Tectu
commented
2 years ago Unfortunately, I have not yet located a viable alternative to certify. That is the sole reason why malloy still ships with it.
I do have to say that certify worked reasonably well so far. Despite the obligatory warnings in the readme, malloy is used in production by several projects (both server and client components). So far, I have not heard any stories about issues surrounding certify.
If you have a better option/proposal to replace certify, I'd be very happy to discuss those.
About a year ago, I did invest some time looking into this with the intention of creating our own library for this task but it basically boiled down to re-writing certify which seemed to make little sense back then.
A very low-priority task in the pipeline is to expose the necessary interfaces as native malloy API so users can put their own cert store loading code in there (potentially with certify as a default).
DragonOsman
I read that the author of the Certify library isn't taking care of it anymore because of complications that arise in asynchronous code. So I wanted to ask this here: did you manage to find a good alternative way to get certs from the root cert store under that kind of situation? I'm asking because I also need a good cross-platform way to do this. Right now my code relies on wincrypt and I'd like to make it portable because I want to work on Linux as well. Here's my current code for this, for reference.