Skip to content

Remove vendored OpenSSL in favor of platform-native TLS #2840

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
AndyBodnar wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Remove vendored OpenSSL in favor of platform-native TLS #2840

AndyBodnar wants to merge 1 commit into from
+11 −10

Conversation

@AndyBodnar
Copy link

@AndyBodnar AndyBodnar commented Jan 10, 2026
edited
Loading

Summary

This PR removes the vendor-openssl feature and switches to platform-native TLS implementations:

  • Windows: Uses WinHTTP/Schannel (built-in, no additional setup needed)
  • macOS: Uses SecureTransport (built-in, no additional setup needed)
  • Linux: Uses system OpenSSL (requires libssl-dev or equivalent package)

Changes

  • Removed vendor-openssl feature from Cargo.toml and asyncgit/Cargo.toml
  • Removed openssl-sys dependency with vendored feature
  • Updated README.md build requirements to reflect the new TLS setup
  • Added comments explaining the platform-native TLS approach

Benefits

  • Eliminates the need to bundle OpenSSL with binaries
  • Reduces compilation complexity on Windows and macOS
  • Uses better-maintained platform security libraries where available
  • Linux users can use their system's OpenSSL which is typically already installed

Test plan

  • Verify build succeeds on Windows (uses WinHTTP)
  • Verify build succeeds on macOS (uses SecureTransport)
  • Verify build succeeds on Linux with system OpenSSL
  • Test HTTPS clone/push/fetch operations work correctly

Closes #2004

@AndyBodnar
Remove vendored OpenSSL in favor of platform-native TLS
4eef238 
Switch to using platform-native TLS implementations:
- Windows: WinHTTP/Schannel (built-in)
- macOS: SecureTransport (built-in)
- Linux: System OpenSSL (via package manager)

This removes the vendor-openssl feature and the openssl-sys dependency,
eliminating the need to bundle OpenSSL with the binary. Users on Windows
and macOS get TLS support out of the box, while Linux users need to have
OpenSSL development libraries installed (which is common on most systems).

Closes gitui-org#2004
@AndyBodnar AndyBodnar force-pushed the feature/replace-openssl-rustls branch from d6e98c0 to 4eef238 Compare January 10, 2026 19:47
@AndyBodnar AndyBodnar changed the title feat: replace openssl with rustls for TLS support Remove vendored OpenSSL in favor of platform-native TLS Jan 10, 2026
extrawurst
extrawurst reviewed Jan 10, 2026
View reviewed changes
asyncgit/Cargo.toml
"status",
] }
log = "0.4"
# git2 = { path = "../../extern/git2-rs", features = ["vendored-openssl"]}
Copy link
Collaborator

@extrawurst extrawurst Jan 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please only remove the relevant parts and leave the others

extrawurst
extrawurst reviewed Jan 10, 2026
View reviewed changes
asyncgit/Cargo.toml
dirs = "6.0"
easy-cast = "0.5"
fuzzy-matcher = "0.3"
# TLS is provided by platform-native libraries:
Copy link
Collaborator

@extrawurst extrawurst Jan 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is misplaced. lets remove and make sure all context is given in the readme section you edited

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@extrawurst extrawurst extrawurst left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Using rustls instead of openssl?

2 participants

@AndyBodnar @extrawurst