rustls-native-certs
rustls-native-certs copied to clipboard
Integration with OS certificate stores for rustls
I think we can look at how chromium is implemented. https://github.com/chromium/chromium/blob/master/net/cert/cert_verify_proc_android.cc https://github.com/chromium/chromium/blob/master/net/cert/cert_verify_proc_ios.cc
From https://twitter.com/BasileBailey/status/1494801237694300161: > Just because a root certificate is in the built-in iOS/macOS trust store doesn't mean that it is trusted. Apple applies additional constraints via configuration updates to maintain...
In general, root programs maintain both a trust store and a platform verifier, and the behavior of the two is linked. Distrusts may be implemented first in the verifier (subject...
Loading native certs on OS X takes 300ms: ```rust use std::time::SystemTime; fn main() { let now = SystemTime::now(); let https = rustls_native_certs::load_native_certs(); println!("{:?}", now.elapsed()); } ``` ``` Finished release [optimized...
Hi! First of all, I'm no rust programmer or anything, I just want a thing that depends on a thing that depends on your thing to start to work so......
I have a FreeBSD 13 system and I have uploaded my custom certs into /usr/local/share/certs/ca-root-nss.crt which allows OOTB curl to work. However, Rust programs (ex: rustup-init) built using rustls-native-certs do...
Current code in windows.rs only loads certificates from the user store: https://github.com/ctz/rustls-native-certs/blob/main/src/windows.rs#L19 In our use case, we push certificates group Group Policy into the computer store. Would also recommend querying...
It would be helpful to know if a certificate has been shipped by the OS, or was installed by the user or the administrator. This unlocks two use cases: *...
In addition to loading CA bundles, openssl also supports a [Hashed Directory Method](https://www.openssl.org/docs/man1.1.0/man3/X509_LOOKUP_hash_dir.html) - with this method, openssl looks in the CA Directory for a file named after the hash...