fix(envoy-client): add tls

MasterPtato · MasterPtato · commit 084b772e36cc · 2026-04-12T15:54:32.000-07:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -135,7 +135,6 @@ members = [
   tokio-cron-scheduler = "0.13.0"
   tokio-native-tls = "0.3.1"
   tokio-stream = "0.1.15"
-  tokio-tungstenite = "0.26.0"
   tokio-util = "0.7"
   tower = "0.5"
   tracing = "0.1.40"
@@ -177,6 +176,10 @@ members = [
     [workspace.dependencies.pest]
     version = "2.7"
 
+    [workspace.dependencies.tokio-tungstenite]
+    version = "0.26.0"
+    features = ["rustls-tls-native-roots"]
+
     [workspace.dependencies.rocksdb]
     version = "0.24"
     features = [ "multi-threaded-cf" ]
@@ -490,9 +493,6 @@ members = [
     package = "rivet-util"
     path = "engine/packages/util"
 
-    [workspace.dependencies.rivet-util-serde]
-    path = "engine/packages/util-serde"
-
     [workspace.dependencies.rivet-util-id]
     path = "engine/packages/util-id"
 
diff --git a/engine/packages/guard/src/routing/pegboard_gateway/resolve_actor_query.rs b/engine/packages/guard/src/routing/pegboard_gateway/resolve_actor_query.rs
@@ -221,9 +221,7 @@ fn serialize_actor_key(key: &[String]) -> Result<String> {
 			continue;
 		}
 
-		let escaped = part
-			.replace('\\', "\\\\")
-			.replace(KEY_SEPARATOR, "\\/");
+		let escaped = part.replace('\\', "\\\\").replace(KEY_SEPARATOR, "\\/");
 		escaped_parts.push(escaped);
 	}
 
diff --git a/engine/packages/pegboard-envoy/src/conn.rs b/engine/packages/pegboard-envoy/src/conn.rs
@@ -264,7 +264,8 @@ pub async fn handle_init(
 				// Update the pool's protocol version. This is required for serverful pools because normally
 				// the pool's protocol version is updated via the metadata_poller wf but that only runs for
 				// serverless pools.
-				tx.write(
+				let ns_tx = tx.with_subspace(namespace::keys::subspace());
+				ns_tx.write(
 					&pegboard::keys::runner_config::ProtocolVersionKey::new(
 						namespace_id,
 						pool_name.clone(),
diff --git a/engine/packages/pegboard/src/keys/runner_config.rs b/engine/packages/pegboard/src/keys/runner_config.rs
@@ -244,18 +244,18 @@ impl TuplePack for ProtocolVersionKey {
 			RUNNER,
 			CONFIG,
 			DATA,
-			PROTOCOL_VERSION,
 			self.namespace_id,
 			&self.name,
+			PROTOCOL_VERSION,
 		);
 		t.pack(w, tuple_depth)
 	}
 }
 
 impl<'de> TupleUnpack<'de> for ProtocolVersionKey {
 	fn unpack(input: &[u8], tuple_depth: TupleDepth) -> PackResult<(&[u8], Self)> {
-		let (input, (_, _, _, _, namespace_id, name)) =
-			<(usize, usize, usize, usize, Id, String)>::unpack(input, tuple_depth)?;
+		let (input, (_, _, _, namespace_id, name, _)) =
+			<(usize, usize, usize, Id, String, usize)>::unpack(input, tuple_depth)?;
 
 		let v = ProtocolVersionKey { namespace_id, name };
 
diff --git a/engine/sdks/rust/envoy-client/Cargo.toml b/engine/sdks/rust/envoy-client/Cargo.toml
@@ -12,6 +12,7 @@ hex.workspace = true
 rand.workspace = true
 rivet-envoy-protocol.workspace = true
 rivet-util-serde.workspace = true
+rustls.workspace = true
 scc.workspace = true
 serde.workspace = true
 serde_bare.workspace = true
diff --git a/engine/sdks/rust/envoy-client/src/connection.rs b/engine/sdks/rust/envoy-client/src/connection.rs
@@ -81,6 +81,12 @@ async fn single_connection(
 		p
 	};
 
+	// Initialize with a default CryptoProvider for rustls
+	let provider = rustls::crypto::ring::default_provider();
+	if provider.install_default().is_err() {
+		tracing::debug!("crypto provider already installed in this process");
+	}
+
 	let request = tungstenite::http::Request::builder()
 		.uri(&url)
 		.header("Sec-WebSocket-Protocol", protocols.join(", "))

Original file line number	Diff line number	Diff line change
`@@ -221,9 +221,7 @@ fn serialize_actor_key(key: &[String]) -> Result<String> {`
`221`	`221`	`continue;`
`222`	`222`	`}`
`223`	`223`
`224`		`- let escaped = part`
`225`		`- .replace('\\', "\\\\")`
`226`		`- .replace(KEY_SEPARATOR, "\\/");`
	`224`	`+ let escaped = part.replace('\\', "\\\\").replace(KEY_SEPARATOR, "\\/");`
`227`	`225`	`escaped_parts.push(escaped);`
`228`	`226`	`}`
`229`	`227`