feat: use default provider

2026-03-05 21:41:15 +01:00
parent cad8c0e307
commit f2efd1ba59
1 changed files with 22 additions and 1 deletions
--- a/crates/nocontrol/src/control_plane/backing_store/postgres.rs
+++ b/crates/nocontrol/src/control_plane/backing_store/postgres.rs
@@ -114,7 +114,28 @@ impl<T: Specification> BackingStorePostgres<T> {
                .context("failed to add root certificate")?;
        }

-        let tls_config = rustls::ClientConfig::builder()
+        let provider = rustls::crypto::CryptoProvider::get_default()
+            .cloned()
+            .unwrap_or_else(|| {
+                #[cfg(feature = "postgres-tls-aws-lc-rs")]
+                {
+                    std::sync::Arc::new(rustls::crypto::aws_lc_rs::default_provider())
+                }
+                #[cfg(all(feature = "postgres-tls-ring", not(feature = "postgres-tls-aws-lc-rs")))]
+                {
+                    std::sync::Arc::new(rustls::crypto::ring::default_provider())
+                }
+                #[cfg(not(any(feature = "postgres-tls-ring", feature = "postgres-tls-aws-lc-rs")))]
+                {
+                    compile_error!(
+                        "enable either `postgres-tls-ring` or `postgres-tls-aws-lc-rs` feature"
+                    );
+                }
+            });
+
+        let tls_config = rustls::ClientConfig::builder_with_provider(provider)
+            .with_safe_default_protocol_versions()
+            .context("failed to configure TLS protocol versions")?
            .with_root_certificates(root_store)
            .with_no_client_auth();