google-cloud-rust icon indicating copy to clipboard operation
google-cloud-rust copied to clipboard
verified publisher icon googleapis

rustls feature for packages using reqwest

Open kevinji opened this issue 9 months ago • 3 comments

Thanks for stopping by to let us know something could be better!

PLEASE READ: If you have a support contract with Google, please create an issue in the support console instead of filing on GitHub. This will ensure a timely response.

Is your feature request related to a problem? Please describe. Currently, packages such as google-cloud-auth use reqwest with default features enabled, which pulls in openssl for any project using reqwest at all.

Describe the solution you'd like Add a feature to use reqwest with rustls instead of openssl.

Describe alternatives you've considered N/A

Additional context N/A

kevinji avatar Mar 18 '25 20:03 kevinji

Thanks for the bug report. It is obvious by now that we have not been controlling dependencies really well, and TLS dependencies in particular.

I believe if we used rustls with the default features we would bring aws-lc-sys as a dependency, which is a problem (see #1077). So we would need to depend on rustls without the default features and with ring as the provider.

Would that be problem for you?

I do not think we can fix this very quickly, we need to design a robust solution that works for most use-cases and a way to prevent regressions.

coryan avatar Mar 19 '25 19:03 coryan

That seems fine to me.

kevinji avatar Mar 19 '25 19:03 kevinji

AFAICT, the next release will not depend on aws-lc-sys by default, or openssl-sys either. We still need a way to prevent regressions on this.

coryan avatar May 14 '25 17:05 coryan