Add TLS server roots from webpki

tokio-xmpp/Cargo.toml

@@ -28,12 +28,13 @@ trust-dns-resolver = "0.20"
 xml5ever = "0.16"
 xmpp-parsers = "0.18"
 webpki = { version = "0.21", optional = true }
+webpki-roots = { version = "0.21", optional = true }
 
 [build-dependencies]
 rustc_version = "0.3"
 
 [features]
 default = ["tls-native"]
-tls-rust = ["tokio-rustls", "webpki"]
+tls-rust = ["tokio-rustls", "webpki", "webpki-roots"]
 tls-native = ["tokio-native-tls", "native-tls"]
 serde = ["xmpp-parsers/serde"]

tokio-xmpp/src/starttls.rs

@@ -1,17 +1,21 @@
 use futures::{sink::SinkExt, stream::StreamExt};
+
 #[cfg(feature = "tls-rust")]
-use idna;
+use {
+    idna,
+    std::sync::Arc,
+    tokio_rustls::{client::TlsStream, rustls::ClientConfig, TlsConnector},
+    webpki::DNSNameRef,
+    webpki_roots,
+};
+
 #[cfg(feature = "tls-native")]
-use native_tls::TlsConnector as NativeTlsConnector;
-#[cfg(feature = "tls-rust")]
-use std::sync::Arc;
+use {
+    native_tls::TlsConnector as NativeTlsConnector,
+    tokio_native_tls::{TlsConnector, TlsStream},
+};
+
 use tokio::io::{AsyncRead, AsyncWrite};
-#[cfg(feature = "tls-native")]
-use tokio_native_tls::{TlsConnector, TlsStream};
-#[cfg(feature = "tls-rust")]
-use tokio_rustls::{client::TlsStream, rustls::ClientConfig, TlsConnector};
-#[cfg(feature = "tls-rust")]
-use webpki::DNSNameRef;
 use xmpp_parsers::{ns, Element};
 
 use crate::xmpp_codec::Packet;
@@ -38,7 +42,11 @@ async fn get_tls_stream<S: AsyncRead + AsyncWrite + Unpin>(
     let ascii_domain = idna::domain_to_ascii(domain).map_err(|_| Error::Idna)?;
     let domain = DNSNameRef::try_from_ascii_str(&ascii_domain).unwrap();
     let stream = xmpp_stream.into_inner();
-    let tls_stream = TlsConnector::from(Arc::new(ClientConfig::new()))
+    let mut config = ClientConfig::new();
+    config
+        .root_store
+        .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);
+    let tls_stream = TlsConnector::from(Arc::new(config))
         .connect(domain, stream)
         .await?;
     Ok(tls_stream)