Skip to content

wxdragon-sys: switch reqwest TLS from rustls to native-tls#154

Merged
AllenDang merged 1 commit into
AllenDang:mainfrom
LeonarddeR:nativeTls
Jun 10, 2026
Merged

wxdragon-sys: switch reqwest TLS from rustls to native-tls#154
AllenDang merged 1 commit into
AllenDang:mainfrom
LeonarddeR:nativeTls

Conversation

@LeonarddeR

@LeonarddeR LeonarddeR commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Summary

Fixes #153.

wxdragon-sys uses reqwest as a build dependency to download the wxWidgets zip archive during the initial build. The previous configuration used rustls, which pulls in aws-lc-sys and ring — both require CMake and C compilation, adding significant overhead to every fresh build.

This PR switches to native-tls, delegating TLS to the OS TLS stack on each platform:

  • Windows: SChannel (built-in, no extra deps)
  • macOS: Secure Transport (built-in, no extra deps)
  • Linux: OpenSSL — already required via libssl-dev since 74eb0d7 (WebKitGTK)

The socks feature is also dropped — proxy support for a fixed-URL download is unnecessary (HTTP proxy via git config http.proxy continues to work as before).

Impact

  • Removes ~42 transitive crates from the build graph, including aws-lc-sys, ring, quinn, rustls, and the full JNI/Android stack pulled in by rustls-platform-verifier
  • Eliminates two CMake-based C compilation steps on every fresh build
  • No behaviour change at runtime — the download is a one-time bootstrap operation
  • No regression in toolchain requirements on any platform

Change

# Before
reqwest = { version = "0.13.4", default-features = false, features = ["blocking", "rustls", "socks"] }

# After
reqwest = { version = "0.13.4", default-features = false, features = ["blocking", "native-tls"] }

🤖 Generated with Claude Code

@LeonarddeR @claude
wxdragon-sys: switch reqwest TLS from rustls to native-tls
3a34051 
Fixes AllenDang#153. Replaces the `rustls` + `socks` features on the reqwest
build dependency with `native-tls`, delegating TLS to the OS on each
platform. This eliminates two CMake-based C compilation steps
(aws-lc-sys, ring) and removes ~42 transitive crates from the build
graph.

On Linux, libssl-dev is already a documented build requirement since
74eb0d7 (WebKitGTK), so there is no regression in toolchain requirements.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@AllenDang AllenDang merged commit a71801e into AllenDang:main Jun 10, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

wxdragon-sys: switch build-time reqwest from rustls to native-tls to eliminate heavy crypto build dependencies

2 participants

@LeonarddeR @AllenDang