Hardcoded webpki root certs make using an internal ACME CA impossible

[csarn]

In https_helper.rs, you have hardcoded the root certificates that the https client will accept. I'm running my own internal CA (https://smallstep.com/), which also offers the ACME protocol. But to be able to use it, I need rustls-acme to allow modification of the trusted root certificates, i.e. by loading the certs installed on the system.

[FlorianUekermann]

Thanks for bringing this up. I agree that loading custom roots is an important feature. But I'm not sure I like the PR yet.

What do you think about adding adding the option to supply any RootCertStore to the config. That should cover more cases, avoid the feature flag, remove the additional dependency and avoid the reliance on environment details (which certs are installed) inside the crate.

Does that make sense?

[csarn]

Yews this makes sense, I also thought about that. But for now I just went with the easiest local fix I could do, which also has the benefit of not changing the interface.

But I'll try to redo this with user-provided RootCertStore.

[FlorianUekermann]

If you want to send a PR yourself let me know. Otherwise I can implement this myself.

[csarn]

I don't need to implement this myself, if you find the time to do this, I'd be more than happy :)