wasi-tls has recently been accepted as a phase 1 proposal.

We'd like to start implementing this in wasmtime. There already exists some prior efforts:

• @dicej created a standalone WASI host with TLS support at: https://github.com/dicej/dotnet-wasi-tls
  • This implements a minimal subset of the draft spec.
  • Uses the native-tls crate.
• @jsturtevant modified the .NET runtime to use Joel's implementation at: dotnet/runtime@main...jsturtevant:runtime:wasi-tls-2
  • This successfully runs their SqlClient.
• Based on Joel's work, I (@badeend) started integrating it into wasmtime itself: https://github.com/badeend/wasmtime/tree/wasi-tls
  • This too is just a minimal subset of the draft spec. Although the WIT in this branch has evolved slightly.
  • Uses the rustls crate.
  • The changes are part of the wasi-sockets interface, which is not the right place.
  • And some boilerplate:
    • threading through a new tls CLI flag
    • Change rustls from a wasi-http-only dependency to a workspace dependency.

My suggestion is to add a new standalone wasi-tls crate:

• under the /crates folder, similar to the other proposals.
• that uses the WIT file from this PR
• that targets WASI v0.2 for the time being. Work on a v0.3 interface can happen in parallel in the future.
• that is completely experimental and therefore behind a tls flag.
• uses rustls for its implementation? (up for discussion, see next comment)

Thoughts?

CC @dicej @jsturtevant