chore: Admin announcement

Yeah that didn't work sadly.

.forgejo/workflows/prek-checks.yml

@@ -53,7 +53,7 @@ jobs:
           persist-credentials: false
 
       - name: Check for file changes
-        uses: https://github.com/dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4
+        uses: https://github.com/dorny/paths-filter@v4
         id: filter
         with:
           filters: |

CHANGELOG.md

@@ -1,3 +1,20 @@
+# Continuwuity 0.5.8 (2026-04-24)
+
+## Features
+
+- LDAP can now optionally be connected to using StartTLS, and you may unsafely skip verification. Contributed by @getz (#1389)
+- Users will now be prevented from removing their email if the server is configured to require an email when registering an account.
+
+## Bugfixes
+
+- Fixed a situation where multiple email addresses could be associated with one user when that user changes their email address.
+
+## Improved Documentation
+
+- Updated config docs to state we support room version 12, and set it as default. Contributed by @ezera. (#1622)
+- Improve instructions for generic deployments, removing unnecessary parts and documenting the new initial registration token flow. Contributed by @stratself (#1677)
+
+
 # Continuwuity v0.5.7 (2026-04-17)
 
 ## Features

Cargo.lock

@@ -490,28 +490,6 @@ dependencies = [
  "tracing",
 ]
 
-[[package]]
-name = "axum-server"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1ab4a3ec9ea8a657c72d99a03a824af695bd0fb5ec639ccbd9cd3543b41a5f9"
-dependencies = [
- "arc-swap",
- "bytes",
- "fs-err",
- "http",
- "http-body",
- "hyper",
- "hyper-util",
- "pin-project-lite",
- "rustls",
- "rustls-pemfile",
- "rustls-pki-types",
- "tokio",
- "tokio-rustls",
- "tower-service",
-]
-
 [[package]]
 name = "axum-server"
 version = "0.8.0"
@@ -536,11 +514,10 @@ dependencies = [
 
 [[package]]
 name = "axum-server-dual-protocol"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2164551db024e87f20316d164eab9f5ad342d8188b08051ceb15ca92a60ea7b7"
+version = "0.8.0"
+source = "git+https://github.com/vinchona/axum-server-dual-protocol.git?rev=ca6db055254255b74238673ce4135698e347d71c#ca6db055254255b74238673ce4135698e347d71c"
 dependencies = [
- "axum-server 0.7.3",
+ "axum-server",
  "bytes",
  "http",
  "http-body-util",
@@ -983,8 +960,9 @@ dependencies = [
 
 [[package]]
 name = "conduwuit"
-version = "0.5.7"
+version = "0.5.8"
 dependencies = [
+ "aws-lc-rs",
  "clap",
  "conduwuit_admin",
  "conduwuit_api",
@@ -1003,6 +981,8 @@ dependencies = [
  "opentelemetry-otlp",
  "opentelemetry_sdk",
  "parking_lot",
+ "reqwest 0.13.2",
+ "rustls",
  "sentry",
  "sentry-tower",
  "sentry-tracing",
@@ -1017,7 +997,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_admin"
-version = "0.5.7"
+version = "0.5.8"
 dependencies = [
  "clap",
  "conduwuit_api",
@@ -1040,7 +1020,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_api"
-version = "0.5.7"
+version = "0.5.8"
 dependencies = [
  "async-trait",
  "axum",
@@ -1075,7 +1055,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_build_metadata"
-version = "0.5.7"
+version = "0.5.8"
 dependencies = [
  "built",
  "cargo_metadata",
@@ -1083,7 +1063,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_core"
-version = "0.5.7"
+version = "0.5.8"
 dependencies = [
  "argon2",
  "arrayvec",
@@ -1123,13 +1103,13 @@ dependencies = [
  "rand_core 0.6.4",
  "regex",
  "reqwest 0.13.2",
- "ring",
  "ruma",
  "sanitize-filename",
  "serde",
  "serde-saphyr",
  "serde_json",
  "serde_regex",
+ "sha2 0.11.0",
  "smallstr",
  "smallvec",
  "thiserror 2.0.18",
@@ -1147,7 +1127,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_database"
-version = "0.5.7"
+version = "0.5.8"
 dependencies = [
  "async-channel",
  "conduwuit_core",
@@ -1167,7 +1147,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_macros"
-version = "0.5.7"
+version = "0.5.8"
 dependencies = [
  "cargo_toml",
  "itertools 0.14.0",
@@ -1178,11 +1158,11 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_router"
-version = "0.5.7"
+version = "0.5.8"
 dependencies = [
  "axum",
  "axum-client-ip",
- "axum-server 0.8.0",
+ "axum-server",
  "axum-server-dual-protocol",
  "bytes",
  "conduwuit_admin",
@@ -1214,7 +1194,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_service"
-version = "0.5.7"
+version = "0.5.8"
 dependencies = [
  "askama",
  "async-trait",
@@ -1261,7 +1241,7 @@ dependencies = [
 
 [[package]]
 name = "conduwuit_web"
-version = "0.5.7"
+version = "0.5.8"
 dependencies = [
  "askama",
  "async-trait",
@@ -3140,9 +3120,9 @@ dependencies = [
 
 [[package]]
 name = "libc"
-version = "0.2.185"
+version = "0.2.186"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "52ff2c0fe9bc6cb6b14a0592c2ff4fa9ceb83eea9db979b0487cd054946a2b8f"
+checksum = "68ab91017fe16c622486840e4c83c9a37afeff978bd239b5293d61ece587de66"
 
 [[package]]
 name = "libfuzzer-sys"
@@ -4364,7 +4344,7 @@ dependencies = [
  "once_cell",
  "socket2",
  "tracing",
- "windows-sys 0.60.2",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -4981,15 +4961,6 @@ dependencies = [
  "security-framework",
 ]
 
-[[package]]
-name = "rustls-pemfile"
-version = "2.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dce314e5fee3f39953d46bb63bb8a46d40c2f8fb7cc5a3b6cab2bde9721d6e50"
-dependencies = [
- "rustls-pki-types",
-]
-
 [[package]]
 name = "rustls-pki-types"
 version = "1.14.0"
@@ -5160,7 +5131,6 @@ dependencies = [
  "cfg_aliases",
  "httpdate",
  "reqwest 0.13.2",
- "rustls",
  "sentry-backtrace",
  "sentry-contexts",
  "sentry-core",
@@ -5170,7 +5140,6 @@ dependencies = [
  "sentry-tower",
  "sentry-tracing",
  "tokio",
- "ureq",
 ]
 
 [[package]]
@@ -6373,34 +6342,6 @@ version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
 
-[[package]]
-name = "ureq"
-version = "3.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dea7109cdcd5864d4eeb1b58a1648dc9bf520360d7af16ec26d0a9354bafcfc0"
-dependencies = [
- "base64 0.22.1",
- "log",
- "percent-encoding",
- "rustls",
- "rustls-pki-types",
- "ureq-proto",
- "utf8-zero",
- "webpki-roots",
-]
-
-[[package]]
-name = "ureq-proto"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e994ba84b0bd1b1b0cf92878b7ef898a5c1760108fe7b6010327e274917a808c"
-dependencies = [
- "base64 0.22.1",
- "http",
- "httparse",
- "log",
-]
-
 [[package]]
 name = "url"
 version = "2.5.8"
@@ -6426,12 +6367,6 @@ version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9"
 
-[[package]]
-name = "utf8-zero"
-version = "0.8.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b8c0a043c9540bae7c578c88f91dda8bd82e59ae27c21baca69c8b191aaf5a6e"
-
 [[package]]
 name = "utf8_iter"
 version = "1.0.4"
@@ -6695,15 +6630,6 @@ dependencies = [
  "rustls-pki-types",
 ]
 
-[[package]]
-name = "webpki-roots"
-version = "1.0.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "52f5ee44c96cf55f1b349600768e3ece3a8f26010c05265ab73f945bb1a2eb9d"
-dependencies = [
- "rustls-pki-types",
-]
-
 [[package]]
 name = "weezl"
 version = "0.1.12"
@@ -6806,15 +6732,6 @@ dependencies = [
  "windows-targets 0.52.6",
 ]
 
-[[package]]
-name = "windows-sys"
-version = "0.60.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2f500e4d28234f72040990ec9d39e3a6b950f9f22d3dba18416c35882612bcb"
-dependencies = [
- "windows-targets 0.53.5",
-]
-
 [[package]]
 name = "windows-sys"
 version = "0.61.2"
@@ -6848,30 +6765,13 @@ dependencies = [
  "windows_aarch64_gnullvm 0.52.6",
  "windows_aarch64_msvc 0.52.6",
  "windows_i686_gnu 0.52.6",
- "windows_i686_gnullvm 0.52.6",
+ "windows_i686_gnullvm",
  "windows_i686_msvc 0.52.6",
  "windows_x86_64_gnu 0.52.6",
  "windows_x86_64_gnullvm 0.52.6",
  "windows_x86_64_msvc 0.52.6",
 ]
 
-[[package]]
-name = "windows-targets"
-version = "0.53.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4945f9f551b88e0d65f3db0bc25c33b8acea4d9e41163edf90dcd0b19f9069f3"
-dependencies = [
- "windows-link",
- "windows_aarch64_gnullvm 0.53.1",
- "windows_aarch64_msvc 0.53.1",
- "windows_i686_gnu 0.53.1",
- "windows_i686_gnullvm 0.53.1",
- "windows_i686_msvc 0.53.1",
- "windows_x86_64_gnu 0.53.1",
- "windows_x86_64_gnullvm 0.53.1",
- "windows_x86_64_msvc 0.53.1",
-]
-
 [[package]]
 name = "windows_aarch64_gnullvm"
 version = "0.42.2"
@@ -6884,12 +6784,6 @@ version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
 
-[[package]]
-name = "windows_aarch64_gnullvm"
-version = "0.53.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a9d8416fa8b42f5c947f8482c43e7d89e73a173cead56d044f6a56104a6d1b53"
-
 [[package]]
 name = "windows_aarch64_msvc"
 version = "0.42.2"
@@ -6902,12 +6796,6 @@ version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
 
-[[package]]
-name = "windows_aarch64_msvc"
-version = "0.53.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b9d782e804c2f632e395708e99a94275910eb9100b2114651e04744e9b125006"
-
 [[package]]
 name = "windows_i686_gnu"
 version = "0.42.2"
@@ -6920,24 +6808,12 @@ version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
 
-[[package]]
-name = "windows_i686_gnu"
-version = "0.53.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "960e6da069d81e09becb0ca57a65220ddff016ff2d6af6a223cf372a506593a3"
-
 [[package]]
 name = "windows_i686_gnullvm"
 version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
 
-[[package]]
-name = "windows_i686_gnullvm"
-version = "0.53.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fa7359d10048f68ab8b09fa71c3daccfb0e9b559aed648a8f95469c27057180c"
-
 [[package]]
 name = "windows_i686_msvc"
 version = "0.42.2"
@@ -6950,12 +6826,6 @@ version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
 
-[[package]]
-name = "windows_i686_msvc"
-version = "0.53.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e7ac75179f18232fe9c285163565a57ef8d3c89254a30685b57d83a38d326c2"
-
 [[package]]
 name = "windows_x86_64_gnu"
 version = "0.42.2"
@@ -6968,12 +6838,6 @@ version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
 
-[[package]]
-name = "windows_x86_64_gnu"
-version = "0.53.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c3842cdd74a865a8066ab39c8a7a473c0778a3f29370b5fd6b4b9aa7df4a499"
-
 [[package]]
 name = "windows_x86_64_gnullvm"
 version = "0.42.2"
@@ -6986,12 +6850,6 @@ version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
 
-[[package]]
-name = "windows_x86_64_gnullvm"
-version = "0.53.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ffa179e2d07eee8ad8f57493436566c7cc30ac536a3379fdf008f47f6bb7ae1"
-
 [[package]]
 name = "windows_x86_64_msvc"
 version = "0.42.2"
@@ -7004,12 +6862,6 @@ version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
 
-[[package]]
-name = "windows_x86_64_msvc"
-version = "0.53.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d6bbff5f0aada427a1e5a6da5f1f98158182f26556f345ac9e04d36d0ebed650"
-
 [[package]]
 name = "winnow"
 version = "0.7.15"
@@ -7158,7 +7010,7 @@ dependencies = [
 
 [[package]]
 name = "xtask"
-version = "0.5.7"
+version = "0.5.8"
 dependencies = [
  "askama",
  "cargo_metadata",

Cargo.toml

@@ -12,7 +12,7 @@ license = "Apache-2.0"
 # See also `rust-toolchain.toml`
 readme = "README.md"
 repository = "https://forgejo.ellis.link/continuwuation/continuwuity"
-version = "0.5.7"
+version = "0.5.8"
 
 [workspace.metadata.crane]
 name = "conduwuit"
@@ -107,7 +107,10 @@ default-features = false
 
 # to listen on both HTTP and HTTPS if listening on TLS dierctly from conduwuit for complement or sytest
 [workspace.dependencies.axum-server-dual-protocol]
-version = "0.7"
+# version = "0.7"
+git = "https://github.com/vinchona/axum-server-dual-protocol.git"
+rev = "ca6db055254255b74238673ce4135698e347d71c" # feat!: bump axum_server to 0.8.0
+default-features = false
 
 [workspace.dependencies.axum-client-ip]
 version = "1.3"
@@ -134,13 +137,12 @@ features = [
 [workspace.dependencies.rustls]
 version = "0.23.25"
 default-features = false
-features = ["aws_lc_rs"]
 
 [workspace.dependencies.reqwest]
 version = "0.13.2"
 default-features = false
 features = [
-    "rustls",
+    "rustls-no-provider",
     "socks",
     "hickory-dns",
     "http2",
@@ -436,7 +438,6 @@ features = [
     "contexts",
     "debug-images",
     "panic",
-    "rustls",
     "tower",
     "tower-http",
     "tracing",
@@ -560,7 +561,7 @@ version = "0.15.0"
 [workspace.dependencies.lettre]
 version = "0.11.19"
 default-features = false
-features = ["smtp-transport", "pool", "hostname", "builder", "rustls", "rustls-native-certs", "tokio1", "ring", "tokio1-rustls", "tracing", "serde"]
+features = ["smtp-transport", "pool", "hostname", "builder", "rustls", "rustls-native-certs", "tokio1", "rustls-no-provider", "tokio1-rustls", "tracing", "serde"]
 
 [workspace.dependencies.governor]
 version = "0.10.4"

changelog.d/+1608cdcb.feature.md

@@ -1 +0,0 @@
-Users will now be prevented from removing their email if the server is configured to require an email when registering an account.

changelog.d/+e82957a7.bugfix.md

@@ -1 +0,0 @@
-Fixed a situation where multiple email addresses could be associated with one user when that user changes their email address.

changelog.d/1389.feature.md

@@ -1 +0,0 @@
-LDAP can now optionally be connected to using StartTLS, and you may unsafely skip verification. Contributed by @getz

changelog.d/1622.doc

@@ -1 +0,0 @@
-Updated config docs to state we support room version 12, and set it as default. Contributed by @ezera.

changelog.d/1677.doc

@@ -1 +0,0 @@
-Improve instructions for generic deployments, removing unnecessary parts and documenting the new initial registration token flow. Contributed by @stratself

docker/Dockerfile

@@ -17,12 +17,14 @@ ARG LLVM_VERSION=21
 # Line one: compiler tools
 # Line two: curl, for downloading binaries and wget because llvm.sh is broken with curl
 # Line three: for xx-verify
+# golang, cmake: For aws-lc-rs bindgen
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     --mount=type=cache,target=/var/lib/apt,sharing=locked \
     apt-get update && apt-get install -y \
     pkg-config make jq \
     wget curl git software-properties-common \
     file
+    # golang cmake
 
 # LLVM packages
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
@@ -162,7 +164,7 @@ ENV CONDUWUIT_VERSION_EXTRA=$CONDUWUIT_VERSION_EXTRA
 ENV CONTINUWUITY_VERSION_EXTRA=$CONTINUWUITY_VERSION_EXTRA
 
 ARG RUST_PROFILE=release
-ARG CARGO_FEATURES="default,http3"
+ARG CARGO_FEATURES="default"
 
 # Build the binary
 RUN --mount=type=cache,target=/usr/local/cargo/registry \

docs/public/.well-known/continuwuity/announcements

@@ -6,10 +6,10 @@
             "message": "Welcome to Continuwuity! Important announcements about the project will appear here."
         },
         {
-            "id": 11,
+            "id": 12,
             "mention_room": false,
-            "date": "2026-04-17",
-            "message": "[v0.5.7](https://forgejo.ellis.link/continuwuation/continuwuity/releases/tag/v0.5.7) is out! Email verification! Terms and Conditions! Deleting notification pushers! So much good stuff. Go grab the release and read the changelog!"
+            "date": "2026-04-24",
+            "message": "[v0.5.8](https://forgejo.ellis.link/continuwuation/continuwuity/releases/tag/v0.5.8) is out! This is a patch release which fixes a bug in 0.5.7's email support -- upgrade soon if you use that feature."
         }
     ]
 }

src/api/Cargo.toml

@@ -29,10 +29,6 @@ gzip_compression = [
 	"conduwuit-service/gzip_compression",
 	"reqwest/gzip",
 ]
-http3 = [
-	"conduwuit-core/http3",
-	"conduwuit-service/http3",
-]
 io_uring = [
 	"conduwuit-service/io_uring",
 ]

src/core/Cargo.toml

@@ -25,9 +25,6 @@ conduwuit_mods = [
 gzip_compression = [
 	"reqwest/gzip",
 ]
-http3 = [
-	"reqwest/http3",
-]
 hardened_malloc = [
 	"dep:hardened_malloc-rs"
 ]
@@ -92,7 +89,7 @@ rand.workspace = true
 rand_core = { version = "0.6.4", features = ["getrandom"] }
 regex.workspace = true
 reqwest.workspace = true
-ring.workspace = true
+sha2.workspace = true
 ruma.workspace = true
 sanitize-filename.workspace = true
 serde_json.workspace = true

src/core/utils/hash/sha256.rs

@@ -1,19 +1,16 @@
-use ring::{
-	digest,
-	digest::{Context, SHA256, SHA256_OUTPUT_LEN},
-};
+use sha2::{Digest, Sha256};
 
-pub type Digest = [u8; SHA256_OUTPUT_LEN];
+pub type DigestOut = [u8; 256 / 8];
 
 /// Sha256 hash (input gather joined by 0xFF bytes)
 #[must_use]
 #[tracing::instrument(skip(inputs), level = "trace")]
-pub fn delimited<'a, T, I>(mut inputs: I) -> Digest
+pub fn delimited<'a, T, I>(mut inputs: I) -> DigestOut
 where
 	I: Iterator<Item = T> + 'a,
 	T: AsRef<[u8]> + 'a,
 {
-	let mut ctx = Context::new(&SHA256);
+	let mut ctx = Sha256::new();
 	if let Some(input) = inputs.next() {
 		ctx.update(input.as_ref());
 		for input in inputs {
@@ -22,8 +19,7 @@ pub fn delimited<'a, T, I>(mut inputs: I) -> Digest
 		}
 	}
 
-	ctx.finish()
-		.as_ref()
+	ctx.finalize()
 		.try_into()
 		.expect("failed to return Digest buffer")
 }
@@ -31,18 +27,17 @@ pub fn delimited<'a, T, I>(mut inputs: I) -> Digest
 /// Sha256 hash (input gather)
 #[must_use]
 #[tracing::instrument(skip(inputs), level = "trace")]
-pub fn concat<'a, T, I>(inputs: I) -> Digest
+pub fn concat<'a, T, I>(inputs: I) -> DigestOut
 where
 	I: Iterator<Item = T> + 'a,
 	T: AsRef<[u8]> + 'a,
 {
 	inputs
-		.fold(Context::new(&SHA256), |mut ctx, input| {
+		.fold(Sha256::new(), |mut ctx, input| {
 			ctx.update(input.as_ref());
 			ctx
 		})
-		.finish()
-		.as_ref()
+		.finalize()
 		.try_into()
 		.expect("failed to return Digest buffer")
 }
@@ -51,12 +46,11 @@ pub fn concat<'a, T, I>(inputs: I) -> Digest
 #[inline]
 #[must_use]
 #[tracing::instrument(skip(input), level = "trace")]
-pub fn hash<T>(input: T) -> Digest
+pub fn hash<T>(input: T) -> DigestOut
 where
 	T: AsRef<[u8]>,
 {
-	digest::digest(&SHA256, input.as_ref())
-		.as_ref()
+	Sha256::digest(input)
 		.try_into()
 		.expect("failed to return Digest buffer")
 }

src/main/Cargo.toml

@@ -43,6 +43,7 @@ assets = [
 default = [
     "standard",
     "release_max_log_level",
+    "ring",
 	"bindgen-runtime", # replace with bindgen-static on alpine
 ]
 standard = [
@@ -100,9 +101,14 @@ hardened_malloc = [
 	"conduwuit-core/hardened_malloc",
 ]
 http3 = [
-	"conduwuit-api/http3",
-	"conduwuit-core/http3",
-	"conduwuit-service/http3",
+    "reqwest/http3"
+]
+ring = [
+    "rustls/ring"
+]
+aws_lc_rs = [
+    "rustls/aws_lc_rs",
+    "dep:aws-lc-rs"
 ]
 io_uring = [
 	"conduwuit-database/io_uring",
@@ -238,6 +244,9 @@ tracing-subscriber.workspace = true
 tracing.workspace = true
 tracing-journald = { workspace = true, optional = true }
 parking_lot.workspace = true
+reqwest = { workspace = true, default-features = false }
+rustls = { workspace = true, default-features = false }
+aws-lc-rs = { version = "1.16.3", default-features = false, optional = true }
 
 
 [target.'cfg(all(not(target_env = "msvc"), target_os = "linux"))'.dependencies]

src/main/mod.rs

@@ -33,6 +33,18 @@ pub fn run_with_args(args: &Args) -> Result<()> {
 	// Spawn deadlock detection thread
 	deadlock::spawn();
 
+	// Because we're not using rustls default-tls, we have to initialise a TLS
+	// provider
+	#[cfg(feature = "aws_lc_rs")]
+	rustls::crypto::aws_lc_rs::default_provider()
+		.install_default()
+		.expect("failed to initialise ring rustls crypto provider");
+
+	#[cfg(all(feature = "ring", not(feature = "aws_lc_rs")))]
+	rustls::crypto::ring::default_provider()
+		.install_default()
+		.expect("failed to initialise ring rustls crypto provider");
+
 	let runtime = runtime::new(args)?;
 	let server = Server::new(args, Some(runtime.handle()))?;
 

src/router/Cargo.toml

@@ -24,7 +24,7 @@ brotli_compression = [
 	"tower-http/compression-br",
 ]
 direct_tls = [
-	"axum-server/tls-rustls",
+	"axum-server/tls-rustls-no-provider",
 	"dep:rustls",
 	"dep:axum-server-dual-protocol",
 ]

src/router/serve/tls.rs

@@ -13,7 +13,7 @@
 pub(super) async fn serve(
 	server: &Arc<Server>,
 	app: Router,
-	handle: ServerHandle,
+	handle: ServerHandle<SocketAddr>,
 	addrs: Vec<SocketAddr>,
 ) -> Result {
 	let tls = &server.config.tls;
@@ -24,13 +24,6 @@ pub(super) async fn serve(
 		.key
 		.as_ref()
 		.ok_or_else(|| err!(Config("tls.key", "Missing required value in tls config section")))?;
-
-	// we use ring for ruma and hashing state, but aws-lc-rs is the new default.
-	// without this, TLS mode will panic.
-	rustls::crypto::aws_lc_rs::default_provider()
-		.install_default()
-		.expect("failed to initialise aws-lc-rs rustls crypto provider");
-
 	info!(
 		"Note: It is strongly recommended that you use a reverse proxy instead of running \
 		 conduwuit directly with TLS."

src/service/Cargo.toml

@@ -33,9 +33,6 @@ gzip_compression = [
 	"conduwuit-core/gzip_compression",
 	"reqwest/gzip",
 ]
-http3 = [
-	"conduwuit-core/http3",
-]
 io_uring = [
 	"conduwuit-database/io_uring",
 ]