Skip to content

Commit ee359db

Browse files
fix: remove reqwest-rustls-webpki-roots (#3524)
Co-authored-by: Cijo Thomas <cijo.thomas@gmail.com>
1 parent 4d4fd4d commit ee359db

5 files changed

Lines changed: 29 additions & 5 deletions

File tree

opentelemetry-http/CHANGELOG.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,13 @@
22

33
## vNext
44

5+
- **Breaking** Removed `reqwest-rustls-webpki-roots` feature. The `webpki-roots` cargo feature was
6+
removed from `reqwest` in v0.13.0. Use `reqwest-rustls` instead, which now correctly enables
7+
`reqwest/rustls` (platform native trust roots). To use Mozilla's embedded CA bundle, construct a
8+
custom `reqwest::Client` with a `rustls::ClientConfig` containing
9+
`rustls::RootCertStore::from_iter(webpki_roots::TLS_SERVER_ROOTS.iter().cloned())`, then supply it
10+
to the exporter with `with_http_client()`.
11+
512
## 0.32.0
613

714
Released 2026-May-08

opentelemetry-http/Cargo.toml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,7 @@ default = ["internal-logs"]
1515
hyper = ["dep:http-body-util", "dep:hyper", "dep:hyper-util", "dep:tokio"]
1616
reqwest = ["dep:reqwest"]
1717
reqwest-blocking = ["dep:reqwest", "reqwest/blocking"]
18-
reqwest-rustls = ["dep:reqwest", "reqwest/default-tls"]
19-
reqwest-rustls-webpki-roots = ["dep:reqwest", "reqwest/default-tls", "reqwest/webpki-roots"]
18+
reqwest-rustls = ["dep:reqwest", "reqwest/rustls"]
2019
internal-logs = ["opentelemetry/internal-logs"]
2120

2221
[dependencies]

opentelemetry-otlp/CHANGELOG.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,22 @@
1212
Endpoints with an explicit scheme (e.g., `http://`, `https://`, `unix://`) are unaffected.
1313
[#774](https://github.com/open-telemetry/opentelemetry-rust/issues/774)
1414
[#984](https://github.com/open-telemetry/opentelemetry-rust/issues/984)
15+
- **Breaking** Removed `reqwest-rustls-webpki-roots` feature. The `webpki-roots` cargo feature was
16+
removed from `reqwest` in v0.13.0, making this feature broken for anyone resolving `reqwest >= 0.13.0`.
17+
**Migration**: Use `reqwest-rustls` instead (now correctly uses `reqwest/rustls` with platform native
18+
trust roots). If you specifically need Mozilla's embedded CA bundle, construct a custom client:
19+
```rust
20+
let root_store = rustls::RootCertStore::from_iter(
21+
webpki_roots::TLS_SERVER_ROOTS.iter().cloned(),
22+
);
23+
let tls_config = rustls::ClientConfig::builder()
24+
.with_root_certificates(root_store)
25+
.with_no_client_auth();
26+
let client = reqwest::Client::builder()
27+
.tls_backend_preconfigured(tls_config)
28+
.build()?;
29+
exporter_builder.with_http_client(client)
30+
```
1531

1632
## 0.32.0
1733

opentelemetry-otlp/Cargo.toml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -115,7 +115,6 @@ hyper-client = ["opentelemetry-http/hyper"]
115115
# TLS options for reqwest-based HTTP clients, both blocking and async. Combine
116116
# these with either reqwest-blocking-client or reqwest-client.
117117
reqwest-rustls = ["reqwest", "opentelemetry-http/reqwest-rustls"]
118-
reqwest-rustls-webpki-roots = ["reqwest", "opentelemetry-http/reqwest-rustls-webpki-roots"]
119118

120119
# test
121120
integration-testing = ["tonic", "prost", "tokio/full", "trace", "logs"]

opentelemetry-otlp/src/lib.rs

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -293,8 +293,11 @@
293293
//! * `reqwest-blocking-client`: Use reqwest blocking http client. This feature is enabled by default.
294294
//! * `reqwest-client`: Use reqwest async http client.
295295
//! * `hyper-client`: Use hyper async http client.
296-
//! * `reqwest-rustls`: Use reqwest with TLS with system trust roots via `rustls-native-certs` crate.
297-
//! * `reqwest-rustls-webpki-roots`: Use reqwest with TLS with Mozilla's trust roots via `webpki-roots` crate.
296+
//! * `reqwest-rustls`: Use reqwest with TLS. Uses `rustls` with the platform's native trust roots by default.
297+
//! If you need Mozilla's embedded CA bundle (webpki-roots), build a custom `reqwest::Client` with
298+
//! a `rustls::ClientConfig` containing
299+
//! `rustls::RootCertStore::from_iter(webpki_roots::TLS_SERVER_ROOTS.iter().cloned())`, then pass it
300+
//! via `with_http_client()`.
298301
//!
299302
//! The following feature flags enable experimental retry support:
300303
//!

0 commit comments

Comments
 (0)