fireflyprotocol · nikita-seedlabs · Mar 24, 2026 · Mar 24, 2026 · Copilot · Mar 24, 2026
@@ -2,16 +2,18 @@ use std::sync::Once;
 
 static TLS_INIT: Once = Once::new();
 
-#[cfg(all(feature = "tls-rustls", feature = "tls-native-tls"))]
-compile_error!("features `tls-rustls` and `tls-native-tls` are mutually exclusive");
-
 #[cfg(not(any(feature = "tls-rustls", feature = "tls-native-tls")))]
 compile_error!("one TLS feature must be enabled: `tls-native-tls` (default) or `tls-rustls`");
-compile_error!("one TLS feature must be enabled: `tls-native-tls` (default) or `tls-rustls`");
+compile_error!(
+    "at least one TLS feature must be enabled: `tls-native-tls` (default) or `tls-rustls`; \
+     if both are enabled, `tls-rustls` is used"
+);
-compile_error!("one TLS feature must be enabled: `tls-native-tls` (default) or `tls-rustls`");
+compile_error!(
+    "at least one TLS feature must be enabled: `tls-native-tls` (default) or `tls-rustls`; \
+     if both are enabled, `tls-rustls` is used"
+);
 
 /// Initializes TLS runtime defaults once for the current process.
 ///
 /// With `tls-native-tls` (default), this is a no-op.
 /// With `tls-rustls`, installs the aws-lc-rs rustls provider.
+///
+/// # Panics
+///
+/// Panics if the `tls-rustls` feature is enabled and the aws-lc-rs
+/// crypto provider fails to install.
 pub fn ensure_tls_runtime() {
     TLS_INIT.call_once(|| {
         #[cfg(feature = "tls-rustls")]
@@ -23,7 +25,7 @@ pub fn ensure_tls_runtime() {
             }
         }
 
-        #[cfg(feature = "tls-native-tls")]
+        #[cfg(all(feature = "tls-native-tls", not(feature = "tls-rustls")))]
         {}
     });
 }