Only enable native roots if CA override not specified (#1007)

Author: Sushisource

client/src/lib.rs

@@ -607,11 +607,13 @@ impl ClientOptions {
     /// Passes it through if TLS options not set.
     async fn add_tls_to_channel(&self, mut channel: Endpoint) -> Result<Endpoint, ClientInitError> {
         if let Some(tls_cfg) = &self.tls_cfg {
-            let mut tls = tonic::transport::ClientTlsConfig::new().with_native_roots();
+            let mut tls = tonic::transport::ClientTlsConfig::new();
 
             if let Some(root_cert) = &tls_cfg.server_root_ca_cert {
                 let server_root_ca_cert = Certificate::from_pem(root_cert);
                 tls = tls.ca_certificate(server_root_ca_cert);
+            } else {
+                tls = tls.with_native_roots();
             }
 
             if let Some(domain) = &tls_cfg.domain {