Before this patch, the `rustls::RootCertStore::add` method was used
to add all the root certificates found by `rustls_native_certs` crate.
This is a problem when an ancient or invalid certificate is present
in the native root store. `rustls` documentation says the following:
> This is suitable for a small set of root certificates that
> are expected to parse successfully. For large collections of
> roots (for example from a system store) it is expected that
> some of them might not be valid according to the rules `rustls`
> implements. As long as a relatively limited number of certificates
> are affected, this should not be a cause for concern. Use
> `RootCertStore::add_parsable_certificates` in order to add as many
> valid roots as possible and to understand how many certificates have
> been diagnosed as malformed.
With this patch, `RootCertStore::add_parsable_certificates` is used
instead for maximal compability with system store.
> Parse the given DER-encoded certificates and add all that can be
> parsed in a best-effort fashion.
>
> This is because large collections of root certificates often include
> ancient or syntactically invalid certificates.
It seems like GitHub Actions went slower in the last months since we
sometimes observe a problem when our `autobahn-server` is not started
quickly enough which leads to the autobahn suite trying to connect to
the server that is not yet running resulting into failed pipeline.
See https://github.com/snapview/tokio-tungstenite/runs/6658266507?check_suite_focus=true
Related #188
The echo server would generate ConnectionClosed error when the peer
close the connection normally. This is because that `tungstenite` crate
automatically reply Close message to the peer. Then StreamExt::forward()
also forwards the Close message after the connection is closed.
Sebastian Dröge