How I use CryptoProvider::install_default() ? #1938
Comments
See https://docs.rs/rustls/latest/rustls/index.html#crate-features
https://rust-lang.github.io/rust-bindgen/requirements.html#requirements aside from that, yes, you will need a working sysroot for the target and to tell bindgen where it is. |
|
Ok, maybe it is just me, but the simplest solution boils down to using the cargo add rustls --features ringAnd then, early in your main fn call: rustls::crypto::ring::default_provider().install_default().expect("Failed to install rustls crypto provider");Correct? |
|
Installing just |
|
Am I correct that one also has to set |
|
@lcmgh The answer to that depends. If your crate only activates one of the |
rustls = { version = "0.23.5" }In that case might it be that another dep of me brings rustls with |
|
@lcmgh You can likely get to the bottom of that using |
|
I have code where I am using google-calendar3 let mut hub: CalendarHub<HttpsConnector<HttpConnector>> = ...Whilst in main I did not need to invoke The issue is since tests run in parallel I run into a problem that
can be called only once per process. So in random order, depending which test managed to call it, it will pass, other tests will fail. /// Sets this `CryptoProvider` as the default for this process.
///
/// This can be called successfully at most once in any process execution.
///
/// Call this early in your process to configure which provider is used for
/// the provider. The configuration should happen before any use of
/// [`ClientConfig::builder()`] or [`ServerConfig::builder()`].
pub fn install_default(self) -> Result<(), Arc<Self>> {
static_default::install_default(self)
}key item: So instead of calling:
in tests I implemented a little helper function which is thread safe and I call it before instantiation CalendarHub in each test: static CRYPTO_PROVIDER_LOCK: OnceLock<()> = OnceLock::new();
fn setup_default_crypto_provider() {
CRYPTO_PROVIDER_LOCK.get_or_init(|| rustls::crypto::ring::default_provider().install_default().unwrap());
}Anyone has any advise if this is the right way to go about it? I am very new to rust... |
|
@Tomasz-Kluczkowski Did you read the discussion above? I recommend you change the code in question to use only constructors that take an explicit crypto provider of your choice, or figure out where in your dependency tree both the ring and aws-lc-rs features are activated and fix this so only one is used. |
|
Yes I did, only I am extremely new to rust (1 month :) ) and getting a bit lost. I also checked the dependency tree and crates I use for my code do indeed bring $ cargo tree --edges features | grep 'ring'
│ │ │ │ ├── ring feature "default"
│ │ │ │ │ ├── ring v0.17.8
│ │ │ │ │ ├── ring feature "alloc"
│ │ │ │ │ │ └── ring v0.17.8 (*)
│ │ │ │ │ └── ring feature "dev_urandom_fallback"
│ │ │ │ │ └── ring v0.17.8 (*)
│ │ │ │ │ │ ├── ring v0.17.8 (*)
│ │ │ │ │ ├── ring feature "alloc" (*)
│ │ │ ├── yup-oauth2 feature "ring"
│ │ │ │ ├── hyper-rustls feature "ring"
│ │ │ │ │ └── rustls feature "ring"
│ │ │ │ │ └── rustls-webpki feature "ring"
│ │ │ │ └── rustls feature "ring" (*)The |
|
I'd suggest just |
|
The thing is, BTW I did replace my code with your suggestion @ctz , thank you, and it works, could you briefly explain to a rust noob why this works:
and this was not: was it because I called |
|
So the docs for that say "This can be called successfully at most once in any process execution." -- note successfully -- extra calls just return an error. Your earlier code was calling |
|
thanks a lot @ctz |
…er setup in tests As per this thread: rustls/rustls#1938 I received an advice on how to avoid using a lock object to assure `install_default()` is called only once per process. Simply ignore the error caused by it by reading result into unused variable.
|
@Tomasz-Kluczkowski I solved this issue using the hints in this thread, by overriding the default ring feature of yup-oauth2. Perhaps that works more neatly for you as well.
|
|
@robklg thx, I tried but in my project this method broke other functionality. For now what I am doing, whilst not perfect will do. |
Hello, I receive panic
PanicInfo { payload: Any { .. }, message: Some(no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point), location: Location { file: "/home/incker/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rustls-0.23.5/src/crypto/mod.rs", line: 260, col: 14 }, can_unwind: true, force_no_backtrace: false }
But there is no example how to use CryptoProvider::install_default()
Cargo.toml:
rustls = {version = "0.23.5", default-features = false, features = ["std"]}If I remove
default-features = falseit requiresPlease enable the 'bindgen' feature on aws-lc-rs or aws-lc-sys.For more information, see the aws-lc-rs User Guide: https://aws.github.io/aws-lc-rs/index.html
but adding this:
aws-lc-rs = {version = "1.7.0", features = ["bindgen"]}requires:
/usr/include/stdio.h:27:10: fatal error: 'bits/libc-header-start.h' file not found
thread 'main' panicked at /home/builder/.cargo/registry/src/index.crates.io-6f17d22bba15001f/aws-lc-sys-0.15.0/builder/bindgen.rs:155:10:
Unable to generate bindings.: ClangDiagnostic("/usr/include/stdio.h:27:10: fatal error: 'bits/libc-header-start.h' file not found\n")
And i haven't found package gcc-multilib for arm-buildroot-linux-musleabihf ((
Forward thank you!
The text was updated successfully, but these errors were encountered: