A frequent issue for new users getting started with Rojo has been version mismatches with this dependency (https://github.com/rojo-rbx/rojo/issues/585), and Rojo has made experimental releases in the past (v7.2.1-static-openssl) that improved on but have not fully solved this issue.
Other tools such as Wally also depend on libssl, but depend on a different version, leading to users having issues installing either one or the other, or globally installing multiple openssl versions just to be able to use ecosystem tooling, which is heavily discouraged for security reasons.
I propose that Rojo migrate to using Rustls to resolve these building & distribution issues. This is a Rust-native dependency that would resolve all of the abovementioned issues, and has a near-flawless security record, while OpenSSL does not.
Currently, Rojo depends on
reqwest, which in turn depends onlibssl(OpenSSL) for theRojo uploadcommand: https://github.com/rojo-rbx/rojo/blob/8ff064fe28a5acd4db3c411f8912ee53bbea7090/src/cli/upload.rs#L7-L10A frequent issue for new users getting started with Rojo has been version mismatches with this dependency (https://github.com/rojo-rbx/rojo/issues/585), and Rojo has made experimental releases in the past (v7.2.1-static-openssl) that improved on but have not fully solved this issue.
Other tools such as Wally also depend on
libssl, but depend on a different version, leading to users having issues installing either one or the other, or globally installing multiple openssl versions just to be able to use ecosystem tooling, which is heavily discouraged for security reasons.I propose that Rojo migrate to using Rustls to resolve these building & distribution issues. This is a Rust-native dependency that would resolve all of the abovementioned issues, and has a near-flawless security record, while OpenSSL does not.