[Pkg-rust-maintainers] Bug#1013869: rust-reqwest: feature rustls-tls has disappeared

[Peter Michael Green]

reopen 1013869
thanks.

> the (to me, at least) relatively cryptic changelog entry
Sorry if the changelog wasn't clear. I was building a stack of patches
with the expectation that some of them would be removed later.

reqwest upstream offers several options for tls.

native-tls/default-tls (enabled by default): this uses the 
rust-native-tls crates which on Linux systems means it uses openssl
rustls-tls-manual-roots: rustls with the application expected to supply 
root certificates.
rustls-tls-webpki-roots/rustls-tls: rustls with roots from the 
webpki-roots crate
rustls-rls-native-roots: rustls with roots from the operating system 
certificate store.

Presently only the default/native tls option is supported by the Debian 
package,

To enable rustls support with native or manual roots two crates which 
are not in Debian, tokio-rustls and hyper-rustls. For tokio-rustls 
Alexander Kjäll prepared a package, which I have just sponsored into 
NEW. I don't see any evidence that anyone is working on hyper-rustls 
however.

To enable rustls support with webpki roots it would additionally be 
necessary to re-introduce the rust-webpki-roots package. I personally 
would be very skeptical about reintroducing it though, having root 
certificates hardcoded into application binaries is just not something 
packages in Debian should be doing without an extremely good reason.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/attachments/20220626/86e93213/attachment.htm>