diff --git a/kube-client/src/client/auth/oauth.rs b/kube-client/src/client/auth/oauth.rs index 4363f6775..0def2f39d 100644 --- a/kube-client/src/client/auth/oauth.rs +++ b/kube-client/src/client/auth/oauth.rs @@ -118,13 +118,19 @@ impl Gcp { // Current TLS feature precedence when more than one are set: // 1. rustls-tls // 2. openssl-tls - #[cfg(feature = "rustls-tls")] + #[cfg(all(feature = "rustls-tls", not(feature = "webpki-roots")))] let https = hyper_rustls::HttpsConnectorBuilder::new() .with_native_roots() .map_err(Error::NoValidNativeRootCA)? .https_only() .enable_http1() .build(); + #[cfg(all(feature = "rustls-tls", feature = "webpki-roots"))] + let https = hyper_rustls::HttpsConnectorBuilder::new() + .with_webpki_roots() + .https_only() + .enable_http1() + .build(); #[cfg(all(not(feature = "rustls-tls"), feature = "openssl-tls"))] let https = hyper_openssl::HttpsConnector::new().map_err(Error::CreateOpensslHttpsConnector)?; diff --git a/kube-client/src/client/auth/oidc.rs b/kube-client/src/client/auth/oidc.rs index ecd8364e6..820dbf701 100644 --- a/kube-client/src/client/auth/oidc.rs +++ b/kube-client/src/client/auth/oidc.rs @@ -313,13 +313,19 @@ impl Refresher { .install_default() .unwrap(); - #[cfg(feature = "rustls-tls")] + #[cfg(all(feature = "rustls-tls", not(feature = "webpki-roots")))] let https = hyper_rustls::HttpsConnectorBuilder::new() .with_native_roots() .map_err(|_| errors::RefreshInitError::NoValidNativeRootCA)? .https_only() .enable_http1() .build(); + #[cfg(all(feature = "rustls-tls", feature = "webpki-roots"))] + let https = hyper_rustls::HttpsConnectorBuilder::new() + .with_webpki_roots() + .https_only() + .enable_http1() + .build(); #[cfg(all(not(feature = "rustls-tls"), feature = "openssl-tls"))] let https = hyper_openssl::HttpsConnector::new()?;