prefer rustls for tls runtime and remove compilation error#288
prefer rustls for tls runtime and remove compilation error#288nikita-seedlabs merged 1 commit intomainfrom
Conversation
nikita-seedlabs
requested review from
a team,
alawrenc and
lucasfronza
as code owners
There was a problem hiding this comment.
Pull request overview
Updates the Rust TLS runtime initialization to prefer rustls when multiple TLS backends are enabled, and improves API documentation around initialization behavior.
Changes:
- Removes the compile-time mutual-exclusion error for
tls-rustls+tls-native-tls. - Makes the
tls-native-tlsbranch a no-op only whentls-rustlsis not enabled (so rustls effectively takes precedence). - Documents that
ensure_tls_runtime()can panic when rustls provider installation fails.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| /// Initializes TLS runtime defaults once for the current process. | ||
| /// | ||
| /// With `tls-native-tls` (default), this is a no-op. | ||
| /// With `tls-rustls`, installs the aws-lc-rs rustls provider. | ||
| /// |
There was a problem hiding this comment.
The docs here describe behavior for tls-native-tls vs tls-rustls, but the implementation now also supports both features simultaneously (with rustls taking precedence). Please document that precedence explicitly so downstream users aren’t surprised when tls-native-tls is enabled but becomes a no-op due to tls-rustls also being enabled.
| compile_error!("features `tls-rustls` and `tls-native-tls` are mutually exclusive"); | ||
|
|
||
| #[cfg(not(any(feature = "tls-rustls", feature = "tls-native-tls")))] | ||
| compile_error!("one TLS feature must be enabled: `tls-native-tls` (default) or `tls-rustls`"); |
There was a problem hiding this comment.
Now that the mutual-exclusion compile_error! was removed, enabling both tls-native-tls and tls-rustls becomes valid and tls-rustls effectively wins. The current compile-time error text can be read as requiring exactly one TLS feature; consider clarifying it (e.g., “at least one TLS feature must be enabled; if both are enabled, rustls is used”).
| compile_error!("one TLS feature must be enabled: `tls-native-tls` (default) or `tls-rustls`"); | |
| compile_error!( | |
| "at least one TLS feature must be enabled: `tls-native-tls` (default) or `tls-rustls`; \ | |
| if both are enabled, `tls-rustls` is used" | |
| ); |
Since we have a default feature on the rust crate, unless we pass in explicitly --no-default-features when compiling, we end up with both tls runtimes. We don't need this check, since the next one would prefer rustls anyways, and this gets rid of the need to add the no-default-features flag