From 184ad85c6046e970c7b597bce8f740e36310dbbd Mon Sep 17 00:00:00 2001
From: Sienna Meridian Satterwhite <sienna@sunbeam.pt>
Date: Fri, 20 Mar 2026 14:15:16 +0000
Subject: [PATCH] fix: install rustls ring crypto provider at startup

Rustls 0.23 requires an explicit CryptoProvider. Enable the ring
feature and call install_default() before any TLS operations.
---
 Cargo.toml  | 2 +-
 src/main.rs | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index 76249bb..cb9876c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -21,7 +21,7 @@ k8s-openapi = { version = "0.24", features = ["v1_32"] }
 
 # HTTP + TLS
 reqwest = { version = "0.12", features = ["json", "rustls-tls", "blocking"] }
-rustls = "0.23"
+rustls = { version = "0.23", features = ["ring"] }
 
 # SSH
 russh = "0.46"
diff --git a/src/main.rs b/src/main.rs
index c6feb42..8b7b6d4 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -22,6 +22,11 @@ mod users;
 
 #[tokio::main]
 async fn main() {
+    // Install rustls crypto provider (ring) before any TLS operations.
+    rustls::crypto::ring::default_provider()
+        .install_default()
+        .expect("Failed to install rustls crypto provider");
+
     // Initialize tracing subscriber.
     // Respects RUST_LOG env var (e.g. RUST_LOG=debug, RUST_LOG=sunbeam=trace).
     // Default: warn for dependencies, info for sunbeam.