Skip to main content

codetether_agent/
tls.rs

1//! TLS / crypto provider initialization helpers.
2//!
3//! Rustls 0.23+ requires selecting a process-level `CryptoProvider` before
4//! performing TLS operations. In binaries this is typically done at startup,
5//! but our unit tests exercise code paths that create HTTPS clients directly.
6//!
7//! This module provides a single, idempotent initializer.
8
9use std::sync::OnceLock;
10
11static RUSTLS_PROVIDER_INSTALLED: OnceLock<()> = OnceLock::new();
12
13/// Ensure the rustls crypto provider is installed.
14///
15/// Safe to call multiple times.
16pub fn ensure_rustls_crypto_provider() {
17    RUSTLS_PROVIDER_INSTALLED.get_or_init(|| {
18        // We compile rustls with the `ring` provider.
19        if let Err(e) = rustls::crypto::ring::default_provider().install_default() {
20            // Ignore "already installed" style errors. Any other error is still
21            // non-fatal here; downstream TLS operations will surface failures.
22            tracing::debug!(error = ?e, "rustls crypto provider install_default() returned error");
23        }
24    });
25}