Set rustls crypto provider explicitly by ChihweiLHBird · Pull Request #3590 · spinframework/spin

ChihweiLHBird · 2026-06-25T09:01:40Z

Summary

Install Spin's process-wide rustls crypto provider at startup.
Add a shared spin-trigger helper for the CLI and trigger harness paths.
Switch reqwest to the no-provider rustls feature so it uses the process default.

A follow up PR can change the provider from ring to aws-lc-rs and optionally upgrade reqwest to 0.13

lann · 2026-06-25T14:45:43Z

 redis = "0.32.5"
 regex = "1"
-reqwest = { version = "0.12", features = ["stream", "blocking", "rustls-tls-native-roots"] }
+reqwest = { version = "0.12", features = ["stream", "blocking", "rustls-tls-native-roots-no-provider"] }


I think this could be a breaking change for consumers of spin crates that use this workspace dependency.

Is this actually necessary? It looks like reqwest will use an already-installed provider: https://github.com/seanmonstar/reqwest/blob/797df2b96a88ee49a636337f87beebe87f6212fe/src/async_impl/client.rs#L583-L593

This is not strictly needed, let me try changing it back.

itowlson · 2026-06-25T21:01:31Z


 #[tokio::main]
 async fn main() {
+    spin_trigger::crypto::install_default_crypto_provider();


It's not clear to me why this is in spin_trigger.

Or it can be in a dedicated crate?

Yeah, maybe. I don't think there's a good place for it at the moment - maybe spin-common, but that's meant to be reserved for helpers and conventions, and I am cautious about putting load-bearing state in there. I am not sure. It's just that if I thought "where is that default crypto thingy" then spin-trigger would not be on my list of places to look. @lann any thoughts?

Signed-off-by: Zhiwei Liang <zhiwei.liang@zliang.me>

ChihweiLHBird force-pushed the fix/explicit-rustls-crypto-provider branch 3 times, most recently from 6d11af2 to 610f136 Compare June 25, 2026 09:03

lann reviewed Jun 25, 2026

View reviewed changes

ChihweiLHBird force-pushed the fix/explicit-rustls-crypto-provider branch from 610f136 to 5dd4936 Compare June 25, 2026 19:26

lann approved these changes Jun 25, 2026

View reviewed changes

itowlson reviewed Jun 25, 2026

View reviewed changes

Set rustls crypto provider explicitly

44c370f

Signed-off-by: Zhiwei Liang <zhiwei.liang@zliang.me>

ChihweiLHBird force-pushed the fix/explicit-rustls-crypto-provider branch from 5dd4936 to 44c370f Compare June 25, 2026 21:34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Set rustls crypto provider explicitly#3590

Set rustls crypto provider explicitly#3590
ChihweiLHBird wants to merge 1 commit into
spinframework:mainfrom
ChihweiLHBird:fix/explicit-rustls-crypto-provider

ChihweiLHBird commented Jun 25, 2026

Uh oh!

lann Jun 25, 2026

Uh oh!

ChihweiLHBird Jun 25, 2026

Uh oh!

itowlson Jun 25, 2026

Uh oh!

ChihweiLHBird Jun 25, 2026

Uh oh!

itowlson Jun 25, 2026

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

Conversation

ChihweiLHBird commented Jun 25, 2026

Summary

Uh oh!

lann Jun 25, 2026

Choose a reason for hiding this comment

Uh oh!

ChihweiLHBird Jun 25, 2026

Choose a reason for hiding this comment

Uh oh!

itowlson Jun 25, 2026

Choose a reason for hiding this comment

Uh oh!

ChihweiLHBird Jun 25, 2026

Choose a reason for hiding this comment

Uh oh!

itowlson Jun 25, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants