From 58d5816a9b2f18f09fdce070174bd7f48ab5052e Mon Sep 17 00:00:00 2001
From: Abdullah Alyan <AbdullahAlyan@yahoo.com>
Date: Mon, 25 Mar 2024 15:31:00 +0300
Subject: [PATCH] Update rustls to 0.23 and tokio-rustls to 0.26 and add
 support for tls-aws-lc

---
 core/lib/Cargo.toml          | 4 ++--
 core/lib/src/listener/tls.rs | 2 +-
 core/lib/src/tls/util.rs     | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/core/lib/Cargo.toml b/core/lib/Cargo.toml
index c09efb119d..c3820b0ee7 100644
--- a/core/lib/Cargo.toml
+++ b/core/lib/Cargo.toml
@@ -50,8 +50,8 @@ rmp-serde = { version = "1", optional = true }
 uuid_ = { package = "uuid", version = "1", optional = true, features = ["serde"] }
 
 # Optional TLS dependencies
-rustls = { version = "0.22", optional = true }
-tokio-rustls = { version = "0.25", optional = true }
+rustls = { version = "0.23", default-features = false, features = ["ring", "logging", "std", "tls12"], optional = true }
+tokio-rustls = { version = "0.26", default-features = false, features = ["logging", "tls12", "ring"], optional = true }
 rustls-pemfile = { version = "2.0.0", optional = true }
 
 # Optional MTLS dependencies
diff --git a/core/lib/src/listener/tls.rs b/core/lib/src/listener/tls.rs
index 7ff631f7a0..c542f4cbf0 100644
--- a/core/lib/src/listener/tls.rs
+++ b/core/lib/src/listener/tls.rs
@@ -31,7 +31,7 @@ impl TlsConfig {
     pub(crate) fn server_config(&self) -> Result<ServerConfig, Error> {
         let provider = rustls::crypto::CryptoProvider {
             cipher_suites: self.ciphers().map(|c| c.into()).collect(),
-            ..rustls::crypto::ring::default_provider()
+            ..rustls::crypto::CryptoProvider::get_default()
         };
 
         #[cfg(feature = "mtls")]
diff --git a/core/lib/src/tls/util.rs b/core/lib/src/tls/util.rs
index c07135adc7..804c91553f 100644
--- a/core/lib/src/tls/util.rs
+++ b/core/lib/src/tls/util.rs
@@ -33,7 +33,7 @@ pub fn load_key(reader: &mut dyn io::BufRead) -> Result<PrivateKeyDer<'static>>
 
     // Ensure we can use the key.
     let key = keys.remove(0);
-    rustls::crypto::ring::sign::any_supported_type(&key).map_err(KeyError::Unsupported)?;
+    rustls::crypto::CryptoProvider::get_default().key_provider.load_private_key(&key).map_err(KeyError::Unsupported)?
     Ok(key)
 }