Add --native-tls flag

[blyxxyz]

• Enable feature by default on macOS and Windows (?)
  • Test to make sure releases still work
• Support DER certificates
• Add tests
  • Run native-tls tests in CI on platforms where that doesn't give issues
• Add --debug flag
• Automatically switch the backend in certain cases?
  • Do we offer a way to still force rustls? A --rustls flag?
• Support for compiling without rustls, if the --cert flag is already partially conditional?
  • Support for compiling without TLS support?
• Add warning for (or fix) Client seems to ignore additional root certificates with default_tls/native_tls seanmonstar/reqwest#1260
  • Check for similar issues

See #136

[ducaale]

Enable feature by default on macOS and Windows (?)

Is this because native-tls doesn't use OpenSSL in these platforms? my only worry is that it could become harder to document when native-tls is used vs rustls. Or maybe this is all an implementation detail and users shouldn't worry about which tls backend is being used behind the scenes?

By the way, is there a way to mark these tls flags as, for the lack of a better word, "unstable"? because reqwest could hypothetically decide to deprecate one of the backends.

[blyxxyz]

I meant the cargo feature, not the runtime feature. It'd still use rustls by default, but it'd also compile with native-tls support since (AFAIK) it's stable enough to not hurt portability.

reqwest could hypothetically decide to deprecate one of the backends

In principle they can do anything, but is there a reason to expect that?

[ducaale]

I meant the cargo feature, not the runtime feature. It'd still use rustls by default, but it'd also compile with native-tls support since (AFAIK) it's stable enough to not hurt portability.

Ah, so you mean something like this?

[target.'cfg(unix)'.dependencies.reqwest]
version = "0.11.1"
default-features = false
features = ["rustls-tls"]

[target.'cfg(any(windows, macos))'.dependencies.reqwest]
version = "0.11.1"
default-features = false
features = ["native-tls", "rustls-tls"]

# How can we later determine if native-tls is enabled 🤔?
# Edit: or maybe we can just check the current target

In principle they can do anything, but is there a reason to expect that?

It was a hypothetical scenario. I don't have any reason to expect it.

[blyxxyz]

I hoped to enable xh's own native-tls feature by default on those platforms, but it seems there's no way to do that. I think the best option is to enable it explicitly for our releases.

[blyxxyz]

I can't find a good way to get the library versions for --debug. The only solution I've seen is to parse Cargo.lock, but that's by default ignored when running cargo install so it would be inaccurate.

I'll have to think a bit about what to include.

[ducaale]

Should we update this line in the README.md?

+ * rustls is used instead of the system's TLS library by default.
- * rustls is used instead of the system's TLS library.

[blyxxyz]

I can't find anyone asking for DER support in HTTPie, so let's not bother. (I also don't have a good understanding of it.)

I think it would make sense for the --debug flag to enable logging, and at that point it deserves its own PR, so I'll leave that out.

Releasing still works, with the usual caveat that I can't run the Windows and macOS binaries.

[ducaale]

Approved 🎉