From 66c846582328ada5e58e2a6f2ed57030df69465b Mon Sep 17 00:00:00 2001
From: Igor Aleksanov <popzxc@yandex.ru>
Date: Wed, 10 Jul 2024 12:06:00 +0400
Subject: [PATCH] fix: Explicitly set rustls provider before using rustls

---
 client/http-client/src/transport.rs |  6 ++++++
 client/transport/src/ws/mod.rs      | 20 ++++++++++++++++----
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/client/http-client/src/transport.rs b/client/http-client/src/transport.rs
index 624d313162..4edf068331 100644
--- a/client/http-client/src/transport.rs
+++ b/client/http-client/src/transport.rs
@@ -219,6 +219,12 @@ impl<L> HttpTransportClientBuilder<L> {
 			}
 			#[cfg(feature = "tls")]
 			"https" => {
+				// Make sure that the TLS provider is set. If not, set a default one.
+				// Otherwise, creating `tls` configuration may panic if there are multiple
+				// providers available due to `rustls` features (e.g. both `ring` and `aws-lc-rs`).
+				// Function returns an error if the provider is already installed, and we're fine with it.
+				let _ = rustls::crypto::ring::default_provider().install_default();
+
 				let mut http_conn = HttpConnector::new();
 				http_conn.set_nodelay(tcp_no_delay);
 				http_conn.enforce_http(false);
diff --git a/client/transport/src/ws/mod.rs b/client/transport/src/ws/mod.rs
index 01ba8f3dac..643b43bd2e 100644
--- a/client/transport/src/ws/mod.rs
+++ b/client/transport/src/ws/mod.rs
@@ -321,6 +321,21 @@ impl WsTransportClientBuilder {
 		self.try_connect(&target, data_stream.compat()).await
 	}
 
+	#[cfg(feature = "tls")]
+	fn tls_connector(&self, target: &Target) -> Result<Option<tokio_rustls::TlsConnector>, WsHandshakeError> {
+		// Make sure that the TLS provider is set. If not, set a default one.
+		// Otherwise, creating `tls` configuration may panic if there are multiple
+		// providers available due to `rustls` features (e.g. both `ring` and `aws-lc-rs`).
+		// Function returns an error if the provider is already installed, and we're fine with it.
+		let _ = rustls::crypto::ring::default_provider().install_default();
+
+		let connector = match target._mode {
+			Mode::Tls => Some(build_tls_config(&self.certificate_store)?),
+			Mode::Plain => None,
+		};
+		Ok(connector)
+	}
+
 	// Try to establish the connection over TCP.
 	async fn try_connect_over_tcp(
 		&self,
@@ -331,10 +346,7 @@ impl WsTransportClientBuilder {
 
 		// Only build TLS connector if `wss` in URL.
 		#[cfg(feature = "tls")]
-		let mut connector = match target._mode {
-			Mode::Tls => Some(build_tls_config(&self.certificate_store)?),
-			Mode::Plain => None,
-		};
+		let mut connector = self.tls_connector(&target)?;
 
 		// The sockaddrs might get reused if the server replies with a relative URI.
 		let mut target_sockaddrs = uri.socket_addrs(|| None).map_err(WsHandshakeError::ResolutionFailed)?;