Merge pull request #270 from kpcyrd/native-certs

Add native-certs support

Author: aatxe

Cargo.toml

@@ -38,7 +38,7 @@ yaml = ["yaml_config"]
 proxy = ["tokio-socks"]
 
 tls-native = ["native-tls", "tokio-native-tls"]
-tls-rust = ["tokio-rustls", "webpki-roots", "rustls-pemfile"]
+tls-rust = ["rustls-native-certs", "rustls-pemfile", "tokio-rustls", "webpki-roots"]
 encoding = ["dep:encoding", "irc-proto/encoding"]
 
 [dependencies]
@@ -65,9 +65,10 @@ tokio-socks = { version = "0.5.1", optional = true }
 
 # Feature - TLS
 native-tls = { version = "0.2.11", optional = true }
-tokio-rustls = { version = "0.26.0", optional = true }
-rustls-pemfile = { version = "2", optional = true }
 tokio-native-tls = { version = "0.3.1", optional = true }
+rustls-native-certs = { version = "0.8", optional = true }
+rustls-pemfile = { version = "2", optional = true }
+tokio-rustls = { version = "0.26.0", optional = true }
 webpki-roots = { version = "0.26.0", optional = true }
 
 

src/client/conn.rs

@@ -341,10 +341,15 @@ impl Connection {
                 .with_custom_certificate_verifier(Arc::new(DangerousAcceptAllVerifier::new()));
             make_client_auth!(builder)
         } else {
-            let mut root_store = webpki_roots::TLS_SERVER_ROOTS
-                .iter()
-                .cloned()
-                .collect::<RootCertStore>();
+            let mut root_store = RootCertStore::empty();
+
+            #[cfg(feature = "webpki-roots")]
+            root_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
+
+            let native_certs = rustls_native_certs::load_native_certs();
+            for cert in native_certs.certs {
+                root_store.add(cert.into())?;
+            }
 
             if let Some(cert_path) = config.cert_path() {
                 if let Ok(file) = File::open(cert_path) {