Rustls (and its dependencies) have been audited: https://jbp.io/2020/06/14/rustls-audit.html
that's actually what's going to replace the TLS in Apache. mod_ssl is C (presumably), but mod_tls uses rustls instead of openssl.
Yes, ring does have C code in it (looks like it's from the BoringSSL project). Unfortunate, but pure rust crypto does exist. The point is to keep unsafe to a minimum, so instead of needing to audit 100% of a codebase for memory safety bugs, you need to audit 5%.
A friendly mastodon instance primarily for shitposting, gays, and the glory of the free and open source software movement.