Conversation
There was a problem hiding this comment.
Pull request overview
Updates the Rust SDK’s TLS/PEM handling to remove the rustls-pemfile dependency and use rustls-pki-types instead, aligning certificate/key parsing with rustls’ newer PKI type APIs.
Changes:
- Swaps the
rustls-tlsfeature dependency fromrustls-pemfiletorustls-pki-types. - Updates Capella root CA loading logic in the rustls trust-store setup.
- Updates the mTLS authenticator rustdoc example to use
rustls-pki-typesparsing APIs.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
sdk/couchbase/src/options/cluster_options.rs |
Adjusts rustls TLS trust-store setup, including Capella root CA parsing. |
sdk/couchbase/src/authenticator.rs |
Updates documentation example for certificate-based authentication parsing. |
sdk/couchbase/Cargo.toml |
Replaces rustls-pemfile dependency/feature wiring with rustls-pki-types. |
Comments suppressed due to low confidence (1)
sdk/couchbase/src/options/cluster_options.rs:576
CAPELLA_CERTis a PEM-encoded certificate string (seecapella_ca.rs), but this code usesCertificateDer::from_slice(CAPELLA_CERT.as_bytes()), which is intended for DER bytes. This will either fail to parse or treat the PEM text as DER, so Capella root CA won’t be added correctly. Use the rustls-pki-types PEM parsing iterator (e.g., theCertificateDerPEM slice/reader iterator) to extract one or moreCertificateDervalues from the PEM text before callingadd_parsable_certificates.
debug!("Adding Capella root CA to trust store");
let certs = CertificateDer::from_slice(CAPELLA_CERT.as_bytes())
.map(|item| {
item.map_err(|e| {
error::Error::other_failure(format!("failed to add capella cert: {e}"))
})
})
.collect::<error::Result<Vec<CertificateDer>>>()?;
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
chvck
force-pushed
the
rscbc265
branch
2 times, most recently
from
2117fe6 to
b8305a1
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
sdk/couchbase/src/options/cluster_options.rs:43
SectionKindandPrivateKeyDerare imported under therustls-tlscfg but are not used anywhere in this module (onlyCertificateDer/RootCertStoreare used in the TLS config path). Consider removing these unused imports to keep the cfg import block minimal.
tokio_rustls::rustls::pki_types::pem::{PemObject, SectionKind},
tokio_rustls::rustls::pki_types::{CertificateDer, PrivateKeyDer},
tokio_rustls::rustls::RootCertStore,
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
|
Bencher Report| Branch | rscbc265-22866583662-138-1 |
| Testbed | ubuntu-latest |
Click to view all benchmark results
| Benchmark | Latency | Benchmark Result microseconds (µs) (Result Δ%) | Upper Boundary microseconds (µs) (Limit %) |
|---|---|---|---|
| query | 📈 view plot 🚷 view threshold | 423.08 µs(+0.90%)Baseline: 419.29 µs | 482.18 µs (87.74%) |
| upsert_and_get | 📈 view plot 🚷 view threshold | 430.16 µs(+7.88%)Baseline: 398.74 µs | 458.56 µs (93.81%) |
|
| Branch | rscbc265-22866898952-139-1 |
| Testbed | ubuntu-latest |
Click to view all benchmark results
| Benchmark | Latency | Benchmark Result microseconds (µs) (Result Δ%) | Upper Boundary microseconds (µs) (Limit %) |
|---|---|---|---|
| query | 📈 view plot 🚷 view threshold | 439.58 µs(+4.84%)Baseline: 419.29 µs | 482.18 µs (91.16%) |
| upsert_and_get | 📈 view plot 🚷 view threshold | 438.18 µs(+9.89%)Baseline: 398.74 µs | 458.56 µs (95.56%) |
|
| Branch | rscbc265-22867156553-141-1 |
| Testbed | ubuntu-latest |
Click to view all benchmark results
| Benchmark | Latency | Benchmark Result microseconds (µs) (Result Δ%) | Upper Boundary microseconds (µs) (Limit %) |
|---|---|---|---|
| query | 📈 view plot 🚷 view threshold | 450.35 µs(+7.41%)Baseline: 419.29 µs | 482.18 µs (93.40%) |
| upsert_and_get | 📈 view plot 🚷 view threshold | 419.39 µs(+5.18%)Baseline: 398.74 µs | 458.56 µs (91.46%) |
Matt-Woz
approved these changes
Mar 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.