feat: add two new features to allow using webpki-roots or rustls-native-certs

Cargo.toml

@@ -20,7 +20,8 @@ gio-runtime = ["gio", "glib"]
 async-tls = ["real-async-tls"]
 async-native-tls = ["async-std-runtime", "real-async-native-tls", "tungstenite/native-tls"]
 tokio-native-tls = ["tokio-runtime", "real-tokio-native-tls", "real-native-tls", "tungstenite/native-tls"]
-tokio-rustls = ["tokio-runtime", "real-tokio-rustls", "webpki-roots", "tungstenite/rustls-tls"]
+tokio-rustls-webpki-roots = ["tokio-runtime", "real-tokio-rustls", "webpki-roots", "tungstenite/rustls-tls"]
+tokio-rustls-native-certs = ["tokio-runtime", "real-tokio-rustls", "rustls-native-certs", "tungstenite/rustls-tls"]
 tokio-openssl = ["tokio-runtime", "real-tokio-openssl", "openssl"]
 
 [package.metadata.docs.rs]
@@ -79,6 +80,10 @@ optional = true
 version = "^0.22"
 package = "tokio-rustls"
 
+[dependencies.rustls-native-certs]
+optional = true
+version = "0.5"
+
 [dependencies.webpki-roots]
 optional = true
 version = "0.21"

README.md

@@ -43,8 +43,14 @@ integration with various other crates can be enabled via feature flags
    with the [tokio](https://tokio.rs) runtime.
  * `tokio-native-tls`: Enables the additional functions in the `tokio` module to
    implement TLS via [tokio-native-tls](https://crates.io/crates/tokio-native-tls).
- * `tokio-rustls`: Enables the additional functions in the `tokio` module to
-   implement TLS via [tokio-rustls](https://crates.io/crates/tokio-rustls).
+ * `tokio-rustls-native-certs`: Enables the additional functions in the `tokio` 
+   module to implement TLS via [tokio-rustls](https://crates.io/crates/tokio-rustls)
+   and uses native system certificates found with
+   [rustls-native-certs](https://github.com/rustls/rustls-native-certs).
+ * `tokio-rustls-webpki-roots`: Enables the additional functions in the `tokio` 
+   module to implement TLS via [tokio-rustls](https://crates.io/crates/tokio-rustls)
+   and uses the certificates [webpki-roots](https://github.com/rustls/webpki-roots)
+   provides.
  * `gio-runtime`: Enables the `gio` module, which provides integration with
    the [gio](https://gtk-rs.org) runtime.
 

src/lib.rs

@@ -18,8 +18,14 @@
 //!    with the [tokio](https://tokio.rs) runtime.
 //!  * `tokio-native-tls`: Enables the additional functions in the `tokio` module to
 //!    implement TLS via [tokio-native-tls](https://crates.io/crates/tokio-native-tls).
-//!  * `tokio-rustls`: Enables the additional functions in the `tokio` module to
-//!    implement TLS via [tokio-rustls](https://crates.io/crates/tokio-rustls).
+//!  * `tokio-rustls-native-certs`: Enables the additional functions in the `tokio`
+//!    module to implement TLS via [tokio-rustls](https://crates.io/crates/tokio-rustls)
+//!    and uses native system certificates found with
+//!    [rustls-native-certs](https://github.com/rustls/rustls-native-certs).
+//!  * `tokio-rustls-webpki-roots`: Enables the additional functions in the `tokio`
+//!    module to implement TLS via [tokio-rustls](https://crates.io/crates/tokio-rustls)
+//!    and uses the certificates [webpki-roots](https://github.com/rustls/webpki-roots)
+//!    provides.
 //!  * `tokio-openssl`: Enables the additional functions in the `tokio` module to
 //!    implement TLS via [tokio-openssl](https://crates.io/crates/tokio-openssl).
 //!  * `gio-runtime`: Enables the `gio` module, which provides integration with
@@ -45,7 +51,8 @@ mod handshake;
     feature = "async-tls",
     feature = "async-native-tls",
     feature = "tokio-native-tls",
-    feature = "tokio-rustls",
+    feature = "tokio-rustls-native-certs",
+    feature = "tokio-rustls-webpki-roots",
     feature = "tokio-openssl",
 ))]
 pub mod stream;

src/tokio.rs

@@ -15,13 +15,23 @@ use futures_io::{AsyncRead, AsyncWrite};
 #[path = "tokio/native_tls.rs"]
 mod tls;
 
-#[cfg(all(feature = "tokio-rustls", not(feature = "tokio-native-tls")))]
+#[cfg(all(
+    any(
+        feature = "tokio-rustls-native-certs",
+        feature = "tokio-rustls-webpki-roots"
+    ),
+    not(feature = "tokio-native-tls")
+))]
 #[path = "tokio/rustls.rs"]
 mod tls;
 
 #[cfg(all(
     feature = "tokio-openssl",
-    not(any(feature = "tokio-native-tls", feature = "tokio-rustls"))
+    not(any(
+        feature = "tokio-native-tls",
+        feature = "tokio-rustls-native-certs",
+        feature = "tokio-rustls-webpki-roots"
+    ))
 ))]
 #[path = "tokio/openssl.rs"]
 mod tls;
@@ -30,7 +40,8 @@ mod tls;
     feature = "async-tls",
     not(any(
         feature = "tokio-native-tls",
-        feature = "tokio-rustls",
+        feature = "tokio-rustls-native-certs",
+        feature = "tokio-rustls-webpki-roots",
         feature = "tokio-openssl"
     ))
 ))]
@@ -39,7 +50,8 @@ mod tls;
 
 #[cfg(not(any(
     feature = "tokio-native-tls",
-    feature = "tokio-rustls",
+    feature = "tokio-rustls-native-certs",
+    feature = "tokio-rustls-webpki-roots",
     feature = "tokio-openssl",
     feature = "async-tls"
 )))]
@@ -48,14 +60,16 @@ mod tls;
 
 #[cfg(any(
     feature = "tokio-native-tls",
-    feature = "tokio-rustls",
+    feature = "tokio-rustls-native-certs",
+    feature = "tokio-rustls-webpki-roots",
     feature = "tokio-openssl",
     feature = "async-tls",
 ))]
 pub use self::tls::client_async_tls_with_connector_and_config;
 #[cfg(any(
     feature = "tokio-native-tls",
-    feature = "tokio-rustls",
+    feature = "tokio-rustls-native-certs",
+    feature = "tokio-rustls-webpki-roots",
     feature = "tokio-openssl",
     feature = "async-tls"
 ))]
@@ -63,7 +77,8 @@ use self::tls::{AutoStream, Connector};
 
 #[cfg(not(any(
     feature = "tokio-native-tls",
-    feature = "tokio-rustls",
+    feature = "tokio-rustls-native-certs",
+    feature = "tokio-rustls-webpki-roots",
     feature = "tokio-openssl",
     feature = "async-tls"
 )))]
@@ -171,7 +186,8 @@ pub type ClientStream<S> = AutoStream<S>;
 
 #[cfg(any(
     feature = "tokio-native-tls",
-    feature = "tokio-rustls",
+    feature = "tokio-rustls-native-certs",
+    feature = "tokio-rustls-webpki-roots",
     all(feature = "async-tls", not(feature = "tokio-openssl"))
 ))]
 /// Creates a WebSocket handshake from a request and a stream,
@@ -190,7 +206,8 @@ where
 
 #[cfg(any(
     feature = "tokio-native-tls",
-    feature = "tokio-rustls",
+    feature = "tokio-rustls-native-certs",
+    feature = "tokio-rustls-webpki-roots",
     all(feature = "async-tls", not(feature = "tokio-openssl"))
 ))]
 /// Creates a WebSocket handshake from a request and a stream,
@@ -211,7 +228,8 @@ where
 
 #[cfg(any(
     feature = "tokio-native-tls",
-    feature = "tokio-rustls",
+    feature = "tokio-rustls-native-certs",
+    feature = "tokio-rustls-webpki-roots",
     all(feature = "async-tls", not(feature = "tokio-openssl"))
 ))]
 /// Creates a WebSocket handshake from a request and a stream,
@@ -232,7 +250,11 @@ where
 
 #[cfg(all(
     feature = "tokio-openssl",
-    not(any(feature = "tokio-native-tls", feature = "tokio-rustls"))
+    not(any(
+        feature = "tokio-native-tls",
+        feature = "tokio-rustls-native-certs",
+        feature = "tokio-rustls-webpki-roots"
+    ))
 ))]
 /// Creates a WebSocket handshake from a request and a stream,
 /// upgrading the stream to TLS if required.
@@ -256,7 +278,11 @@ where
 
 #[cfg(all(
     feature = "tokio-openssl",
-    not(any(feature = "tokio-native-tls", feature = "tokio-rustls"))
+    not(any(
+        feature = "tokio-native-tls",
+        feature = "tokio-rustls-native-certs",
+        feature = "tokio-rustls-webpki-roots"
+    ))
 ))]
 /// Creates a WebSocket handshake from a request and a stream,
 /// upgrading the stream to TLS if required and using the given
@@ -282,7 +308,11 @@ where
 
 #[cfg(all(
     feature = "tokio-openssl",
-    not(any(feature = "tokio-native-tls", feature = "tokio-rustls"))
+    not(any(
+        feature = "tokio-native-tls",
+        feature = "tokio-rustls-native-certs",
+        feature = "tokio-rustls-webpki-roots"
+    ))
 ))]
 /// Creates a WebSocket handshake from a request and a stream,
 /// upgrading the stream to TLS if required and using the given
@@ -340,7 +370,8 @@ where
 #[cfg(any(
     feature = "async-tls",
     feature = "tokio-native-tls",
-    feature = "tokio-rustls",
+    feature = "tokio-rustls-native-certs",
+    feature = "tokio-rustls-webpki-roots",
     feature = "tokio-openssl"
 ))]
 /// Connect to a given URL using the provided TLS connector.
@@ -357,7 +388,8 @@ where
 #[cfg(any(
     feature = "async-tls",
     feature = "tokio-native-tls",
-    feature = "tokio-rustls",
+    feature = "tokio-rustls-native-certs",
+    feature = "tokio-rustls-webpki-roots",
     feature = "tokio-openssl"
 ))]
 /// Connect to a given URL using the provided TLS connector.

src/tokio/rustls.rs

@@ -36,6 +36,12 @@ where
                     connector
                 } else {
                     let mut config = ClientConfig::new();
+                    #[cfg(feature = "tokio-rustls-native-certs")]
+                    {
+                        config.root_store =
+                            rustls_native_certs::load_native_certs().map_err(|(_, err)| err)?;
+                    }
+                    #[cfg(feature = "tokio-rustls-webpki-roots")]
                     config
                         .root_store
                         .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);