From ea97229688032e20c1a44736e3afd38cdaa456a0 Mon Sep 17 00:00:00 2001
From: Piepmatz <git+github@cptpiepmatz.de>
Date: Sat, 24 May 2025 15:01:29 +0200
Subject: [PATCH] Fix: use `ring` as a crypto provider instead of `aws_lc`
 (#15812)

---
 Cargo.lock                                    | 93 +------------------
 Cargo.toml                                    |  2 +-
 crates/nu-command/Cargo.toml                  |  2 +-
 .../nu-command/src/network/tls/impl_rustls.rs |  4 +-
 4 files changed, 8 insertions(+), 93 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 72b0f0be2d..000d0d3907 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -370,29 +370,6 @@ dependencies = [
  "zeroize",
 ]
 
-[[package]]
-name = "aws-lc-rs"
-version = "1.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93fcc8f365936c834db5514fc45aee5b1202d677e6b40e48468aaaa8183ca8c7"
-dependencies = [
- "aws-lc-sys",
- "zeroize",
-]
-
-[[package]]
-name = "aws-lc-sys"
-version = "0.29.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61b1d86e7705efe1be1b569bab41d4fa1e14e220b60a160f78de2db687add079"
-dependencies = [
- "bindgen 0.69.5",
- "cc",
- "cmake",
- "dunce",
- "fs_extra",
-]
-
 [[package]]
 name = "aws-runtime"
 version = "1.4.3"
@@ -703,29 +680,6 @@ dependencies = [
  "serde",
 ]
 
-[[package]]
-name = "bindgen"
-version = "0.69.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088"
-dependencies = [
- "bitflags 2.6.0",
- "cexpr",
- "clang-sys",
- "itertools 0.11.0",
- "lazy_static",
- "lazycell",
- "log",
- "prettyplease",
- "proc-macro2",
- "quote",
- "regex",
- "rustc-hash 1.1.0",
- "shlex",
- "syn 2.0.90",
- "which 4.4.2",
-]
-
 [[package]]
 name = "bindgen"
 version = "0.70.1"
@@ -1115,15 +1069,6 @@ dependencies = [
  "error-code",
 ]
 
-[[package]]
-name = "cmake"
-version = "0.1.54"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0"
-dependencies = [
- "cc",
-]
-
 [[package]]
 name = "codepage"
 version = "0.1.2"
@@ -2966,12 +2911,6 @@ version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
 
-[[package]]
-name = "lazycell"
-version = "1.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
-
 [[package]]
 name = "libc"
 version = "0.2.168"
@@ -3034,7 +2973,7 @@ version = "0.14.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e78a09b56be5adbcad5aa1197371688dc6bb249a26da3bca2011ee2fb987ebfb"
 dependencies = [
- "bindgen 0.70.1",
+ "bindgen",
  "errno",
  "libc",
 ]
@@ -3625,7 +3564,7 @@ dependencies = [
  "tempfile",
  "unicode-segmentation",
  "uuid",
- "which 7.0.0",
+ "which",
 ]
 
 [[package]]
@@ -3814,7 +3753,7 @@ dependencies = [
  "wax",
  "web-time",
  "webpki-roots 1.0.0",
- "which 7.0.0",
+ "which",
  "windows 0.56.0",
  "winreg",
 ]
@@ -4124,7 +4063,7 @@ dependencies = [
  "nu-utils",
  "num-format",
  "tempfile",
- "which 7.0.0",
+ "which",
 ]
 
 [[package]]
@@ -5577,16 +5516,6 @@ dependencies = [
  "yansi",
 ]
 
-[[package]]
-name = "prettyplease"
-version = "0.2.25"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033"
-dependencies = [
- "proc-macro2",
- "syn 2.0.90",
-]
-
 [[package]]
 name = "print-positions"
 version = "0.6.1"
@@ -6348,7 +6277,6 @@ version = "0.23.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5065c3f250cbd332cd894be57c40fa52387247659b14a2d6041d121547903b1b"
 dependencies = [
- "aws-lc-rs",
  "log",
  "once_cell",
  "ring",
@@ -6425,7 +6353,6 @@ version = "0.102.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9"
 dependencies = [
- "aws-lc-rs",
  "ring",
  "rustls-pki-types",
  "untrusted",
@@ -8253,18 +8180,6 @@ dependencies = [
  "rustls-pki-types",
 ]
 
-[[package]]
-name = "which"
-version = "4.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
-dependencies = [
- "either",
- "home",
- "once_cell",
- "rustix 0.38.42",
-]
-
 [[package]]
 name = "which"
 version = "7.0.0"
diff --git a/Cargo.toml b/Cargo.toml
index 5392c637cd..7eab969d61 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -148,7 +148,7 @@ rstest = { version = "0.23", default-features = false }
 rstest_reuse = "0.7"
 rusqlite = "0.31"
 rust-embed = "8.7.0"
-rustls = "0.23"
+rustls = { version = "0.23", default-features = false, features = ["std", "tls12"] }
 rustls-native-certs = "0.8"
 scopeguard = { version = "1.2.0" }
 serde = { version = "1.0" }
diff --git a/crates/nu-command/Cargo.toml b/crates/nu-command/Cargo.toml
index 03aa886310..bb073a684f 100644
--- a/crates/nu-command/Cargo.toml
+++ b/crates/nu-command/Cargo.toml
@@ -91,7 +91,7 @@ rusqlite = { workspace = true, features = [
 	"backup",
 	"chrono",
 ], optional = true }
-rustls = { workspace = true, optional = true }
+rustls = { workspace = true, optional = true, features = ["ring"] }
 rustls-native-certs = { workspace = true, optional = true }
 rmp = { workspace = true }
 scopeguard = { workspace = true }
diff --git a/crates/nu-command/src/network/tls/impl_rustls.rs b/crates/nu-command/src/network/tls/impl_rustls.rs
index b05ba3aaa2..ac22e8bc19 100644
--- a/crates/nu-command/src/network/tls/impl_rustls.rs
+++ b/crates/nu-command/src/network/tls/impl_rustls.rs
@@ -42,7 +42,7 @@ use ureq::TlsConnector;
 ///   use nu_command::tls::CRYPTO_PROVIDER;
 ///
 ///   // Call once at startup
-///   CRYPTO_PROVIDER.set(|| Ok(rustls::crypto::aws_lc_rs::default_provider()));
+///   CRYPTO_PROVIDER.set(|| Ok(rustls::crypto::ring::default_provider()));
 ///   ```
 ///
 /// Only the first successful call takes effect. Later calls do nothing and return `false`.
@@ -99,7 +99,7 @@ impl NuCryptoProvider {
     /// If it fails, use [`set`](Self::set) to install a custom one.  
     /// Returns whether the provider was stored successfully.
     pub fn default(&self) -> bool {
-        self.set(|| Ok(rustls::crypto::aws_lc_rs::default_provider()))
+        self.set(|| Ok(rustls::crypto::ring::default_provider()))
     }
 }