From 3368315581950a8caad39d1e757e939d15161994 Mon Sep 17 00:00:00 2001 From: Manoj Badam Date: Sat, 7 Mar 2026 21:19:30 -0800 Subject: [PATCH] fix: use native OS certificate store for TLS Switch reqwest from `rustls-tls` (bundled Mozilla roots via webpki-roots) to `rustls-tls-native-roots` so the CLI trusts custom/corporate CA certificates installed in the system trust store. This fixes TLS handshake failures in enterprise environments that use internal certificate authorities. --- .changeset/use-native-tls-roots.md | 8 ++++++++ Cargo.lock | 12 +----------- Cargo.toml | 2 +- 3 files changed, 10 insertions(+), 12 deletions(-) create mode 100644 .changeset/use-native-tls-roots.md diff --git a/.changeset/use-native-tls-roots.md b/.changeset/use-native-tls-roots.md new file mode 100644 index 00000000..52e55cb2 --- /dev/null +++ b/.changeset/use-native-tls-roots.md @@ -0,0 +1,8 @@ +--- +"@googleworkspace/cli": patch +--- + +Switch reqwest TLS from bundled Mozilla roots to native OS certificate store + +This allows the CLI to trust custom or corporate CA certificates installed +in the system trust store, fixing TLS errors in enterprise environments. diff --git a/Cargo.lock b/Cargo.lock index b0719494..c857df1d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1020,7 +1020,6 @@ dependencies = [ "tokio", "tokio-rustls", "tower-service", - "webpki-roots", ] [[package]] @@ -2019,6 +2018,7 @@ dependencies = [ "pin-project-lite", "quinn", "rustls", + "rustls-native-certs", "rustls-pki-types", "serde", "serde_json", @@ -2035,7 +2035,6 @@ dependencies = [ "wasm-bindgen-futures", "wasm-streams", "web-sys", - "webpki-roots", ] [[package]] @@ -3034,15 +3033,6 @@ dependencies = [ "wasm-bindgen", ] -[[package]] -name = "webpki-roots" -version = "1.0.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22cfaf3c063993ff62e73cb4311efde4db1efb31ab78a3e5c457939ad5cc0bed" -dependencies = [ - "rustls-pki-types", -] - [[package]] name = "wezterm-bidi" version = "0.2.3" diff --git a/Cargo.toml b/Cargo.toml index 706efaef..07fe2f44 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -38,7 +38,7 @@ clap = { version = "4", features = ["derive", "string"] } dirs = "5" dotenvy = "0.15" hostname = "0.4" -reqwest = { version = "0.12", features = ["json", "stream", "rustls-tls"], default-features = false } +reqwest = { version = "0.12", features = ["json", "stream", "rustls-tls-native-roots"], default-features = false } rand = "0.8" serde = { version = "1", features = ["derive"] } serde_json = "1"