0.23.0 tls feature relies on rustls-platform-verifier, bringing other unwanted dependencies

[oleonardolima]

In 0.23.0 the new tls feature brings all: ["tokio-rustls", "rustls-pki-types", "rustls-platform-verifier", "rustls"], which ends up bringing rustls-native-certs, and then openssl-probe. Even when using CertificateStore::Custom it's still requires tls feature, which will require rustls-platform-verifier.

Please let me know if missed something, but is there a way to still use tls without depending completely on rustls-platform-verifier ?

[niklasad1]

hmm, lemme a have look.

You are correct, we need another feature for rust-platform-verifier...

[oleonardolima]

@niklasad1 I'm taking a stab at this, what I'm currently thinking is having only two features:

• tls allowing tls usage through a custom certificate store
• rustls-platform-verifier allowing tls usage with the default rustls-platform-verifier

At least those two are the only ones I have in need right, only having an option to not rely on the rustls-platform-verifier, while still allowing the tls flow.

Please let me know if you had others in mind.

[niklasad1]

Yeah I think the following would be good:

• tls: depend only on rustls
• tls-rustls-platform-verifier: default and depends both on rustls and rustls-platform-verifier

[oleonardolima]

Yeah I think the following would be good:

• tls: depend only on rustls
• tls-rustls-platform-verifier: default and depends both on rustls and rustls-platform-verifier

@niklasad1 I did an initial approach here: #1419, please let me know what you think.