oci-client: allow using native cert store with rustls

Xynnn007 · Xynnn007 · commit c39c519dd99b · 2025-02-18T17:25:27.000+08:00
The feature oci-client/rustls-tls-native-roots allows the client to
read platform's native certificate store when using rustls suites.

This useful when self-signed registry is used and the certs are loaded
in the platform's trusted CA by commands like update-ca-certificates.

Signed-off-by: Xynnn007 &lt;xynnn@linux.alibaba.com&gt;
diff --git a/Cargo.toml b/Cargo.toml
@@ -59,6 +59,10 @@ sigstore-trust-root = [
 sigstore-trust-root-native-tls = ["reqwest/native-tls", "sigstore-trust-root"]
 sigstore-trust-root-rustls-tls = ["reqwest/rustls-tls", "sigstore-trust-root"]
 
+# This feature flag is used to allow using the platform's native certificate store
+# when using rustls suites
+rustls-tls-native-roots = ["oci-client/rustls-tls-native-roots"]
+
 cosign-native-tls = [
   "oci-client/native-tls",
   "cert",
