Description
As a heads up, there's an advisory in progress for openssl_probe (rustsec/advisory-db#2209). As native-tls is one of the largest consumers, it will likely be necessary to switch to an alternate way of specifying the OpenSSL trust roots to the SSL contexts.
I believe that this can be done using X509_LOOKUP_ctrl which is not currently exposed in the openssl crate, but forms the basis of how the root store can be configured to read from various directories.
https://docs.rs/openssl-sys/latest/openssl_sys/fn.X509_LOOKUP_ctrl.html
http://man.openbsd.org/X509_LOOKUP_new.3#X509_LOOKUP_add_dir
I believe this crate would first need to call the probe methods (which don't change the environment), and then configure each new connector using the https://docs.rs/openssl/latest/openssl/ssl/struct.SslContextBuilder.html#method.cert_store_mut method.
https://github.com/sfackler/rust-native-tls/blob/master/src/imp/openssl.rs#L277
This might be worth punting to https://github.com/sfackler/rust-openssl for some initial work to add the necessary safe APIs, though I don't think it would be required immediately.