chore: Cleans up TLS dependencies #1519
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Looks good so far. Thanks for untangling some of that. |
tarikeshaq
force-pushed
the
tarikeshaq/clean-ssl
branch
from
14cc5b1 to
367b787
Compare
tarikeshaq
commented
Feb 9, 2024
| @@ -42,10 +41,6 @@ hostname = "0.3.1" | |||
| hawk = "5.0" | |||
| hmac = "0.12" | |||
| mime = "0.3" | |||
| reqwest = { workspace = true, features = [ | |||
There was a problem hiding this comment.
Looks like both reqwest and env_logger weren't being used by this crate, so I removed them while cleaning this up
| @@ -15,7 +15,7 @@ serde_json.workspace = true | |||
| async-trait = "0.1.40" | |||
| dyn-clone = "1.0.4" | |||
| pyo3 = { version = "0.20", features = ["auto-initialize"] } | |||
| reqwest = { workspace = true, features = ["json", "rustls-tls"] } | |||
There was a problem hiding this comment.
Since rust features are additive, and we specify the rustls feature in the workspace, there is no need to specify it here
jrconlin
approved these changes
Feb 13, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
We had a few places where we were importing native-tls (which pulls openssl in linux boxes) unintentionally. First was
reqwest, where we enable therustls-tlsfeature in a couple of places, but it was a no-op in one but since we did calluse_rustls_tlsin our tokenserver browserid verifier that used rustls properly. The second place was sentry, where even though we were using thecurlfeature, thetransportfeature is enabled by default, which pulls in request again, with thenative-tlsfeatureRegardless, having both rustls and native-tls in our dependency tree could be a future foot gun, so this PR removes native-tls (alternatively, we can go the route of removing rustls but we seem to have consciously chose that, where native-tls snuck in with
reqwestandsentry)What this PR does not touch, is
boring-sslthat is pulled in using grpc-io.One possible improvement we can make to this, that fits well with https://mozilla-hub.atlassian.net/browse/SYNC-4127 is to setup rust features, where we can support multiple tls backends... but I'm struggling to see the value from that (i.e why do we need to support multiple backends in a binary?)