Use platform certificates when target "native-certs" is set

This is useful in Entreprise configurations.

Cargo.toml

@@ -18,6 +18,7 @@ default = ["tls", "cookies"]
 json = ["serde_json"]
 charset = ["encoding"]
 tls = ["rustls", "webpki", "webpki-roots"]
+native-certs = ["rustls-native-certs"]
 cookies = ["cookie"]
 
 [dependencies]
@@ -30,5 +31,6 @@ url = "2"
 rustls = { version = "0.17", optional = true, features = [] }
 webpki = { version = "0.21", optional = true }
 webpki-roots = { version = "0.19", optional = true }
+rustls-native-certs = { version = "0.3", optional = true }
 serde_json = { version = "1", optional = true }
 encoding = { version = "0.2", optional = true }

src/stream.rs

@@ -129,6 +129,17 @@ pub(crate) fn connect_http(unit: &Unit) -> Result<Stream, Error> {
     connect_host(unit, hostname, port).map(Stream::Http)
 }
 
+#[cfg(all(feature = "tls", feature = "native-certs"))]
+fn configure_certs(config: &mut rustls::ClientConfig) {
+    config.root_store = rustls_native_certs::load_native_certs()
+        .expect("Could not load patform certs");
+}
+
+#[cfg(all(feature = "tls", not(feature = "native-certs")))]
+fn configure_certs(config: &mut rustls::ClientConfig) {
+    config.root_store.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
+}
+
 #[cfg(feature = "tls")]
 pub(crate) fn connect_https(unit: &Unit) -> Result<Stream, Error> {
     use lazy_static::lazy_static;
@@ -137,9 +148,7 @@ pub(crate) fn connect_https(unit: &Unit) -> Result<Stream, Error> {
     lazy_static! {
         static ref TLS_CONF: Arc<rustls::ClientConfig> = {
             let mut config = rustls::ClientConfig::new();
-            config
+            configure_certs(&mut config);
-                .root_store
-                .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
             Arc::new(config)
         };
     }