build(deps): bump the crypto group across 1 directory with 2 updates (#…

…295)

Bumps the crypto group with 2 updates in the / directory: [rustls](https://github.com/rustls/rustls) and [rustls-native-certs](https://github.com/rustls/rustls-native-certs).


Updates `rustls` from 0.23.12 to 0.23.14
- [Release notes](https://github.com/rustls/rustls/releases)
- [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md)
- [Commits](rustls/rustls@v/0.23.12...v/0.23.14)

Updates `rustls-native-certs` from 0.7.2 to 0.8.0
- [Release notes](https://github.com/rustls/rustls-native-certs/releases)
- [Commits](rustls/rustls-native-certs@v/0.7.2...v/0.8.0)

---
updated-dependencies:
- dependency-name: rustls
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: crypto
- dependency-name: rustls-native-certs
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crypto
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Benoît CORTIER <bcortier@proton.me>

Cargo.toml

@@ -84,7 +84,7 @@ reqwest = { version = "0.12", optional = true, default-features = false, feature
 trust-dns-resolver = { version = "0.23", optional = true }
 portpicker = { version = "0.1", optional = true }
 rustls = { version = "0.23", optional = true, default-features = false, features = ["logging", "std", "tls12"] }
-rustls-native-certs = { version = "0.7", optional = true }
+rustls-native-certs = { version = "0.8", optional = true }
 # `rt-multi-thread` feature is required for `tokio::task::block_in_place` function.
 tokio = { version = "1.40", optional = true, features = ["time", "rt", "rt-multi-thread"] }
 pcsc = { version = "2.8", optional = true }

src/network_client.rs

@@ -101,12 +101,6 @@ pub mod reqwest_network_client {
             })?;
 
             let client = crate::rustls::load_native_certs(reqwest::blocking::ClientBuilder::new())
-                .ok_or_else(|| {
-                    Error::new(
-                        ErrorKind::NoAuthenticatingAuthority,
-                        "failed to load native certificates",
-                    )
-                })?
                 .build()
                 .map_err(|e| {
                     Error::new(

src/rustls.rs

@@ -37,12 +37,18 @@ pub(crate) fn install_default_crypto_provider_if_necessary() -> Result<(), ()> {
 }
 
 #[cfg(feature = "network_client")]
-pub(crate) fn load_native_certs(builder: reqwest::blocking::ClientBuilder) -> Option<reqwest::blocking::ClientBuilder> {
+pub(crate) fn load_native_certs(builder: reqwest::blocking::ClientBuilder) -> reqwest::blocking::ClientBuilder {
     #[cfg(feature = "aws-lc-rs")]
     {
         let mut builder = builder;
 
-        for cert in rustls_native_certs::load_native_certs().ok()? {
+        let result = rustls_native_certs::load_native_certs();
+
+        for error in result.errors {
+            debug!(%error, "native root CA certificate loading error");
+        }
+
+        for cert in result.certs {
             // Continue on parsing errors, as native stores often include ancient or syntactically
             // invalid certificates, like root certificates without any X509 extensions.
             // Inspiration: https://github.com/rustls/rustls/blob/633bf4ba9d9521a95f68766d04c22e2b01e68318/rustls/src/anchors.rs#L105-L112
@@ -54,12 +60,12 @@ pub(crate) fn load_native_certs(builder: reqwest::blocking::ClientBuilder) -> Op
             };
         }
 
-        Some(builder)
+        builder
     }
 
     // We enable the rustls-tls-native-roots feature of reqwest when ring is used.
     #[cfg(all(not(feature = "aws-lc-rs"), feature = "ring"))]
     {
-        Some(builder)
+        builder
     }
 }