For cryptography it uses the ring-library which still relies on C-Code in many places. Additionally there is no API-stability (still v0.*) and the last official audit was 3 years ago.
The project has potential but isn't quite ready for prime time yet.
Importantly, that C code (and assembly) is in the guts of crypto primitives. Those tend to be a lot easier to test than higher level X.509 parsing code, which I think is all done in safe Rust.
But for sure, taking a dependency on RusTLS from C code isn't a "boring" choice, and I wouldn't pretend to be confident that that would all go smoothly for a big project.
https://github.com/rustls/rustls
Some thoughts on lessons learned from other projects/vulnerabilities:
https://docs.rs/rustls/latest/rustls/manual/index.html