From 547aea76c00ce1573489a9300786d557fe1187c9 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Fri, 16 Aug 2024 13:03:28 +0200 Subject: [PATCH] fix: Install default crypto provider (#45) * fix: Install default crypto provider * changelog --- CHANGELOG.md | 8 ++++++++ Cargo.lock | 1 + Cargo.toml | 1 + example-configs/simple-single-trino.yaml | 6 +++--- trino-lb/Cargo.toml | 1 + trino-lb/src/main.rs | 9 +++++++++ 6 files changed, 23 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dbd433d..0b912b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +## [0.3.1] - 2024-08-16 + +### Fixed + +- Install default crypto provider, this prevent servers using https from starting ([#45]). + +[#45]: https://github.com/stackabletech/trino-lb/pull/45 + ## [0.3.0] - 2024-08-15 ### Added diff --git a/Cargo.lock b/Cargo.lock index 2a33de4..493d9d9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4035,6 +4035,7 @@ dependencies = [ "regex", "reqwest 0.12.5", "rstest", + "rustls 0.23.12", "serde", "serde_json", "serde_yaml", diff --git a/Cargo.toml b/Cargo.toml index 35b15b6..82c960f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -63,6 +63,7 @@ reqwest = { version = "0.12", default-features = false, features = [ "json", "cookies", ] } +rustls = "0.23" # https://github.com/rustls/rustls/issues/1938 rstest = "0.22" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" diff --git a/example-configs/simple-single-trino.yaml b/example-configs/simple-single-trino.yaml index be66d3c..91ecde5 100644 --- a/example-configs/simple-single-trino.yaml +++ b/example-configs/simple-single-trino.yaml @@ -1,10 +1,10 @@ trinoLb: - externalAddress: https://127.0.0.1:443 + externalAddress: https://127.0.0.1:8443 # When you enable authentication trino-clients enforce https encryption tls: enabled: true - certPemFile: /self-signed-certs/cert.pem - keyPemFile: /self-signed-certs/key.pem + certPemFile: ./example-configs/self-signed-certs/cert.pem + keyPemFile: ./example-configs/self-signed-certs/key.pem # Use in-memory persistence which will loose all queued running queries on restart persistence: inMemory: {} diff --git a/trino-lb/Cargo.toml b/trino-lb/Cargo.toml index 2bfa981..268d026 100644 --- a/trino-lb/Cargo.toml +++ b/trino-lb/Cargo.toml @@ -39,6 +39,7 @@ rand.workspace = true redis.workspace = true regex.workspace = true reqwest.workspace = true +rustls.workspace = true serde_json.workspace = true serde_yaml.workspace = true serde.workspace = true diff --git a/trino-lb/src/main.rs b/trino-lb/src/main.rs index 31c178d..b298a70 100644 --- a/trino-lb/src/main.rs +++ b/trino-lb/src/main.rs @@ -33,6 +33,9 @@ mod trino_client; #[derive(Snafu, Debug)] pub enum Error { + #[snafu(display("Failed to install rustls crypto provider"))] + InstallRustlsCryptoProvider {}, + #[snafu(display("Failed to set up tracing"))] SetUpTracing { source: tracing::Error }, @@ -97,6 +100,12 @@ fn main() -> Result<(), MainError> { async fn start() -> Result<(), MainError> { let args = Args::parse(); + // To prevent `no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point`, + // see https://github.com/rustls/rustls/issues/1938 for details + rustls::crypto::aws_lc_rs::default_provider() + .install_default() + .map_err(|_| Error::InstallRustlsCryptoProvider {})?; + let config = Config::read_from_file(&args.config_file) .await .context(ReadConfigSnafu)?;