studio/tuwunel
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

bump ldap3 fork, initialise aws_lc_rs with single function for ldap and direct tls

Browse Source 
Signed-off-by: June Strawberry <june@vern.cc>
This commit is contained in:
June Strawberry
2025-12-19 23:18:55 -05:00
parent 7115fb2796
commit 6455ef72cd
7 changed files with 41 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/router/serve/mod.rs
View File

@@ -32,6 +32,8 @@ pub(super) async fn serve(
if cfg!(unix) && config.unix_socket_path.is_some() {
unix::serve(server, app, shutdown).await
} else if config.tls.certs.is_some() {
#[cfg(feature = "direct_tls")]
services.globals.init_rustls_provider()?;
#[cfg(feature = "direct_tls")]
return tls::serve(server, app, handle, addrs).await;

6
src/router/serve/tls.rs
View File

@@ -27,12 +27,6 @@ pub(super) async fn serve(
.as_ref()
.ok_or_else(|| err!(Config("tls.key", "Missing required value in tls config section")))?;
// we use ring for ruma and hashing state, but aws-lc-rs is the new default.
// without this, TLS mode will panic.
rustls::crypto::aws_lc_rs::default_provider()
.install_default()
.expect("failed to initialise aws-lc-rs rustls crypto provider");
info!(
"Note: It is strongly recommended that you use a reverse proxy instead of running \
tuwunel directly with TLS."