Merge pull request #863 from flavio/fix-continuous-integration

viccuad · web-flow · commit 5a593223d533 · 2024-08-12T10:57:19.000+02:00
fix: properly configure rustls stack
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -30,6 +30,12 @@ opentelemetry = { version = "0.24.0", default-features = false, features = [
 opentelemetry_sdk = { version = "0.24.1", features = ["rt-tokio"] }
 pprof = { version = "0.13", features = ["prost-codec"] }
 policy-evaluator = { git = "https://github.com/kubewarden/policy-evaluator", tag = "v0.18.4" }
+rustls = { version = "0.23", default-features = false, features = [
+  "ring",
+  "logging",
+  "std",
+  "tls12",
+] }
 rustls-pki-types = { version = "1", features = ["alloc"] }
 rayon = "1.10"
 regex = "1.10"
@@ -45,7 +51,7 @@ tracing-subscriber = { version = "0.3", features = ["ansi", "fmt", "json"] }
 semver = { version = "1.0.22", features = ["serde"] }
 mockall_double = "0.3"
 axum = { version = "0.7.5", features = ["macros", "query"] }
-axum-server = { version = "0.7.1", features = ["tls-rustls-no-provider"] }
+axum-server = { version = "0.7.1", features = ["tls-rustls"] }
 tower-http = { version = "0.5.2", features = ["trace"] }
 tikv-jemallocator = { version = "0.5.4", features = [
   "profiling",
@@ -65,7 +71,7 @@ rstest = "0.22"
 tempfile = "3.12.0"
 tower = { version = "0.4", features = ["util"] }
 http-body-util = "0.1.1"
-testcontainers = { version = "0.21.1", features = ["watchdog"] }
+testcontainers = { version = "0.21", features = ["watchdog"] }
 backon = "0.4.4"
 
 [target.'cfg(target_os = "linux")'.dev-dependencies]
diff --git a/src/main.rs b/src/main.rs
@@ -12,6 +12,12 @@ use policy_server::PolicyServer;
 
 #[tokio::main]
 async fn main() -> Result<()> {
+    // Starting from rustls 0.22, each application must set its default crypto provider.
+    let crypto_provider = rustls::crypto::ring::default_provider();
+    crypto_provider
+        .install_default()
+        .expect("Failed to install crypto provider");
+
     let matches = cli::build_cli().get_matches();
     let config = policy_server::config::Config::from_args(&matches)?;
 
diff --git a/tests/integration_test.rs b/tests/integration_test.rs
@@ -637,6 +637,15 @@ mod certificate_reload_helpers {
 async fn test_detect_certificate_rotation() {
     use certificate_reload_helpers::*;
 
+    // Starting from rustls 0.22, each application must set its default crypto provider.
+    // This setup is done inside of the `main` function of the policy server,
+    // which is not called in this test.
+    // Hence we have to setup the crypto provider here.
+    let crypto_provider = rustls::crypto::ring::default_provider();
+    crypto_provider
+        .install_default()
+        .expect("Failed to install crypto provider");
+
     let certs_dir = tempfile::tempdir().unwrap();
     let cert_file = certs_dir.path().join("policy-server.pem");
     let key_file = certs_dir.path().join("policy-server-key.pem");
