@@ -402,7 +402,9 @@ impl ConnectionInfo {
402402 // do not apply validation if using a self-signed certificate,as the documentation suggests
403403 let config = if !validation {
404404 match tls_config {
405- ConnectionTLSConfig :: MutualTLS ( _) => tls_config,
405+ ConnectionTLSConfig :: MutualTLS ( mtls) => {
406+ & ConnectionTLSConfig :: MutualTLS ( mtls. with_no_validation ( ) )
407+ }
406408 _ => & ConnectionTLSConfig :: NoSSLValidation ,
407409 }
408410 } else {
@@ -499,10 +501,26 @@ impl ConnectionInfo {
499501 . with_client_auth_cert ( cert_certs. collect ( ) , keys)
500502 . map_err ( |_e| Error :: ConnectionError ) ?
501503 } else {
502- builder
503- . with_root_certificates ( RootCertStore :: empty ( ) )
504- . with_client_auth_cert ( cert_certs. collect ( ) , keys)
505- . map_err ( |_e| Error :: ConnectionError ) ?
504+ if mutual. validation {
505+ match rustls_native_certs:: load_native_certs ( ) {
506+ Ok ( certs) => {
507+ root_cert_store. add_parsable_certificates ( certs) ;
508+ }
509+ Err ( e) => {
510+ warn ! ( "Failed to load native certificates: {e}" ) ;
511+ }
512+ }
513+ builder
514+ . with_root_certificates ( root_cert_store)
515+ . with_client_auth_cert ( cert_certs. collect ( ) , keys)
516+ . map_err ( |_e| Error :: ConnectionError ) ?
517+ } else {
518+ builder
519+ . dangerous ( )
520+ . with_custom_certificate_verifier ( Arc :: new ( NoCertificateVerification ) )
521+ . with_client_auth_cert ( cert_certs. collect ( ) , keys)
522+ . map_err ( |_e| Error :: ConnectionError ) ?
523+ }
506524 }
507525 }
508526 } ;
0 commit comments