diff --git a/Cargo.toml b/Cargo.toml index fdf61732d..6d3667e52 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -143,7 +143,7 @@ rustls = { version = "0.23.4", optional = true, default-features = false, featur rustls-pki-types = { version = "1.1.0", features = ["alloc"] ,optional = true } tokio-rustls = { version = "0.26", optional = true, default-features = false, features = ["tls12"] } webpki-roots = { version = "0.26.0", optional = true } -rustls-native-certs = { version = "0.7", optional = true } +rustls-native-certs = { version = "0.8.0", optional = true } ## cookies cookie_crate = { version = "0.18.0", package = "cookie", optional = true } diff --git a/src/async_impl/client.rs b/src/async_impl/client.rs index 0a7281c42..9a34f3fb6 100644 --- a/src/async_impl/client.rs +++ b/src/async_impl/client.rs @@ -514,9 +514,9 @@ impl ClientBuilder { if config.tls_built_in_certs_native { let mut valid_count = 0; let mut invalid_count = 0; - for cert in rustls_native_certs::load_native_certs() - .map_err(crate::error::builder)? - { + + let load_results = rustls_native_certs::load_native_certs(); + for cert in load_results.certs { // Continue on parsing errors, as native stores often include ancient or syntactically // invalid certificates, like root certificates without any X509 extensions. // Inspiration: https://github.com/rustls/rustls/blob/633bf4ba9d9521a95f68766d04c22e2b01e68318/rustls/src/anchors.rs#L105-L112 @@ -529,9 +529,21 @@ impl ClientBuilder { } } if valid_count == 0 && invalid_count > 0 { - return Err(crate::error::builder( - "zero valid certificates found in native root store", - )); + let err = if load_results.errors.is_empty() { + crate::error::builder( + "zero valid certificates found in native root store", + ) + } else { + use std::fmt::Write as _; + let mut acc = String::new(); + for err in load_results.errors { + let _ = writeln!(&mut acc, "{err}"); + } + + crate::error::builder(acc) + }; + + return Err(err); } }