Add TLS support

Cargo.lock

@@ -1136,6 +1136,7 @@ dependencies = [
  "hyper",
  "hyper-tls",
  "log",
+ "rustls",
  "serde",
  "serde_json",
  "serde_plain",
@@ -1780,6 +1781,21 @@ version = "0.8.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
 
+[[package]]
+name = "ring"
+version = "0.17.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d"
+dependencies = [
+ "cc",
+ "cfg-if",
+ "getrandom 0.2.14",
+ "libc",
+ "spin",
+ "untrusted",
+ "windows-sys 0.52.0",
+]
+
 [[package]]
 name = "rustc-demangle"
 version = "0.1.23"
@@ -1805,6 +1821,40 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "rustls"
+version = "0.23.29"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2491382039b29b9b11ff08b76ff6c97cf287671dbb74f0be44bda389fffe9bd1"
+dependencies = [
+ "once_cell",
+ "ring",
+ "rustls-pki-types",
+ "rustls-webpki",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "rustls-pki-types"
+version = "1.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "229a4a4c221013e7e1f1a043678c5cc39fe5171437c88fb47151a21e6f5b5c79"
+dependencies = [
+ "zeroize",
+]
+
+[[package]]
+name = "rustls-webpki"
+version = "0.103.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0a17884ae0c1b773f1ccd2bd4a8c72f16da897310a98b0e84bf349ad5ead92fc"
+dependencies = [
+ "ring",
+ "rustls-pki-types",
+ "untrusted",
+]
+
 [[package]]
 name = "rustversion"
 version = "1.0.20"
@@ -1968,6 +2018,12 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "spin"
+version = "0.9.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
+
 [[package]]
 name = "strsim"
 version = "0.8.0"
@@ -1980,6 +2036,12 @@ version = "0.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
 
+[[package]]
+name = "subtle"
+version = "2.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
+
 [[package]]
 name = "syn"
 version = "2.0.101"
@@ -2151,6 +2213,16 @@ dependencies = [
  "tokio",
 ]
 
+[[package]]
+name = "tokio-rustls"
+version = "0.26.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b"
+dependencies = [
+ "rustls",
+ "tokio",
+]
+
 [[package]]
 name = "tokio-tungstenite"
 version = "0.26.2"
@@ -2159,8 +2231,12 @@ checksum = "7a9daff607c6d2bf6c16fd681ccb7eecc83e4e2cdc1ca067ffaadfca5de7f084"
 dependencies = [
  "futures-util",
  "log",
+ "rustls",
+ "rustls-pki-types",
  "tokio",
+ "tokio-rustls",
  "tungstenite",
+ "webpki-roots 0.26.11",
 ]
 
 [[package]]
@@ -2254,9 +2330,12 @@ dependencies = [
  "httparse",
  "log",
  "rand 0.9.1",
+ "rustls",
+ "rustls-pki-types",
  "sha1",
  "thiserror 2.0.12",
  "utf-8",
+ "webpki-roots 0.26.11",
 ]
 
 [[package]]
@@ -2283,6 +2362,12 @@ version = "0.1.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7dd6e30e90baa6f72411720665d41d89b9a3d039dc45b8faea1ddd07f617f6af"
 
+[[package]]
+name = "untrusted"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
+
 [[package]]
 name = "urlencoding"
 version = "2.1.3"
@@ -2420,6 +2505,24 @@ version = "0.2.95"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "65fc09f10666a9f147042251e0dda9c18f166ff7de300607007e96bdebc1068d"
 
+[[package]]
+name = "webpki-roots"
+version = "0.26.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "521bc38abb08001b01866da9f51eb7c5d647a19260e00054a8c7fd5f9e57f7a9"
+dependencies = [
+ "webpki-roots 1.0.2",
+]
+
+[[package]]
+name = "webpki-roots"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7e8983c3ab33d6fb807cfcdad2491c4ea8cbc8ed839181c7dfd9c67c83e261b2"
+dependencies = [
+ "rustls-pki-types",
+]
+
 [[package]]
 name = "which"
 version = "3.1.1"

kordophone/Cargo.toml

@@ -21,8 +21,9 @@ serde_json = "1.0.91"
 serde_plain = "1.0.2"
 time = { version = "0.3.17", features = ["parsing", "serde"] }
 tokio = { version = "1.37.0", features = ["full"] }
-tokio-tungstenite = "0.26.2"
+tokio-tungstenite = { version = "0.26.2", features = ["rustls-tls-webpki-roots"] }
 tokio-util = { version = "0.7.15", features = ["futures-util"] }
-tungstenite = "0.26.2"
+tungstenite = { version = "0.26.2", features = ["rustls-tls-webpki-roots"] }
 urlencoding = "2.1.3"
 uuid = { version = "1.6.1", features = ["v4", "fast-rng", "macro-diagnostics"] }
+rustls = { version = "0.23", default-features = false, features = ["ring"] }

kordophone/src/api/http_client.rs

@@ -7,6 +7,7 @@ use crate::api::event_socket::{EventSocket, SinkMessage, SocketEvent, SocketUpda
 use crate::api::AuthenticationStore;
 use bytes::Bytes;
 use hyper::{Body, Client, Method, Request, Uri};
+use hyper_tls::HttpsConnector;
 
 use async_trait::async_trait;
 use serde::{de::DeserializeOwned, Deserialize, Serialize};
@@ -28,7 +29,7 @@ use crate::{
     APIInterface,
 };
 
-type HttpClient = Client<hyper::client::HttpConnector>;
+type HttpClient = Client<HttpsConnector<hyper::client::HttpConnector>>;
 
 pub struct HTTPAPIClient<K: AuthenticationStore + Send + Sync> {
     pub base_url: Uri,
@@ -458,11 +459,10 @@ impl<K: AuthenticationStore + Send + Sync> APIInterface for HTTPAPIClient<K> {
 
 impl<K: AuthenticationStore + Send + Sync> HTTPAPIClient<K> {
     pub fn new(base_url: Uri, auth_store: K) -> HTTPAPIClient<K> {
-        HTTPAPIClient {
+        let https = HttpsConnector::new();
-            base_url,
+        let client = Client::builder().build::<_, Body>(https);
-            auth_store,
+
-            client: Client::new(),
+        HTTPAPIClient { base_url, auth_store, client }
-        }
     }
 
     fn uri_for_endpoint(&self, endpoint: &str, scheme: Option<&str>) -> Result<Uri, Error> {

kordophone/src/lib.rs

@@ -5,3 +5,16 @@ pub use self::api::APIInterface;
 
 #[cfg(test)]
 pub mod tests;
+
+// Ensure a process-level rustls CryptoProvider is installed for TLS (wss).
+// Rustls 0.23 requires an explicit provider installation (e.g., ring or aws-lc).
+// We depend on rustls with feature "ring" and install it once at startup.
+#[ctor::ctor]
+fn install_rustls_crypto_provider() {
+    // If already installed, this is a no-op. Ignore the result.
+    #[allow(unused_must_use)]
+    {
+        use rustls::crypto::ring;
+        ring::default_provider().install_default();
+    }
+}