fix: Fix rustls setup for jsonrpsee clients (#2417)

## What ❔

`jsonrpsee` client expects `rustls` to use the default crypto provider,
but `rustls` cannot choose and panics if there are multiple providers
available. See [this
issue](rustls/rustls#1877) for more detail.
Recently `rustls` changed the default backend, so now some (older) of
crates use `ring` backend, while some (newer) use `aws-lc-rs`.
Until the issue is fixed on `jsonrpsee` side, we're making sure that the
provider is installed before we create any `jsonrpsee` client.

Added test used to fail before the change and passes now.

## Why ❔

Panics are bad.

## Checklist

<!-- Check your PR fulfills the following items. -->
<!-- For draft PRs check the boxes as you complete them. -->

- [ ] PR title corresponds to the body of PR (we generate changelog
entries from PRs).
- [ ] Tests for the changes have been added / updated.
- [ ] Documentation comments have been added / updated.
- [ ] Code has been formatted via `zk fmt` and `zk lint`.

Cargo.toml

@@ -150,6 +150,7 @@ reqwest = "0.12"
 rlp = "0.5"
 rocksdb = "0.21.0"
 rustc_version = "0.4.0"
+rustls = "0.23"
 secp256k1 = { version = "0.27.0", features = ["recovery", "global-context"] }
 secrecy = "0.8.0"
 semver = "1"

core/lib/eth_client/src/clients/http/query.rs

@@ -353,3 +353,18 @@ where
         Ok(block)
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use zksync_web3_decl::client::{Client, L1};
+
+    /// This test makes sure that we can instantiate a client with an HTTPS provider.
+    /// The need for this test was caused by feature collisions for `rustls` in our dependency graph,
+    /// which caused this test to panic.
+    #[tokio::test]
+    async fn test_https_provider() {
+        let url = "https://rpc.flashbots.net/";
+        let _client = Client::<L1>::http(url.parse().unwrap()).unwrap().build();
+        // No need to do anything; if the client was created and we didn't panic, we're good.
+    }
+}

core/lib/web3_decl/Cargo.toml

@@ -27,6 +27,7 @@ serde_json.workspace = true
 tokio = { workspace = true, features = ["time"] }
 tracing.workspace = true
 vise.workspace = true
+rustls.workspace = true
 
 [dev-dependencies]
 assert_matches.workspace = true

core/lib/web3_decl/src/client/mod.rs

@@ -46,6 +46,7 @@ mod boxed;
 mod metrics;
 mod mock;
 mod network;
+mod rustls;
 mod shared;
 #[cfg(test)]
 mod tests;
@@ -140,6 +141,8 @@ impl<Net: fmt::Debug, C: 'static> fmt::Debug for Client<Net, C> {
 impl<Net: Network> Client<Net> {
     /// Creates an HTTP-backed client.
     pub fn http(url: SensitiveUrl) -> anyhow::Result<ClientBuilder<Net>> {
+        crate::client::rustls::set_rustls_backend_if_required();
+
         let client = HttpClientBuilder::default().build(url.expose_str())?;
         Ok(ClientBuilder::new(client, url))
     }
@@ -150,6 +153,8 @@ impl<Net: Network> WsClient<Net> {
     pub async fn ws(
         url: SensitiveUrl,
     ) -> anyhow::Result<ClientBuilder<Net, Shared<ws_client::WsClient>>> {
+        crate::client::rustls::set_rustls_backend_if_required();
+
         let client = ws_client::WsClientBuilder::default()
             .build(url.expose_str())
             .await?;

core/lib/web3_decl/src/client/rustls.rs

@@ -0,0 +1,10 @@
+/// Makes sure that `rustls` crypto backend is set before we instantiate
+/// a `Web3` client. `jsonrpsee` doesn't explicitly set it, and when
+/// multiple crypto backends are enabled, `rustls` can't choose one and panics.
+/// See [this issue](https://github.com/rustls/rustls/issues/1877) for more detail.
+///
+/// The problem is on `jsonrpsee` side, but until it's fixed we have to patch it.
+pub(super) fn set_rustls_backend_if_required() {
+    // Function returns an error if the provider is already installed, and we're fine with it.
+    let _ = rustls::crypto::aws_lc_rs::default_provider().install_default();
+}