cloudflare / cloudflare-rs

Rust library for the Cloudflare v4 API
255 stars 79 forks source link

Missing support for reqwest's rustls roots features #228

Open fspreiss opened 11 months ago

fspreiss commented 11 months ago

cloudflare's reqwest dependency offers various optional features to control which root certificates are used by reqwest. While some features such as default-tls and rustls-tls have corresponding features in cloudflare's Cargo.toml, the more fine-grained rustls-tls-native-roots (and rustls-tls-webpki-roots) are currently not supported.

This is problematic in projects that want to use Rustls with (only) the native roots and have cloudflare as dependency because the rustls-tls feature actually resolves to rustls-tls-webpki-roots.

Even more so, if a project uses cloudflare as dependency with the rustls-tls feature (which, as mentioned, resolves to rustls-tls-webpki-roots) and itself uses reqwest with the rustls-tls-native-roots feature, reqwest will actually use the root certificates from both sources with Rustls because of how Cargo's feature unification works where the union of all enabled features is used on that dependency when building it.