fix: enable TLS for HTTPS OpenTelemetry gRPC endpoints

[vyalamar]

fix(otel): enable TLS for HTTPS OpenTelemetry gRPC endpoints

Context

The OpenTelemetry gRPC exporter was sending plaintext data to HTTPS endpoints because TLS was not enabled at build time and no runtime configuration existed.

Root cause

• opentelemetry-otlp crate was compiled without the tls and tls-roots features
• No call to ClientTlsConfig for HTTPS endpoints → fallback to cleartext transmission

Fix

1. Cargo.toml — added "tls" and "tls-roots" features for opentelemetry-otlp
2. otel_provider.rs — detect https:// endpoints and apply:

   let mut tls_config = ClientTlsConfig::new().with_native_roots();
   tls_config = tls_config.domain_name(domain);
   exporter_builder = exporter_builder.with_tls_config(tls_config);
   debug!("TLS enabled for HTTPS endpoint: {}", endpoint);

Impact

• HTTPS endpoints now use encrypted TLS connections
• Certificate validation via system root certs

Resolves: #6153 (OpenTelemetry HTTPS plaintext issue)

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[vyalamar]

I have read the CLA Document and I hereby sign the CLA

[vyalamar]

I have read the CLA Document and I hereby sign the CLA

[vyalamar]

recheck

[vyalamar]

CLA :
I have read the CLA Document and I hereby sign the CLA.

[etraut-openai]

@vyalamar, thanks for the contribution!

I'm not sure what's going on with the CLA. No worries — I can see that you've accepted it, and I can override the automated check if needed.

There's a formatting-related issue that the CI scripts detected.

I've asked the developer who implemented the OTEL support in codex to review the PR. We should hear back from him soon.

[vyalamar]

Sure thanks. I will check and update this evening. And also this needs to work on dualstack so it can work on ipv4 and ipv6 alike . Let me address that as well.

[vyalamar]

I have read the CLA Document and I hereby sign the CLA.

[vyalamar]

@etraut-openai and @haivanka — incorporated the runtime TLS wiring as discussed.

[etraut-openai]

@vyalamar, please review this PR which is a different (more complete) fix for this issue. I'm going to close this PR. Thanks again for analyzing the problem and proposing a fix!