Possible FreeBSD certificate detection failure

[rami3l]

Hello there! After the Rustup team's recent attempt to migrate to rustls-platform-verifier (rust-lang/rustup#3903) we have noticed a CI regression as follows:

error: could not download file from 'https://static.rust-lang.org/rustup/release-stable.toml' to '/tmp/rustup-update68roIr/release-stable.toml': failed to make network request: error sending request for url (https://static.rust-lang.org/rustup/release-stable.toml): client error (Connect): received fatal alert: DecodeError

I'm not sure what this DecodeError is. Could it be X.509-related?
rust-lang/rustup#3908 (comment)

Interestingly enough, before the migration we have used reqwest's integration of rustls-native-certs v0.7.0 and it didn't fail:

Before (d85502ca):

> cargo tree -i webpki-roots --target=x86_64-unknown-freebsd
error: package ID specification `webpki-roots` did not match any packages

> cargo tree -i rustls-native-certs --target=x86_64-unknown-freebsd
rustls-native-certs v0.7.0
└── reqwest v0.12.4
    └── download v1.27.1
        └── rustup v1.27.1

After (f48df22e):

> cargo tree -i webpki-roots --target=x86_64-unknown-freebsd
warning: nothing to print.

> cargo tree -i rustls-native-certs --target=x86_64-unknown-freebsd
rustls-native-certs v0.7.0
└── rustls-platform-verifier v0.3.1
    └── download v1.27.1
        └── rustup v1.27.1

rust-lang/rustup#3908 (comment)

---

Comparing the usage of rustls_native_certs::load_native_certs in reqwest and rustls-platform-verifier, I have noticed that here this function is under a guard that is disabled on FreeBSD (rust-lang/rustup#3908 (comment)):

rustls-platform-verifier/rustls-platform-verifier/src/verification/others.rs

Lines 118 to 119 in 2b3bfbe

	#[cfg(all(target_os = "linux", not(target_arch = "wasm32")))]
	match rustls_native_certs::load_native_certs() {

Could this be a mistake of some sort? Does it have something to do with the snippet below?

rustls-platform-verifier/rustls-platform-verifier/Cargo.toml

Lines 51 to 53 in 2b3bfbe

	# BSD targets require webpki-roots for the real-world verification tests.
	[target.'cfg(target_os = "freebsd")'.dev-dependencies]
	webpki-roots = "0.26"

Many thanks in advance!

[ctz]

rustls-platform-verifier/rustls-platform-verifier/src/verification/others.rs

Lines 118 to 119 in 2b3bfbe

	#[cfg(all(target_os = "linux", not(target_arch = "wasm32")))]
	match rustls_native_certs::load_native_certs() {

I guess this should be equivalent to the cfg expression that adds the dependency on rustls-native-certs in the first place.

rustls-platform-verifier/rustls-platform-verifier/Cargo.toml

Lines 51 to 53 in 2b3bfbe

	# BSD targets require webpki-roots for the real-world verification tests.
	[target.'cfg(target_os = "freebsd")'.dev-dependencies]
	webpki-roots = "0.26"

We should probably remove this once rustls/rustls-native-certs#28 is addressed, and also alter our freebsd CI job so it doesn't accidentally work around that bug by installing curl.

[rami3l]

I guess this should be equivalent to the cfg expression that adds the dependency on rustls-native-certs in the first place.

@ctz Thanks! I've started an experiment in rust-lang/rustup#3912 to see whether your proposed changes do the job.

Update: It works! I've made #105.