notedeck

One damus client to rule them all
git clone git://jb55.com/notedeck
Log | Files | Refs | README | LICENSE
commit 42d68c115eddec9be86553c8d69df8e7afd9d613
parent 4c2173c23ac85177df1c34824f213ed5ab59b5c4
Author: d3vv3r <ananalabinfowayne@gmail.com>
Date:   Fri, 23 Jan 2026 05:11:10 +0200

fix(windows): use ring crypto provider instead of aws-lc-rs

aws-lc-rs requires cmake and NASM on Windows, which adds friction for
developers. This change uses ring on Windows (via cfg(windows)) while
keeping aws-lc-rs on other platforms for better performance.

Fixes Windows build regression introduced by hyper networking in fd7238bc4c07.

Diffstat:

MCargo.lock | 1+


MCargo.toml | 11+++++++++--


Mcrates/notedeck/Cargo.toml | 17+++++++++++++++--


Mcrates/notedeck/src/app.rs | 23+++++++++++++++++++++--


4 files changed, 46 insertions(+), 6 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
@@ -3905,6 +3905,7 @@ dependencies = [
  "puffin_egui",
  "rand 0.9.2",
  "regex",
+ "ring",
  "rustls",
  "secp256k1 0.30.0",
  "serde",
diff --git a/Cargo.toml b/Cargo.toml
@@ -36,9 +36,16 @@ egui_virtual_list = { git = "https://github.com/jb55/hello_egui", rev = "a66b679
 ehttp = "0.5.0"
 hyper = { version = "1.7.0", features = ["full"] }
 hyper-util = {version = "0.1" , features = ["tokio"]}
-hyper-rustls = "0.27.7"
+# hyper-rustls with NO default crypto provider (aws-lc-rs is default and requires cmake on Windows)
+# Crates add platform-specific features: ring on Windows, aws-lc-rs elsewhere
+hyper-rustls = { version = "0.27.7", default-features = false, features = ["http1", "tls12", "logging", "native-tokio"] }
 http-body-util = "0.1.3"
-rustls = "0.23.28"
+# rustls with NO default crypto provider at workspace level.
+# Crates use platform-specific dependencies to select:
+# - Windows: ring (no cmake/NASM needed)
+# - Other platforms: aws-lc-rs (better performance)
+rustls = { version = "0.23.28", default-features = false, features = ["std", "tls12", "logging"] }
+ring = "0.17"
 enostr = { path = "crates/enostr" } 
 ewebsock = { version = "0.2.0", features = ["tls"] }
 fluent = "0.17.0"
diff --git a/crates/notedeck/Cargo.toml b/crates/notedeck/Cargo.toml
@@ -57,8 +57,8 @@ crossbeam = "0.8.4"
 hyper = { workspace = true }
 hyper-util = { workspace = true }
 http-body-util = { workspace = true }
-hyper-rustls = { workspace = true }
-rustls = { workspace = true }
+# rustls and hyper-rustls are specified in platform-specific sections below
+# (Windows uses ring, others use aws-lc-rs)
 keyring = { workspace = true }
 
 [dev-dependencies]
@@ -74,3 +74,16 @@ ndk-context = "0.1"
 puffin = ["puffin_egui", "dep:puffin"]
 debug-widget-callstack = ["egui/callstack"]
 debug-interactive-widgets = []
+
+# Use ring on Windows (fewer build dependencies than aws-lc-rs which requires cmake/NASM)
+[target.'cfg(windows)'.dependencies]
+ring = { workspace = true }
+# Override rustls to use ring crypto provider on Windows
+rustls = { version = "0.23.28", default-features = false, features = ["std", "tls12", "logging", "ring"] }
+# Override hyper-rustls to use ring on Windows
+hyper-rustls = { version = "0.27.7", default-features = false, features = ["http1", "tls12", "logging", "native-tokio", "ring"] }
+
+# Use aws-lc-rs on non-Windows platforms for better performance
+[target.'cfg(not(windows))'.dependencies]
+rustls = { version = "0.23.28", default-features = false, features = ["std", "tls12", "logging", "aws_lc_rs"] }
+hyper-rustls = { version = "0.27.7", default-features = false, features = ["http1", "tls12", "logging", "native-tokio", "aws-lc-rs"] }
diff --git a/crates/notedeck/src/app.rs b/crates/notedeck/src/app.rs
@@ -423,9 +423,28 @@ impl Notedeck {
     }
 }
 
+/// Installs the default TLS crypto provider for rustls.
+///
+/// This function selects the crypto provider based on the target platform:
+/// - **Windows**: Uses `ring` because `aws-lc-rs` requires cmake and NASM,
+///   which adds significant friction for Windows developers.
+/// - **Other platforms**: Uses `aws-lc-rs` for optimal performance.
+///
+/// Must be called once at application startup before any TLS operations.
 pub fn install_crypto() {
-    let provider = rustls::crypto::aws_lc_rs::default_provider();
-    let _ = provider.install_default();
+    // On Windows, use ring (fewer build requirements than aws-lc-rs which needs cmake/NASM)
+    #[cfg(windows)]
+    {
+        let provider = rustls::crypto::ring::default_provider();
+        let _ = provider.install_default();
+    }
+
+    // On non-Windows platforms, use aws-lc-rs for optimal performance
+    #[cfg(not(windows))]
+    {
+        let provider = rustls::crypto::aws_lc_rs::default_provider();
+        let _ = provider.install_default();
+    }
 }
 
 #[profiling::function]