Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove OpenSSL Requirement #1056

Closed
mccormickt opened this issue Dec 6, 2024 · 1 comment · Fixed by #1058
Closed

Remove OpenSSL Requirement #1056

mccormickt opened this issue Dec 6, 2024 · 1 comment · Fixed by #1058
Milestone
0.14.0

Comments

@mccormickt
Copy link
Contributor

Description

The addition of the reqwest dependency in #1000 brings in openssl / openssl-sys dependencies with its default features. It would be great if we could modify this dependency to disable default features, utilize the rusttls-tls feature instead of default-tls, and enable the other required default features.

To Reproduce

Please outline the steps to replicate the bug, and if possible, provide a comprehensive code example consisting of both main.rs and Cargo.toml files. A complete and functional code snippet would be highly appreciated.

Expected Behavior

No dependencies on the host's openssl installation.

Environment:

Additional Context

Building loco into minimal container images or the like works best with just rustls and not having to install openssl.

Also, cargo-deny's deny.toml could be used in the future to explicitly audit for openssl dependencies.
deny = [{ name = "openssl" }, { name = "openssl-sys" }]
@jondot
Copy link
Contributor

jondot commented Dec 6, 2024

thanks! yes, happy to accept a PR for this

@jondot jondot added this to the 0.14.0 milestone Dec 6, 2024
@mccormickt mccormickt mentioned this issue Dec 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.14.0
Development

Successfully merging a pull request may close this issue.

chore(deps): use reqwest with rustls rather than openssl mccormickt/loco
2 participants
@jondot @mccormickt