From d2362193556187ecf5954d4c813cf47902fab45c Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Fri, 22 Mar 2024 09:44:41 -0400
Subject: [PATCH 1/4] examples: fix redundant Vec import

---
 examples/server.rs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/examples/server.rs b/examples/server.rs
index ffdb38fc..576fc19f 100644
--- a/examples/server.rs
+++ b/examples/server.rs
@@ -7,7 +7,6 @@
 
 use std::net::{Ipv4Addr, SocketAddr};
 use std::sync::Arc;
-use std::vec::Vec;
 use std::{env, fs, io};
 
 use http::{Method, Request, Response, StatusCode};

From ab169e84399c454c373d808ebbc3444404eb08f9 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Fri, 22 Mar 2024 09:40:32 -0400
Subject: [PATCH 2/4] Cargo: update Rustls & associated crates to 0.23

* updates rustls 0.22 to 0.23
* updates tokio-rustls 0.25 to 0.26
* updates rustls-platform-verifier 0.2 to 0.3
* addresses default crypto provider requirements for tests, examples
* makes aws-lc-rs the default crypto provider, matching upstream. Ring
  remains available opt-in with the `ring` feature.
---
 Cargo.toml               | 12 ++++++------
 examples/client.rs       |  6 ++++++
 examples/server.rs       |  6 ++++++
 src/connector/builder.rs | 29 ++++++++++++++++++++++++-----
 4 files changed, 42 insertions(+), 11 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index f7e52a4d..c707e534 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -17,10 +17,10 @@ hyper-util = { version = "0.1", default-features = false, features = ["client-le
 log = { version = "0.4.4", optional = true }
 pki-types = { package = "rustls-pki-types", version = "1" }
 rustls-native-certs = { version = "0.7", optional = true }
-rustls-platform-verifier = { version = "0.2", optional = true }
-rustls = { version = "0.22", default-features = false }
+rustls-platform-verifier = { version = "0.3", optional = true }
+rustls = { version = "0.23", default-features = false }
 tokio = "1.0"
-tokio-rustls = { version = "0.25", default-features = false }
+tokio-rustls = { version = "0.26", default-features = false }
 tower-service = "0.3"
 webpki-roots = { version = "0.26", optional = true }
 futures-util = { version = "0.3", default-features = false }
@@ -28,12 +28,12 @@ futures-util = { version = "0.3", default-features = false }
 [dev-dependencies]
 http-body-util = "0.1"
 hyper-util = { version = "0.1", default-features = false, features = ["server-auto"] }
-rustls = { version = "0.22", default-features = false, features = ["tls12"] }
+rustls = { version = "0.23", default-features = false, features = ["tls12"] }
 rustls-pemfile = "2"
 tokio = { version = "1.0", features = ["io-std", "macros", "net", "rt-multi-thread"] }
 
 [features]
-default = ["native-tokio", "http1", "tls12", "logging", "ring"]
+default = ["native-tokio", "http1", "tls12", "logging", "aws-lc-rs"]
 aws-lc-rs = ["rustls/aws_lc_rs"]
 http1 = ["hyper-util/http1"]
 http2 = ["hyper-util/http2"]
@@ -51,7 +51,7 @@ required-features = ["native-tokio", "http1"]
 [[example]]
 name = "server"
 path = "examples/server.rs"
-required-features = ["ring"]
+required-features = ["aws-lc-rs"]
 
 [package.metadata.docs.rs]
 all-features = true
diff --git a/examples/client.rs b/examples/client.rs
index 36d5c6f3..c45bc2a7 100644
--- a/examples/client.rs
+++ b/examples/client.rs
@@ -26,6 +26,12 @@ fn error(err: String) -> io::Error {
 
 #[tokio::main]
 async fn run_client() -> io::Result<()> {
+    // Set a process wide default crypto provider.
+    #[cfg(feature = "ring")]
+    let _ = rustls::crypto::ring::default_provider().install_default();
+    #[cfg(feature = "aws-lc-rs")]
+    let _ = rustls::crypto::aws_lc_rs::default_provider().install_default();
+
     // First parameter is target URL (mandatory).
     let url = match env::args().nth(1) {
         Some(ref url) => Uri::from_str(url).map_err(|e| error(format!("{}", e)))?,
diff --git a/examples/server.rs b/examples/server.rs
index 576fc19f..8f7803fa 100644
--- a/examples/server.rs
+++ b/examples/server.rs
@@ -34,6 +34,12 @@ fn error(err: String) -> io::Error {
 
 #[tokio::main]
 async fn run_server() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
+    // Set a process wide default crypto provider.
+    #[cfg(feature = "ring")]
+    let _ = rustls::crypto::ring::default_provider().install_default();
+    #[cfg(feature = "aws-lc-rs")]
+    let _ = rustls::crypto::aws_lc_rs::default_provider().install_default();
+
     // First parameter is port number (optional, defaults to 1337)
     let port = match env::args().nth(1) {
         Some(ref p) => p.parse()?,
diff --git a/src/connector/builder.rs b/src/connector/builder.rs
index 3e1abdab..b628b1aa 100644
--- a/src/connector/builder.rs
+++ b/src/connector/builder.rs
@@ -17,12 +17,15 @@ use crate::config::ConfigBuilderExt;
 /// ```
 /// use hyper_rustls::HttpsConnectorBuilder;
 ///
-/// # #[cfg(all(feature = "webpki-roots", feature = "http1"))]
-/// let https = HttpsConnectorBuilder::new()
+/// # #[cfg(all(feature = "webpki-roots", feature = "http1", feature="aws-lc-rs"))]
+/// # {
+/// # let _ = rustls::crypto::aws_lc_rs::default_provider().install_default();
+///     let https = HttpsConnectorBuilder::new()
 ///     .with_webpki_roots()
 ///     .https_only()
 ///     .enable_http1()
 ///     .build();
+/// # }
 /// ```
 pub struct ConnectorBuilder<State>(State);
 
@@ -54,7 +57,10 @@ impl ConnectorBuilder<WantsTlsConfig> {
     /// Use rustls' default crypto provider and other defaults, and the platform verifier
     ///
     /// See [`ConfigBuilderExt::with_platform_verifier()`].
-    #[cfg(all(feature = "ring", feature = "rustls-platform-verifier"))]
+    #[cfg(all(
+        any(feature = "ring", feature = "aws-lc-rs"),
+        feature = "rustls-platform-verifier"
+    ))]
     pub fn with_platform_verifier(self) -> ConnectorBuilder<WantsSchemes> {
         self.with_tls_config(
             ClientConfig::builder()
@@ -67,7 +73,10 @@ impl ConnectorBuilder<WantsTlsConfig> {
     /// native roots.
     ///
     /// See [`ConfigBuilderExt::with_native_roots`]
-    #[cfg(all(feature = "ring", feature = "rustls-native-certs"))]
+    #[cfg(all(
+        any(feature = "ring", feature = "aws-lc-rs"),
+        feature = "rustls-native-certs"
+    ))]
     pub fn with_native_roots(self) -> std::io::Result<ConnectorBuilder<WantsSchemes>> {
         Ok(self.with_tls_config(
             ClientConfig::builder()
@@ -97,7 +106,7 @@ impl ConnectorBuilder<WantsTlsConfig> {
     /// safe defaults.
     ///
     /// See [`ConfigBuilderExt::with_webpki_roots`]
-    #[cfg(all(feature = "ring", feature = "webpki-roots"))]
+    #[cfg(all(any(feature = "ring", feature = "aws-lc-rs"), feature = "webpki-roots"))]
     pub fn with_webpki_roots(self) -> ConnectorBuilder<WantsSchemes> {
         self.with_tls_config(
             ClientConfig::builder()
@@ -316,6 +325,7 @@ mod tests {
     #[test]
     #[cfg(all(feature = "webpki-roots", feature = "http1"))]
     fn test_builder() {
+        ensure_global_state();
         let _connector = super::ConnectorBuilder::new()
             .with_webpki_roots()
             .https_only()
@@ -327,6 +337,7 @@ mod tests {
     #[cfg(feature = "http1")]
     #[should_panic(expected = "ALPN protocols should not be pre-defined")]
     fn test_reject_predefined_alpn() {
+        ensure_global_state();
         let roots = rustls::RootCertStore::empty();
         let mut config_with_alpn = rustls::ClientConfig::builder()
             .with_root_certificates(roots)
@@ -342,6 +353,7 @@ mod tests {
     #[test]
     #[cfg(all(feature = "http1", feature = "http2"))]
     fn test_alpn() {
+        ensure_global_state();
         let roots = rustls::RootCertStore::empty();
         let tls_config = rustls::ClientConfig::builder()
             .with_root_certificates(roots)
@@ -403,4 +415,11 @@ mod tests {
             .build();
         assert_eq!(&connector.tls_config.alpn_protocols, &[b"h2".to_vec()]);
     }
+
+    fn ensure_global_state() {
+        #[cfg(feature = "ring")]
+        let _ = rustls::crypto::ring::default_provider().install_default();
+        #[cfg(feature = "aws-lc-rs")]
+        let _ = rustls::crypto::aws_lc_rs::default_provider().install_default();
+    }
 }

From 45648c140dfd325c9c8163cce07f5bd49d5ac424 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Mon, 25 Mar 2024 16:21:38 -0400
Subject: [PATCH 3/4] ci: add ring build to test phase

Previously we did not have a test step that would run the unit tests
assuming the equivalent of default features, but with the default
crypto provider (now `aws-lc-rs`) with the alternative built-in option
(now `ring`).
---
 .github/workflows/build.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 27ae1e5a..05a7f0d5 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -66,6 +66,11 @@ jobs:
         env:
           RUST_BACKTRACE: 1
 
+      - name: cargo test (debug; defaults+ring)
+        run: cargo test --no-default-features --features ring,native-tokio,http1,tls12,logging
+        env:
+          RUST_BACKTRACE: 1
+
       - name: cargo test (debug; all features)
         run: cargo test --all-features
         env:

From 624300b3d97987edd347a04c90542162323a3765 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Fri, 22 Mar 2024 09:45:40 -0400
Subject: [PATCH 4/4] Cargo: version 0.26.0 -> 0.27.0

---
 Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index c707e534..65084067 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "hyper-rustls"
-version = "0.26.0"
+version = "0.27.0"
 edition = "2021"
 rust-version = "1.64"
 license = "Apache-2.0 OR ISC OR MIT"