[Rust Frontend] Switch rustls to native-tls/OpenSSL#46696
Conversation
Signed-off-by: Bugen Zhao <i@bugenzhao.com>
Signed-off-by: Bugen Zhao <i@bugenzhao.com>
Signed-off-by: Bugen Zhao <i@bugenzhao.com>
rustls to native-tls/OpenSSLrustls to native-tls/OpenSSL
Signed-off-by: Bugen Zhao <i@bugenzhao.com>
Signed-off-by: Bugen Zhao <i@bugenzhao.com>
There was a problem hiding this comment.
Claude Code Review
This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.
Tip: disable this comment in your organization's Code Review settings.
|
IIUC this creates a dependency on |
Good point. OpenSSL already exists in the dependency tree before this PR, so this PR is just a clean-up to avoid both crypto backends appear simultaneously. Regarding wheels/images, for portability, we always enable the Lines 20 to 27 in 1ab5950 nit: |
Signed-off-by: Bugen Zhao <i@bugenzhao.com>
|
@codex review |
|
Yep, totally fine to vendor by default so long as there is the option to link against the system OpenSSL. Thanks for this @BugenZhao! |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c53774d466
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Signed-off-by: Bugen Zhao <i@bugenzhao.com>
…#46696) Signed-off-by: Bugen Zhao <i@bugenzhao.com>
Signed-off-by: Bugen Zhao i@bugenzhao.com
Purpose
Related discussions:
Eliminate
rustlsfrom the Rust frontend dependency tree and keep the HTTP/TLS stack onnative-tls/ OpenSSL, which is friendlier for compliance-sensitive deployments.Also adds a
cargo-denybans check for the crypto provider crates we want to keep out of the Rust frontend dependency graph into CI to avoid future regression.The deny-list approach follows the same style as TiKV's dependency policy checks, with a small atomic provider list instead of banning every wrapper crate:
rustlsringaws-lc-rsaws-lc-syss2n-tlss2n-tls-sysboringboring-sysReference: tikv/tikv#16352
Test Plan
Test Result
./.buildkite/scripts/run-rust-frontend-cargo-ci.sh style-clippypasses locally, including:cargo deny --manifest-path rust/Cargo.toml check --config rust/deny.toml banspasses:The denied provider crates are absent from the dependency tree:
Essential Elements of an Effective PR Description Checklist
supported_models.mdandexamplesfor a new model.