lang/rust: Replace OpenSSL system default truststore with a more generic one
AbandonedPublic
Actions

Authored by michaelo on Oct 30 2025, 9:47 PM.

Details

Reviewers

Group Reviewers

Summary

Previously, git2-rs was modified, but the actual issue lies in openssl-probe
which has been modified to accomondate FreeBSD system default truststore.
This change supersedes 078082660317490b1a2faf93ddce4b49c6b165dc.

Approved by: mikael (rust maintainer)
MFH: 2025Q4
Obtained from: https://github.com/alexcrichton/openssl-probe/pull/39

Diff Detail

Repository

R11 FreeBSD ports repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 68300
Build 65183: arc lint + arc unit

Event Timeline

michaelo created this revision.Oct 30 2025, 9:47 PM

Herald added a subscriber: ziaee. · View Herald TranscriptOct 30 2025, 9:47 PM

michaelo requested review of this revision.Oct 30 2025, 9:47 PM

Harbormaster completed remote builds in B68300: Diff 165505.Oct 30 2025, 9:47 PM

michaelo added a reviewer: rust.Oct 30 2025, 9:48 PM

michaelo edited the summary of this revision. (Show Details)Oct 30 2025, 9:51 PM

michaelo added a reviewer: vishwin.Oct 31 2025, 9:48 PM

@mikael Any opinion, objection?

@mikael Any objections? This has also been incorporated into devel/uv, upstream patch is in discussion.

I'm updating rust to 1.91.0, does it apply to this version ?

In D53489#1224730, @mikael wrote:

I'm updating rust to 1.91.0, does it apply to this version ?

Looking at your patch from PR 290816 there was no change in this regard, so it should, but let me apply our patch and then mine and let you know.

Both patches apply cleanly here.

There are 2 version of openssl-probe (openssl-probe-0.1.5/ openssl-probe-0.1.6), only 0.1.6 needs to be patched?

In D53489#1224804, @mikael wrote:

There are 2 version of openssl-probe (openssl-probe-0.1.5/ openssl-probe-0.1.6), only 0.1.6 needs to be patched?

Yes, that confused me upfront too, but it was the case as well with git2-rs. I have patched only the new version., built the thing, ran cargo against against a private crate registry and it worked.

I'll commit your patch prior to landing rust 1.91.0 (to not bump rust too frequently, people will get mad at me otherwise)
I'll drop the version in the file name (it's a pain to maintain in the long run) -> files/patch-vendor_openssl-probe_src_lib.rs

In D53489#1224813, @mikael wrote:

I'll commit your patch prior to landing rust 1.91.0 (to not bump rust too frequently, people will get mad at me otherwise)
I'll drop the version in the file name (it's a pain to maintain in the long run) -> files/patch-vendor_openssl-probe_src_lib.rs

This sounds perfectly reasonable. Thank you! Hopefully my patch gets absorbed upstream and with 0.1.7 the problem will be gone.

It's not possible to mfh it, rust is at 1.89.0 in Q4.
It's probably possible to do a direct commit in Q4 but I've never done that. Feel free to do it if you think Q4 needs this patch.

In D53489#1225670, @mikael wrote:

It's not possible to mfh it, rust is at 1.89.0 in Q4.
It's probably possible to do a direct commit in Q4 but I've never done that. Feel free to do it if you think Q4 needs this patch.

Backport isn't required since the old patch will do fine util end of the quarter. The old patch is specific, this one is general, but the output is the same from user's PoV.

Manually applied by maintainer.