reopen 1013869
thanks.
the (to me, at least) relatively cryptic changelog entry
Sorry if the changelog wasn't clear. I was building a stack of patches
with the expectation that some of them would be removed later.
reqwest upstream offers several options for tls.
native-tls/default-tls (enabled by default): this uses the
rust-native-tls crates which on Linux systems means it uses openssl
rustls-tls-manual-roots: rustls with the application expected to supply
root certificates.
rustls-tls-webpki-roots/rustls-tls: rustls with roots from the
webpki-roots crate
rustls-rls-native-roots: rustls with roots from the operating system
certificate store.
Presently only the default/native tls option is supported by the Debian
package,
To enable rustls support with native or manual roots two crates which
are not in Debian, tokio-rustls and hyper-rustls. For tokio-rustls
Alexander Kjäll prepared a package, which I have just sponsored into
NEW. I don't see any evidence that anyone is working on hyper-rustls
however.
To enable rustls support with webpki roots it would additionally be
necessary to re-introduce the rust-webpki-roots package. I personally
would be very skeptical about reintroducing it though, having root
certificates hardcoded into application binaries is just not something
packages in Debian should be doing without an extremely good reason.
