Closed KisaragiEffective closed 10 months ago
Run cargo update
.
rustls does support ARM macOS FYI.
Run
cargo update
(sorry for ping @sfackler ) No, it isn't a point. Please reopen this. dependabot has done same thing to my repo in this case, but I don't want to handle "vulnelability" that is not actually vulnerable due to not linked on any case, so I want it to not include them on dependency tree.
Hello maintainers,
First of all, thank you for maintaing this crate!
I've used this crate via reqwest in my applications.
I've been built them mostly with rustls-backend. However, it falls back for native-tls because ring (one of rustls dependency) does not build for M1 Mac yet.
According to docs.rs top, native-tls uses
security-framework
crate and does not depend onopenssl
crate.However, GitHub Security Advisory said my application is vulnerable because there's a path to
openssl
:I don't want to drop M1 mac support.
Proposed change
I'm not sure if this approach will work...
check_openssl
to default features__buildscript_enable_openssl
to features:__buildscript_enable_openssl = ["openssl", "openssl-sys", "openssl-probe"]
optional = true
std::env::var("CARGO_FEATURE_CHECK_OPENSSL")
existence andcfg(not(any(/* windows, mac, ios */)))
inbuild.rs
.println!(r#"cargo:rustc-cfg=feature="__buildscript_enable_openssl""#);
if all conditions are met.compile_error!("This target requires OpenSSL, but it is not enabled!");
tolib.rs
in case of it was actually necessary but is disabled by accidentally.How to enable/disable
no-default-features = true
on down-stream side. This disables check onbuild.rs
, soopenssl
should not appear in the dependency tree.