Replace rustls-native-certs with rustls-platform-verifier (#24656)

closes https://github.com/zed-industries/zed/issues/19620. I am not 100% sure on how to test this though. @elithrar: would you mind giving this branch a shot and seeing if it works for you? I kicked off bundling for this pull request and you should be able to download a DMG from the CI artifacts as soon as it's done building. Release Notes: - Fixed a bug that caused OS-level CA certificate bundles to not be respected. --------- Co-authored-by: Bennet <bennet@zed.dev> Co-authored-by: Mikayla Maki <mikayla.c.maki@gmail.com>
2025-02-12 16:32:17 +01:00 · 2025-02-12 16:32:17 +01:00 · 2b7d3726b4
commit 2b7d3726b4
parent 1ce6e8d0e3
7 changed files with 69 additions and 26 deletions
--- a/crates/client/Cargo.toml
+++ b/crates/client/Cargo.toml
@ -33,8 +33,6 @@ postage.workspace = true
 rand.workspace = true
 release_channel.workspace = true
 rpc = { workspace = true, features = ["gpui"] }
-rustls-native-certs.workspace = true
-rustls.workspace = true
 schemars.workspace = true
 serde.workspace = true
 serde_json.workspace = true
--- a/crates/client/src/client.rs
+++ b/crates/client/src/client.rs
@ -146,8 +146,6 @@ pub fn init_settings(cx: &mut App) {
 }

 pub fn init(client: &Arc<Client>, cx: &mut App) {
-    let _ = rustls::crypto::aws_lc_rs::default_provider().install_default();
-
    let client = Arc::downgrade(client);
    cx.on_action({
        let client = client.clone();
@ -1126,24 +1124,11 @@ impl Client {

            match url_scheme {
                Https => {
-                    let client_config = {
-                        let mut root_store = rustls::RootCertStore::empty();
-
-                        let root_certs = rustls_native_certs::load_native_certs();
-                        for error in root_certs.errors {
-                            log::warn!("error loading native certs: {:?}", error);
-                        }
-                        root_store.add_parsable_certificates(root_certs.certs);
-                        rustls::ClientConfig::builder()
-                            .with_root_certificates(root_store)
-                            .with_no_client_auth()
-                    };
-
                    let (stream, _) =
                        async_tungstenite::async_tls::client_async_tls_with_connector(
                            request,
                            stream,
-                            Some(client_config.into()),
+                            Some(http_client::tls_config().into()),
                        )
                        .await?;
                    Ok(Connection::new(