fix(rustproxy): install default rustls crypto provider early; detect and skip raw fast-path for HTTP connections and return proper HTTP 502 when no route matches

2026-02-12 20:17:32 +00:00
parent 28fa69bf59
commit 81e0e6b4d8
4 changed files with 51 additions and 2 deletions
--- a/rust/crates/rustproxy/src/main.rs
+++ b/rust/crates/rustproxy/src/main.rs
@@ -29,6 +29,11 @@ struct Cli {

 #[tokio::main]
 async fn main() -> Result<()> {
+    // Install the default CryptoProvider early, before any TLS or ACME code runs.
+    // This prevents panics from instant-acme/hyper-rustls calling ClientConfig::builder()
+    // before TLS listeners have started. Idempotent — later calls harmlessly return Err.
+    let _ = rustls::crypto::ring::default_provider().install_default();
+
    let cli = Cli::parse();

    // Initialize tracing - write to stderr so stdout is reserved for management IPC