Feat: Add feature to replace openssl with rusttls

[poelzi]

Description

Allows to build without openssl.
Default feature settings will use openssl.

You can build without openssl via
cd helix-cli && cargo build --no-default-features --features normal-rustls

Self update can not be build without openssl, so this functionality is disabled then.

Closes #

Checklist when merging to main

• No compiler warnings (if applicable)
• Code is formatted with rustfmt
• No useless or dead code (if applicable)
• Code is easy to understand
• Doc comments are used for all functions, enums, structs, and fields (where appropriate)
• All tests pass
• Performance has not regressed (assuming change was not to fix a bug)
• Version number has been updated in helix-cli/Cargo.toml and helixdb/Cargo.toml

Additional Notes

Greptile Overview

Updated On: 2025-11-05 17:55:10 UTC

Greptile Summary

This PR introduces optional OpenSSL support to HelixDB, allowing users to build the entire project using rustls as an alternative TLS backend. The changes implement a feature flag system across all workspace crates (helix-cli, helix-db, helix-container, metrics, and hql-tests) that maintains backward compatibility by defaulting to OpenSSL while enabling rustls builds via --no-default-features --features normal-rustls. The implementation properly handles the trade-off that self-update functionality must be disabled in rustls builds since it has hard OpenSSL dependencies, providing clear error messages to users when this feature is unavailable.

The changes follow Rust conventions for optional dependencies and feature propagation, ensuring consistent TLS backend usage across the dependency chain. Documentation is updated in the README to guide users on building with rustls.

Important Files Changed

Filename	Score	Overview
helix-cli/Cargo.toml	4/5	Introduces TLS backend feature flags, makes self_update optional, maintains backward compatibility
helix-cli/src/commands/update.rs	4/5	Adds conditional compilation to gracefully handle missing self-update functionality in rustls builds
helix-db/Cargo.toml	4/5	Implements comprehensive TLS feature system with server variants and proper dependency feature propagation
helix-container/Cargo.toml	4/5	Adds TLS backend selection features while maintaining OpenSSL as default
metrics/Cargo.toml	4/5	Updates reqwest dependency configuration to support both TLS backends with feature flags
hql-tests/Cargo.toml	5/5	Simple and clean migration of octocrab dependency from OpenSSL to rustls
README.md	5/5	Clear documentation of new build options and limitations for rustls builds

Sequence Diagram

sequenceDiagram
    participant User
    participant CLI as "Helix CLI"
    participant Cargo as "Cargo Build System"
    participant Features as "Feature Resolution"
    participant TLS as "TLS Provider"
    participant SelfUpdate as "Self Update Module"

    User->>CLI: "cargo build --no-default-features --features normal-rustls"
    CLI->>Cargo: "Parse build command with features"
    Cargo->>Features: "Resolve feature flags"
    
    alt rustls-tls feature enabled
        Features->>TLS: "Initialize rustls-tls provider"
        TLS-->>Features: "rustls TLS configured"
        Features->>SelfUpdate: "Check self_update feature"
        Note over SelfUpdate: "self_update feature disabled"
        SelfUpdate-->>Features: "Self-update unavailable"
    else default-tls feature enabled
        Features->>TLS: "Initialize OpenSSL provider"
        TLS-->>Features: "OpenSSL TLS configured"
        Features->>SelfUpdate: "Check self_update feature"
        Note over SelfUpdate: "self_update feature enabled"
        SelfUpdate-->>Features: "Self-update available"
    end
    
    Features-->>Cargo: "Feature resolution complete"
    Cargo->>CLI: "Build with resolved features"
    CLI-->>User: "Build complete with TLS provider"
    
    alt User runs helix update with rustls build
        User->>CLI: "helix update"
        CLI->>SelfUpdate: "run(force)"
        SelfUpdate-->>CLI: "Error: Self-update not available"
        CLI-->>User: "Self-update disabled with rustls build"
    else User runs helix update with OpenSSL build
        User->>CLI: "helix update"
        CLI->>SelfUpdate: "run(force)"
        SelfUpdate->>SelfUpdate: "Check GitHub for updates"
        SelfUpdate-->>CLI: "Update completed"
        CLI-->>User: "Update successful"
    end

Loading

Context used:

• Context from dashboard - readme for helixdb (source)
• Context from dashboard - Main documentation for all of HelixDB, the SDKs, HelixQL, and the Helix CLI (source)

[greptile-apps]

_{7 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[xav-db]

@matthewsanetra thoughts on this?

[matthewsanetra]

@matthewsanetra thoughts on this?

LGTM, pending e2e tests and should be able to merge after the launches this/next week.
We should make this the default for the DB.

@poelzi Thank you! Will update you on the performance wins soon that I'm expecting this will bring.