Load root certificates for rustls

Author: azat

Cargo.toml

@@ -18,7 +18,7 @@ default = ["tokio_io"]
 _tls = [] # meta feature for the clickhouse-rs generic TLS code
 tls = ["tls-native-tls"] # backward compatibility
 tls-native-tls = ["tokio-native-tls", "native-tls", "_tls"]
-tls-rustls = ["tokio-rustls", "rustls", "rustls-pemfile", "_tls"]
+tls-rustls = ["tokio-rustls", "rustls", "rustls-pemfile", "webpki-roots", "_tls"]
 async_std = ["async-std"]
 tokio_io = ["tokio"]
 
@@ -82,6 +82,10 @@ optional = true
 version = "0.25.0"
 optional = true
 
+[dependencies.webpki-roots]
+version = "*"
+optional = true
+
 [dependencies.chrono]
 version = "^0.4"
 default-features = false

src/connecting_stream.rs

@@ -268,7 +268,11 @@ impl ConnectingStream {
                         .with_no_client_auth()
                 } else {
                     let mut cert_store = RootCertStore::empty();
-                    // TODO: add webpki_roots::TLS_SERVER_ROOTS
+                    cert_store.extend(
+                        webpki_roots::TLS_SERVER_ROOTS
+                            .iter()
+                            .cloned()
+                    );
                     if let Some(certificates) = options.certificate.clone() {
                         for certificate in
                             Into::<Vec<rustls::pki_types::CertificateDer<'static>>>::into(