Fix native-certs and add to test matrix

Close #239

.github/workflows/test.yml

@@ -54,6 +54,7 @@ jobs:
           - charset
           - cookies
           - socks-proxy
+          - native-certs
     env:
       RUST_BACKTRACE: "1"
       RUSTFLAGS: "-D dead_code -D unused-variables -D unused"

src/stream.rs

@@ -335,7 +335,7 @@ pub(crate) fn connect_https(unit: &Unit, hostname: &str) -> Result<Stream, Error
 
     static TLS_CONF: Lazy<Arc<rustls::ClientConfig>> = Lazy::new(|| {
         let mut root_store = rustls::RootCertStore::empty();
-        #[cfg(not(feature = "native-tls"))]
+        #[cfg(not(feature = "native-certs"))]
         root_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
             rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
                 ta.subject,
@@ -343,10 +343,11 @@ pub(crate) fn connect_https(unit: &Unit, hostname: &str) -> Result<Stream, Error
                 ta.name_constraints,
             )
         }));
-        #[cfg(feature = "native-tls")]
-        root_store.add_server_trust_anchors(
-            rustls_native_certs::load_native_certs().expect("Could not load platform certs"),
-        );
+        #[cfg(feature = "native-certs")]
+        for cert in rustls_native_certs::load_native_certs().expect("Could not load platform certs")
+        {
+            root_store.add(&rustls::Certificate(cert.0)).unwrap();
+        }
 
         let config = rustls::ClientConfig::builder()
             .with_safe_defaults()

test.sh

@@ -5,7 +5,7 @@ export RUST_BACKTRACE=1
 export RUSTFLAGS="-D dead_code -D unused-variables -D unused"
 
 for tls in "" tls ; do
-  for feature in "" json charset cookies socks-proxy ; do
+  for feature in "" json charset cookies socks-proxy native-certs ; do
     if ! cargo test --no-default-features --features "${tls} ${feature}" ; then
       echo Command failed: cargo test \"${what}\" --no-default-features --features \"${tls} ${feature}\"
       exit 1