers {
637637
async fn test_detect_certificate_rotation() {
638638
use certificate_reload_helpers::*;
639639

640+
// Starting from rustls 0.22, each application must set its default crypto provider.
641+
// This setup is done inside of the `main` function of the policy server,
642+
// which is not called in this test.
643+
// Hence we have to setup the crypto provider here.
644+
let crypto_provider = rustls::crypto::ring::default_provider();
645+
crypto_provider
646+
.install_default()
647+
.expect("Failed to install crypto provider");
648+
640649
let certs_dir = tempfile::tempdir().unwrap();
641650
let cert_file = certs_dir.path().join("policy-server.pem");
642651
let key_file = certs_dir.path().join("policy-server-key.pem");

0 commit comments

Comments
 (0)