client: NoneVerifier UnknownIssuer instead of BadSignature

The `NoneVerifier` that's used by default if a rustls client config
builder is built without a verifier being specified was configured to
return `Error::InvalidCertificate(CertificateError::BadSignature` from
all of its trait methods.

This commit updates the `verify_server_cert` trait method to instead
return `Error::InvalidCertificate(CertificateError::UnknownIssuer)`.
This will better match what would happen if you configured an empty root
certificate store with a real verifier and is perhaps less confusing to
debug than an error indicating a cryptographic signature validation
error.

Author: cpu

src/client.rs

@@ -76,7 +76,7 @@ impl ServerCertVerifier for NoneVerifier {
         _now: UnixTime,
     ) -> Result<ServerCertVerified, rustls::Error> {
         Err(rustls::Error::InvalidCertificate(
-            CertificateError::BadSignature,
+            CertificateError::UnknownIssuer,
         ))
     }