tonic: gracefully handle bad native certs

Instead of failing and bailing when a bad cert is found, ignore one-off errors for bad certs and continue to load the rest of the store. These one-off errors mostly affect MacOS users, as found in this rustls-native-certs issue: rustls/rustls-native-certs#4 Fixes: hyperium#519
NAlexPear · Jan 1, 2021 · 4d1b1bb · 4d1b1bb
1 parent f58fcf3
commit 4d1b1bb
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/tonic/src/transport/service/tls.rs b/tonic/src/transport/service/tls.rs
@@ -58,7 +58,10 @@ impl TlsConnector {
 
         #[cfg(feature = "tls-roots")]
         {
-            config.root_store = rustls_native_certs::load_native_certs().map_err(|(_, e)| e)?;
+            config.root_store = match rustls_native_certs::load_native_certs() {
+                Ok(store) | Err((Some(store), _)) => store,
+                Err((None, error)) => Err(error)?,
+            };
         }
 
         if let Some(cert) = ca_cert {