From 0e0729df6ac936cce91a3b807b4d55c6672d5f58 Mon Sep 17 00:00:00 2001
From: Jordan Gonzalez <30836115+duncanista@users.noreply.github.com>
Date: Mon, 13 Apr 2026 13:03:33 -0400
Subject: [PATCH] fix(crypto): gate libdd-common TLS features in obfuscation
 and capabilities-impl

libdd-trace-obfuscation and libdd-capabilities-impl depended on
libdd-common with default features enabled, which unconditionally
pulled in the https feature (and therefore ring). This breaks
FIPS builds in downstream consumers because ring is forbidden.

Add default-features = false on the libdd-common dependency and
expose https/fips feature flags so downstream consumers can
propagate the correct crypto provider choice, matching the pattern
already used by libdd-trace-utils.
---
 libdd-capabilities-impl/Cargo.toml | 7 ++++++-
 libdd-trace-obfuscation/Cargo.toml | 9 +++++++--
 libdd-trace-utils/Cargo.toml       | 6 +++---
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/libdd-capabilities-impl/Cargo.toml b/libdd-capabilities-impl/Cargo.toml
index f93b283f14..9b4e4af7b8 100644
--- a/libdd-capabilities-impl/Cargo.toml
+++ b/libdd-capabilities-impl/Cargo.toml
@@ -19,4 +19,9 @@ bench = false
 bytes = "1"
 http = "1"
 libdd-capabilities = { path = "../libdd-capabilities", version = "0.1.0" }
-libdd-common = { path = "../libdd-common", version = "3.0.2" }
+libdd-common = { path = "../libdd-common", version = "3.0.2", default-features = false }
+
+[features]
+default = ["https"]
+https = ["libdd-common/https"]
+fips = ["libdd-common/fips"]
diff --git a/libdd-trace-obfuscation/Cargo.toml b/libdd-trace-obfuscation/Cargo.toml
index 7b212c061a..fa1682a343 100644
--- a/libdd-trace-obfuscation/Cargo.toml
+++ b/libdd-trace-obfuscation/Cargo.toml
@@ -18,8 +18,13 @@ percent-encoding = "2.1"
 log = "0.4"
 fluent-uri = "0.4.1"
 libdd-trace-protobuf = { version = "3.0.1", path = "../libdd-trace-protobuf" }
-libdd-trace-utils = { version = "3.0.1", path = "../libdd-trace-utils" }
-libdd-common = { version = "3.0.2", path = "../libdd-common" }
+libdd-trace-utils = { version = "3.0.1", path = "../libdd-trace-utils", default-features = false }
+libdd-common = { version = "3.0.2", path = "../libdd-common", default-features = false }
+
+[features]
+default = ["https"]
+https = ["libdd-common/https", "libdd-trace-utils/https"]
+fips = ["libdd-common/fips", "libdd-trace-utils/fips"]
 
 [dev-dependencies]
 duplicate = "0.4.1"
diff --git a/libdd-trace-utils/Cargo.toml b/libdd-trace-utils/Cargo.toml
index 0253160853..9e6b3655fe 100644
--- a/libdd-trace-utils/Cargo.toml
+++ b/libdd-trace-utils/Cargo.toml
@@ -59,7 +59,7 @@ urlencoding = { version = "2.1.3", optional = true }
 
 [target.'cfg(not(target_arch = "wasm32"))'.dependencies]
 tokio = { version = "1", features = ["time", "rt-multi-thread"] }
-libdd-capabilities-impl = { version = "0.1.0", path = "../libdd-capabilities-impl" }
+libdd-capabilities-impl = { version = "0.1.0", path = "../libdd-capabilities-impl", default-features = false }
 
 [target.'cfg(target_arch = "wasm32")'.dependencies]
 getrandom = { version = "0.2", features = ["js"] }
@@ -76,7 +76,7 @@ tempfile = "3.3.0"
 
 [features]
 default = ["https"]
-https = ["libdd-common/https"]
+https = ["libdd-common/https", "libdd-capabilities-impl/https"]
 mini_agent = ["compression", "libdd-common/use_webpki_roots"]
 test-utils = [
     "hyper/server",
@@ -87,4 +87,4 @@ test-utils = [
 ]
 compression = ["zstd", "flate2"]
 # FIPS mode uses the FIPS-compliant cryptographic provider (Unix only)
-fips = ["libdd-common/fips"]
+fips = ["libdd-common/fips", "libdd-capabilities-impl/fips"]