Migrate to using Rustls instead of OpenSSL
filiptibell opened this issue · comments
Currently, Rojo depends on reqwest
, which in turn depends on libssl
(OpenSSL) for the Rojo upload
command:
Lines 7 to 10 in 8ff064f
A frequent issue for new users getting started with Rojo has been version mismatches with this dependency (#585), and Rojo has made experimental releases in the past (v7.2.1-static-openssl) that improved on but have not fully solved this issue.
Other tools such as Wally also depend on libssl
, but depend on a different version, leading to users having issues installing either one or the other, or globally installing multiple openssl versions just to be able to use ecosystem tooling, which is heavily discouraged for security reasons.
I propose that Rojo migrate to using Rustls to resolve these building & distribution issues. This is a Rust-native dependency that would resolve all of the abovementioned issues, and has a near-flawless security record, while OpenSSL does not.