Upgrade rustls

crates/http/Cargo.toml

@@ -23,7 +23,7 @@ hyper-rustls = { version = "0.25.0", features = ["http1", "http2"], default-feat
 once_cell = "1.18.0"
 opentelemetry.workspace = true
 rustls = { version = "0.22.2", optional = true }
-rustls-native-certs = { version = "0.6.3", optional = true }
+rustls-native-certs = { version = "0.7.0", optional = true }
 serde.workspace = true
 serde_json.workspace = true
 serde_urlencoded = "0.7.1"

crates/http/src/client.rs

@@ -75,15 +75,11 @@ async fn tls_roots() -> Result<rustls::RootCertStore, NativeRootsInitError> {
 #[cfg(feature = "webpki-roots")]
 #[allow(clippy::unused_async)]
 async fn tls_roots() -> Result<rustls::RootCertStore, Infallible> {
-    let mut roots = rustls::RootCertStore::empty();
-    roots.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| {
-        rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
-            ta.subject,
-            ta.spki,
-            ta.name_constraints,
-        )
-    }));
-    Ok(roots)
+    let root_store = rustls::RootCertStore {
+        roots: webpki_roots::TLS_SERVER_ROOTS.to_vec(),
+    };
+
+    Ok(root_store)
 }
 
 #[cfg(feature = "native-roots")]
@@ -131,7 +127,6 @@ pub enum NativeRootsLoadError {
 async fn make_tls_config() -> Result<rustls::ClientConfig, ClientInitError> {
     let roots = tls_roots().await?;
     let tls_config = rustls::ClientConfig::builder()
-        .with_safe_defaults()
         .with_root_certificates(roots)
         .with_no_client_auth();