[PR #2005] [MERGED] Add `webpki-roots` and `native-certs` crate features, take 2 #2754

New issue

Closed

opened 2026-03-16 11:06:17 +03:00 by kerem · 0 comments

kerem commented

2026-03-16 11:06:17 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/2005
Author: @daxpedda
Created: 8/22/2023
Status: ✅ Merged
Merged: 8/31/2023
Merged by: @bluejekyll

Base: main ← Head: native-certs-2

📝 Commits (5)

9b75752 Remove unused rustls-webpki dependency
1f96206 Add webpki-roots and native-certs features
abf0079 Fold error into DnsExchangeConnect Future
9047e08 Use required-features for examples
4287043 Fix CI

📊 Changes

27 files changed (+275 additions, -120 deletions)

View changed files

📝 Cargo.lock (+15 -3)
📝 Cargo.toml (+2 -2)
📝 crates/client/Cargo.toml (+3 -1)
📝 crates/proto/Cargo.toml (+6 -4)
📝 crates/proto/src/error.rs (+7 -0)
📝 crates/proto/src/https/https_client_stream.rs (+28 -6)
📝 crates/proto/src/quic/mod.rs (+1 -1)
📝 crates/proto/src/quic/quic_client_stream.rs (+41 -13)
📝 crates/proto/src/rr/rr_set.rs (+1 -1)
📝 crates/proto/src/serialize/txt/parse_rdata.rs (+5 -5)
📝 crates/proto/src/xfer/dns_exchange.rs (+12 -0)
📝 crates/resolver/Cargo.toml (+21 -1)
📝 crates/resolver/examples/custom_provider.rs (+7 -7)
📝 crates/resolver/examples/flush_cache.rs (+0 -8)
📝 crates/resolver/examples/global_resolver.rs (+0 -13)
📝 crates/resolver/examples/multithreaded_runtime.rs (+0 -6)
📝 crates/resolver/src/caching_client.rs (+2 -2)
📝 crates/resolver/src/config.rs (+2 -0)
📝 crates/resolver/src/https.rs (+17 -8)
📝 crates/resolver/src/quic.rs (+16 -8)

...and 7 more files

📄 Description

This splits the changes from #1943 into two parts. This is the first part, only introducing loading the native certificates. The changes are basically only touching the code that was loading certificates from webpki-roots and introducing the new crate features.

I could split this up further into trust-dns-proto and trust-dns-resolver?

This implementation has the big downside that trust-dns-resolver will attempt to load the native certificates only once and save the Result in a Lazy. So there currently no way for the user to re-attempt or reload the native certificates. This will be addressed in the second part.

Replaces #1943.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/2005 **Author:** [@daxpedda](https://github.com/daxpedda) **Created:** 8/22/2023 **Status:** ✅ Merged **Merged:** 8/31/2023 **Merged by:** [@bluejekyll](https://github.com/bluejekyll) **Base:** `main` ← **Head:** `native-certs-2` --- ### 📝 Commits (5) - [`9b75752`](https://github.com/hickory-dns/hickory-dns/commit/9b75752bc58fe2b41387bbe4f0ab964cff4d06ec) Remove unused `rustls-webpki` dependency - [`1f96206`](https://github.com/hickory-dns/hickory-dns/commit/1f96206d0ac5d39a174a181baea8118dc4c8137d) Add `webpki-roots` and `native-certs` features - [`abf0079`](https://github.com/hickory-dns/hickory-dns/commit/abf0079b8ba575d7755eceb5ab61c8348af97d46) Fold error into `DnsExchangeConnect` `Future` - [`9047e08`](https://github.com/hickory-dns/hickory-dns/commit/9047e088b6f156bdf3c08f0484d659981f09c103) Use `required-features` for examples - [`4287043`](https://github.com/hickory-dns/hickory-dns/commit/4287043c4357bf5fa4a1864d217ee8af3bd0909f) Fix CI ### 📊 Changes **27 files changed** (+275 additions, -120 deletions) <details> <summary>View changed files</summary> 📝 `Cargo.lock` (+15 -3) 📝 `Cargo.toml` (+2 -2) 📝 `crates/client/Cargo.toml` (+3 -1) 📝 `crates/proto/Cargo.toml` (+6 -4) 📝 `crates/proto/src/error.rs` (+7 -0) 📝 `crates/proto/src/https/https_client_stream.rs` (+28 -6) 📝 `crates/proto/src/quic/mod.rs` (+1 -1) 📝 `crates/proto/src/quic/quic_client_stream.rs` (+41 -13) 📝 `crates/proto/src/rr/rr_set.rs` (+1 -1) 📝 `crates/proto/src/serialize/txt/parse_rdata.rs` (+5 -5) 📝 `crates/proto/src/xfer/dns_exchange.rs` (+12 -0) 📝 `crates/resolver/Cargo.toml` (+21 -1) 📝 `crates/resolver/examples/custom_provider.rs` (+7 -7) 📝 `crates/resolver/examples/flush_cache.rs` (+0 -8) 📝 `crates/resolver/examples/global_resolver.rs` (+0 -13) 📝 `crates/resolver/examples/multithreaded_runtime.rs` (+0 -6) 📝 `crates/resolver/src/caching_client.rs` (+2 -2) 📝 `crates/resolver/src/config.rs` (+2 -0) 📝 `crates/resolver/src/https.rs` (+17 -8) 📝 `crates/resolver/src/quic.rs` (+16 -8) _...and 7 more files_ </details> ### 📄 Description This splits the changes from #1943 into two parts. This is the first part, only introducing loading the native certificates. The changes are basically only touching the code that was loading certificates from `webpki-roots` and introducing the new crate features. I could split this up further into `trust-dns-proto` and `trust-dns-resolver`? This implementation has the big downside that `trust-dns-resolver` will attempt to load the native certificates only once and save the `Result` in a `Lazy`. So there currently no way for the user to re-attempt or reload the native certificates. This will be addressed in the second part. Replaces #1943. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>