Revert "Replace rustls-native-certs with rustls-platform-verifier (…

…zed-industries#24656)"

This reverts commit 2b7d372.

Cargo.toml

@@ -485,7 +485,7 @@ rustc-demangle = "0.1.23"
 rust-embed = { version = "8.4", features = ["include-exclude"] }
 rustc-hash = "2.1.0"
 rustls = { version = "0.23.22" }
-rustls-platform-verifier = "0.5.0"
+rustls-native-certs = "0.8.0"
 schemars = { version = "0.8", features = ["impl_json_schema", "indexmap2"] }
 semver = "1.0"
 serde = { version = "1.0", features = ["derive", "rc"] }

crates/client/Cargo.toml

@@ -33,6 +33,8 @@ postage.workspace = true
 rand.workspace = true
 release_channel.workspace = true
 rpc = { workspace = true, features = ["gpui"] }
+rustls-native-certs.workspace = true
+rustls.workspace = true
 schemars.workspace = true
 serde.workspace = true
 serde_json.workspace = true

crates/client/src/client.rs

@@ -146,6 +146,8 @@ pub fn init_settings(cx: &mut App) {
 }
 
 pub fn init(client: &Arc<Client>, cx: &mut App) {
+    let _ = rustls::crypto::aws_lc_rs::default_provider().install_default();
+
     let client = Arc::downgrade(client);
     cx.on_action({
         let client = client.clone();
@@ -1124,11 +1126,24 @@ impl Client {
 
             match url_scheme {
                 Https => {
+                    let client_config = {
+                        let mut root_store = rustls::RootCertStore::empty();
+
+                        let root_certs = rustls_native_certs::load_native_certs();
+                        for error in root_certs.errors {
+                            log::warn!("error loading native certs: {:?}", error);
+                        }
+                        root_store.add_parsable_certificates(root_certs.certs);
+                        rustls::ClientConfig::builder()
+                            .with_root_certificates(root_store)
+                            .with_no_client_auth()
+                    };
+
                     let (stream, _) =
                         async_tungstenite::async_tls::client_async_tls_with_connector(
                             request,
                             stream,
-                            Some(http_client::tls_config().into()),
+                            Some(client_config.into()),
                         )
                         .await?;
                     Ok(Connection::new(

crates/http_client/Cargo.toml

@@ -25,5 +25,3 @@ log.workspace = true
 serde.workspace = true
 serde_json.workspace = true
 url.workspace = true
-rustls.workspace = true
-rustls-platform-verifier.workspace = true

crates/http_client/src/http_client.rs

@@ -8,33 +8,14 @@ pub use http::{self, Method, Request, Response, StatusCode, Uri};
 
 use futures::future::BoxFuture;
 use http::request::Builder;
-use rustls::ClientConfig;
-use rustls_platform_verifier::ConfigVerifierExt;
 #[cfg(feature = "test-support")]
 use std::fmt;
 use std::{
     any::type_name,
-    sync::{Arc, Mutex, OnceLock},
+    sync::{Arc, Mutex},
 };
 pub use url::Url;
 
-static TLS_CONFIG: OnceLock<rustls::ClientConfig> = OnceLock::new();
-
-pub fn tls_config() -> ClientConfig {
-    TLS_CONFIG
-        .get_or_init(|| {
-            // rustls uses the `aws_lc_rs` provider by default
-            // This only errors if the default provider has already
-            // been installed. We can ignore this `Result`.
-            rustls::crypto::aws_lc_rs::default_provider()
-                .install_default()
-                .ok();
-
-            ClientConfig::with_platform_verifier()
-        })
-        .clone()
-}
-
 #[derive(Default, Debug, Clone, PartialEq, Eq, Hash)]
 pub enum RedirectPolicy {
     #[default]

crates/reqwest_client/src/reqwest_client.rs

@@ -51,10 +51,7 @@ impl ReqwestClient {
         }) {
             client = client.proxy(proxy);
         }
-
-        let client = client
-            .use_preconfigured_tls(http_client::tls_config())
-            .build()?;
+        let client = client.build()?;
         let mut client: ReqwestClient = client.into();
         client.proxy = proxy;
         Ok(client)