add comments

eclipse-zenoh · Jun 11, 2024 · a1a3cf3 · a1a3cf3
1 parent 8f26611
commit a1a3cf3
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 5 deletions.
diff --git a/io/zenoh-links/zenoh-link-quic/src/unicast.rs b/io/zenoh-links/zenoh-link-quic/src/unicast.rs
@@ -271,9 +271,14 @@ impl LinkManagerUnicastTrait for LinkManagerUnicastQuic {
         server_crypto.server_config.alpn_protocols =
             ALPN_QUIC_HTTP.iter().map(|&x| x.into()).collect();
 
-        // Install rustls provider
+        // Install ring based rustls CryptoProvider.
         rustls::crypto::ring::default_provider()
+            // This can be called successfully at most once in any process execution.
+            // Call this early in your process to configure which provider is used for the provider.
+            // The configuration should happen before any use of ClientConfig::builder() or ServerConfig::builder().
             .install_default()
+            // Ignore the error here, because `rustls::crypto::ring::default_provider().install_default()` will inevitably be executed multiple times
+            // when there are multiple quic links, and all but the first execution will fail.
             .ok();
 
         let quic_config: QuicServerConfig = server_crypto

diff --git a/io/zenoh-links/zenoh-link-quic/src/utils.rs b/io/zenoh-links/zenoh-link-quic/src/utils.rs
@@ -187,9 +187,14 @@ impl TlsServerConfig {
             bail!("No private key found for TLS server.");
         }
 
-        // Install rustls provider
+        // Install ring based rustls CryptoProvider.
         rustls::crypto::ring::default_provider()
+            // This can be called successfully at most once in any process execution.
+            // Call this early in your process to configure which provider is used for the provider.
+            // The configuration should happen before any use of ClientConfig::builder() or ServerConfig::builder().
             .install_default()
+            // Ignore the error here, because `rustls::crypto::ring::default_provider().install_default()` will inevitably be executed multiple times
+            // when there are multiple quic links, and all but the first execution will fail.
             .ok();
 
         let sc = if tls_server_client_auth {
@@ -273,9 +278,14 @@ impl TlsClientConfig {
             root_cert_store.extend(custom_root_cert.roots);
         }
 
-        // Install rustls provider
+        // Install ring based rustls CryptoProvider.
         rustls::crypto::ring::default_provider()
+            // This can be called successfully at most once in any process execution.
+            // Call this early in your process to configure which provider is used for the provider.
+            // The configuration should happen before any use of ClientConfig::builder() or ServerConfig::builder().
             .install_default()
+            // Ignore the error here, because `rustls::crypto::ring::default_provider().install_default()` will inevitably be executed multiple times
+            // when there are multiple quic links, and all but the first execution will fail.
             .ok();
 
         let cc = if tls_client_server_auth {

diff --git a/io/zenoh-links/zenoh-link-tls/src/utils.rs b/io/zenoh-links/zenoh-link-tls/src/utils.rs
@@ -188,9 +188,14 @@ impl TlsServerConfig {
             bail!("No private key found for TLS server.");
         }
 
-        // Install rustls provider
+        // Install ring based rustls CryptoProvider.
         rustls::crypto::ring::default_provider()
+            // This can be called successfully at most once in any process execution.
+            // Call this early in your process to configure which provider is used for the provider.
+            // The configuration should happen before any use of ClientConfig::builder() or ServerConfig::builder().
             .install_default()
+            // Ignore the error here, because `rustls::crypto::ring::default_provider().install_default()` will inevitably be executed multiple times
+            // when there are multiple quic links, and all but the first execution will fail.
             .ok();
 
         let sc = if tls_server_client_auth {
@@ -274,9 +279,14 @@ impl TlsClientConfig {
             root_cert_store.extend(custom_root_cert.roots);
         }
 
-        // Install rustls provider
+        // Install ring based rustls CryptoProvider.
         rustls::crypto::ring::default_provider()
+            // This can be called successfully at most once in any process execution.
+            // Call this early in your process to configure which provider is used for the provider.
+            // The configuration should happen before any use of ClientConfig::builder() or ServerConfig::builder().
             .install_default()
+            // Ignore the error here, because `rustls::crypto::ring::default_provider().install_default()` will inevitably be executed multiple times
+            // when there are multiple quic links, and all but the first execution will fail.
             .ok();
 
         let cc = if tls_client_server_auth {