fix: Install default crypto provider (#45)

* fix: Install default crypto provider * changelog
stackabletech · Aug 16, 2024 · 547aea7 · 547aea7
1 parent 1992bad
commit 547aea7
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+## [0.3.1] - 2024-08-16
+
+### Fixed
+
+- Install default crypto provider, this prevent servers using https from starting ([#45]).
+
+[#45]: https://github.com/stackabletech/trino-lb/pull/45
+
 ## [0.3.0] - 2024-08-15
 
 ### Added

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -63,6 +63,7 @@ reqwest = { version = "0.12", default-features = false, features = [
   "json",
   "cookies",
 ] }
+rustls = "0.23" # https://github.com/rustls/rustls/issues/1938
 rstest = "0.22"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"

diff --git a/example-configs/simple-single-trino.yaml b/example-configs/simple-single-trino.yaml
@@ -1,10 +1,10 @@
 trinoLb:
-  externalAddress: https://127.0.0.1:443
+  externalAddress: https://127.0.0.1:8443
   # When you enable authentication trino-clients enforce https encryption
   tls:
     enabled: true
-    certPemFile: /self-signed-certs/cert.pem
-    keyPemFile: /self-signed-certs/key.pem
+    certPemFile: ./example-configs/self-signed-certs/cert.pem
+    keyPemFile: ./example-configs/self-signed-certs/key.pem
   # Use in-memory persistence which will loose all queued running queries on restart
   persistence:
     inMemory: {}

diff --git a/trino-lb/Cargo.toml b/trino-lb/Cargo.toml
@@ -39,6 +39,7 @@ rand.workspace = true
 redis.workspace = true
 regex.workspace = true
 reqwest.workspace = true
+rustls.workspace = true
 serde_json.workspace = true
 serde_yaml.workspace = true
 serde.workspace = true

diff --git a/trino-lb/src/main.rs b/trino-lb/src/main.rs
@@ -33,6 +33,9 @@ mod trino_client;
 
 #[derive(Snafu, Debug)]
 pub enum Error {
+    #[snafu(display("Failed to install rustls crypto provider"))]
+    InstallRustlsCryptoProvider {},
+
     #[snafu(display("Failed to set up tracing"))]
     SetUpTracing { source: tracing::Error },
 
@@ -97,6 +100,12 @@ fn main() -> Result<(), MainError> {
 async fn start() -> Result<(), MainError> {
     let args = Args::parse();
 
+    // To prevent `no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point`,
+    // see https://github.com/rustls/rustls/issues/1938 for details
+    rustls::crypto::aws_lc_rs::default_provider()
+        .install_default()
+        .map_err(|_| Error::InstallRustlsCryptoProvider {})?;
+
     let config = Config::read_from_file(&args.config_file)
         .await
         .context(ReadConfigSnafu)?;