chore: avoid accidentally using native tls again #6086
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zanesq
approved these changes
Dec 12, 2025
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds automated checking to prevent accidental introduction of native-tls/OpenSSL dependencies, which have caused Linux compatibility issues with OpenSSL version mismatches (see issue #6034). The check integrates into the existing CI pipeline via clippy-lint.sh to catch these dependencies before they're merged.
- Adds a new script that checks for banned TLS crates (native-tls, openssl-sys, openssl) in the dependency tree
- Integrates the check into clippy-lint.sh so it runs on every CI build
- Provides clear error messages directing developers to use rustls-based alternatives
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| scripts/check-no-native-tls.sh | New script that scans dependency tree for banned TLS crates and fails with helpful error messages if found |
| scripts/clippy-lint.sh | Integrates the new TLS check into the existing lint pipeline |
The implementation looks solid and follows existing script patterns in the repository. The script correctly uses cargo tree -i to detect banned crates, provides helpful error messages with dependency chains, and properly exits with error codes. This aligns with the project's consistent use of rustls throughout all crates (goose, goose-server, goose-mcp).
katzdave
added a commit
that referenced
this pull request
Dec 12, 2025
…nses-streaming * 'main' of github.com:block/goose: Fix community page mobile responsiveness and horizontal overflow (#6082) Tool reply meta (#6074) chore: avoid accidentally using native tls again (#6086) Update vars to be capitalised to be in line with other variables in config file (#6085) docs: restructure recipe reference (#5972) docs: configure custom providers (#6044) docs: Community All-Stars Spotlight November 2025, CodeTV Hackathon edition (#6070) fix: include file attachments in queued messages (#5961) fix(ui): prevent incorrect provider type suffix in update dialog #5908 (#5909) docs: mcp elicitation (#6060)
zanesq
added a commit
that referenced
this pull request
Dec 15, 2025
* 'main' of github.com:block/goose: (22 commits) Disallow subagents with no extensions (#5825) chore(deps): bump js-yaml in /documentation (#6093) feat: external goosed server (#5978) fix: Make datetime info message more explicit to prevent LLM confusion about current year (#6101) refactor: unify subagent and subrecipe tools into single tool (#5893) goose repo is too big for the issue solver workflow worker (#6099) fix: use system not developer role in db (#6098) Add /goose issue solver github workflow (#6068) OpenAI responses streaming (#5837) Canonical models for Providers (#5694) feat: add Inception provider for Mercury models (#6029) fix old sessions with tool results not loading (#6094) Fix community page mobile responsiveness and horizontal overflow (#6082) Tool reply meta (#6074) chore: avoid accidentally using native tls again (#6086) Update vars to be capitalised to be in line with other variables in config file (#6085) docs: restructure recipe reference (#5972) docs: configure custom providers (#6044) docs: Community All-Stars Spotlight November 2025, CodeTV Hackathon edition (#6070) fix: include file attachments in queued messages (#5961) ... # Conflicts: # crates/goose-server/src/routes/agent.rs # crates/goose/src/agents/extension_manager.rs # ui/desktop/src/api/sdk.gen.ts
zanesq
added a commit
that referenced
this pull request
Dec 16, 2025
…sions * 'main' of github.com:block/goose: (22 commits) Disallow subagents with no extensions (#5825) chore(deps): bump js-yaml in /documentation (#6093) feat: external goosed server (#5978) fix: Make datetime info message more explicit to prevent LLM confusion about current year (#6101) refactor: unify subagent and subrecipe tools into single tool (#5893) goose repo is too big for the issue solver workflow worker (#6099) fix: use system not developer role in db (#6098) Add /goose issue solver github workflow (#6068) OpenAI responses streaming (#5837) Canonical models for Providers (#5694) feat: add Inception provider for Mercury models (#6029) fix old sessions with tool results not loading (#6094) Fix community page mobile responsiveness and horizontal overflow (#6082) Tool reply meta (#6074) chore: avoid accidentally using native tls again (#6086) Update vars to be capitalised to be in line with other variables in config file (#6085) docs: restructure recipe reference (#5972) docs: configure custom providers (#6044) docs: Community All-Stars Spotlight November 2025, CodeTV Hackathon edition (#6070) fix: include file attachments in queued messages (#5961) ... # Conflicts: # crates/goose-server/src/routes/agent.rs # crates/goose/src/agents/extension_manager.rs # ui/desktop/src/api/sdk.gen.ts
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
to prevent such things like this:
#6051
this hopefully checks that we don't use native-tls. It has caused issues before and rust tls is hardened, audited and well used.