fix: tls config overwrite in endpoint

vigneshwar-sm-11323 · vigneshwar-sm-11323 · commit a1677780cad7 · 2025-04-11T19:48:52.000+05:30
PR hyperium#1866 fixed the breaking change introduced in hyperium#1731, but resets the `tls_config` instead of adding the tls roots to existing config. This patch resolves the regression and also restores expected behaviour.
diff --git a/tonic/src/transport/channel/endpoint.rs b/tonic/src/transport/channel/endpoint.rs
@@ -60,12 +60,6 @@ impl Endpoint {
         D::Error: Into<crate::BoxError>,
     {
         let me = dst.try_into().map_err(|e| Error::from_source(e.into()))?;
-        #[cfg(feature = "_tls-any")]
-        if let EndpointType::Uri(uri) = &me.uri {
-            if uri.scheme() == Some(&http::uri::Scheme::HTTPS) {
-                return me.tls_config(ClientTlsConfig::new().with_enabled_roots());
-            }
-        }
         Ok(me)
     }
 
@@ -332,14 +326,22 @@ impl Endpoint {
     #[cfg(feature = "_tls-any")]
     pub fn tls_config(self, tls_config: ClientTlsConfig) -> Result<Self, Error> {
         match &self.uri {
-            EndpointType::Uri(uri) => Ok(Endpoint {
-                tls: Some(
-                    tls_config
-                        .into_tls_connector(uri)
-                        .map_err(Error::from_source)?,
-                ),
-                ..self
-            }),
+            EndpointType::Uri(uri) => {
+                let mut tls_config = tls_config;
+                #[cfg(feature = "_tls-any")]
+                if uri.scheme() == Some(&http::uri::Scheme::HTTPS) {
+                    tls_config = tls_config.with_enabled_roots();
+                }
+                
+                Ok(Endpoint {
+                    tls: Some(
+                        tls_config
+                            .into_tls_connector(uri)
+                            .map_err(Error::from_source)?,
+                    ),
+                    ..self
+                })
+            }
             EndpointType::Uds(_) => Err(Error::new(error::Kind::InvalidTlsConfigForUds)),
         }
     }
diff --git a/tonic/src/transport/channel/tls.rs b/tonic/src/transport/channel/tls.rs
@@ -113,11 +113,13 @@ impl ClientTlsConfig {
 
     /// Activates all TLS roots enabled through `tls-*-roots` feature flags
     pub fn with_enabled_roots(self) -> Self {
-        let config = ClientTlsConfig::new();
+        let config = self;
+        
         #[cfg(feature = "tls-native-roots")]
         let config = config.with_native_roots();
         #[cfg(feature = "tls-webpki-roots")]
         let config = config.with_webpki_roots();
+        
         config
     }
 
