Skip to content

Commit 0e0729d

Browse files
duncanistaduncanista
committed
fix(crypto): gate libdd-common TLS features in obfuscation and capabilities-impl
libdd-trace-obfuscation and libdd-capabilities-impl depended on libdd-common with default features enabled, which unconditionally pulled in the https feature (and therefore ring). This breaks FIPS builds in downstream consumers because ring is forbidden. Add default-features = false on the libdd-common dependency and expose https/fips feature flags so downstream consumers can propagate the correct crypto provider choice, matching the pattern already used by libdd-trace-utils.
1 parent d60d0a4 commit 0e0729d

3 files changed

Lines changed: 16 additions & 6 deletions

File tree

libdd-capabilities-impl/Cargo.toml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,4 +19,9 @@ bench = false
1919
bytes = "1"
2020
http = "1"
2121
libdd-capabilities = { path = "../libdd-capabilities", version = "0.1.0" }
22-
libdd-common = { path = "../libdd-common", version = "3.0.2" }
22+
libdd-common = { path = "../libdd-common", version = "3.0.2", default-features = false }
23+
24+
[features]
25+
default = ["https"]
26+
https = ["libdd-common/https"]
27+
fips = ["libdd-common/fips"]

libdd-trace-obfuscation/Cargo.toml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,13 @@ percent-encoding = "2.1"
1818
log = "0.4"
1919
fluent-uri = "0.4.1"
2020
libdd-trace-protobuf = { version = "3.0.1", path = "../libdd-trace-protobuf" }
21-
libdd-trace-utils = { version = "3.0.1", path = "../libdd-trace-utils" }
22-
libdd-common = { version = "3.0.2", path = "../libdd-common" }
21+
libdd-trace-utils = { version = "3.0.1", path = "../libdd-trace-utils", default-features = false }
22+
libdd-common = { version = "3.0.2", path = "../libdd-common", default-features = false }
23+
24+
[features]
25+
default = ["https"]
26+
https = ["libdd-common/https", "libdd-trace-utils/https"]
27+
fips = ["libdd-common/fips", "libdd-trace-utils/fips"]
2328

2429
[dev-dependencies]
2530
duplicate = "0.4.1"

libdd-trace-utils/Cargo.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ urlencoding = { version = "2.1.3", optional = true }
5959

6060
[target.'cfg(not(target_arch = "wasm32"))'.dependencies]
6161
tokio = { version = "1", features = ["time", "rt-multi-thread"] }
62-
libdd-capabilities-impl = { version = "0.1.0", path = "../libdd-capabilities-impl" }
62+
libdd-capabilities-impl = { version = "0.1.0", path = "../libdd-capabilities-impl", default-features = false }
6363

6464
[target.'cfg(target_arch = "wasm32")'.dependencies]
6565
getrandom = { version = "0.2", features = ["js"] }
@@ -76,7 +76,7 @@ tempfile = "3.3.0"
7676

7777
[features]
7878
default = ["https"]
79-
https = ["libdd-common/https"]
79+
https = ["libdd-common/https", "libdd-capabilities-impl/https"]
8080
mini_agent = ["compression", "libdd-common/use_webpki_roots"]
8181
test-utils = [
8282
"hyper/server",
@@ -87,4 +87,4 @@ test-utils = [
8787
]
8888
compression = ["zstd", "flate2"]
8989
# FIPS mode uses the FIPS-compliant cryptographic provider (Unix only)
90-
fips = ["libdd-common/fips"]
90+
fips = ["libdd-common/fips", "libdd-capabilities-impl/fips"]

0 commit comments

Comments
 (0)