Hi! I'm looking into a downstream issue where a user is having trouble getting their corporate root certificate to work in my project. I believe I've narrowed it down to the same root cause as https://github.com/rustls/rustls-native-certs/issues/28: Namely that probe() short-circuits as soon as it finds a matching certificate file and so it doesn't find the custom file that was installed in one of the lower-precedence directories / filenames.
I'm not too familiar with the specific behaviors, however based on the suggestion in that issue (to aggregate all possible certificate files), would it make sense to provide an API for iterating over all the existing certificate files in precedence order? Currently the directories are exposed, but the files within those directories are an internal detail of probe().
I'm happy to do the work of submitting a PR, however I want to check up-front if that's something that even makes sense, or if there's a better way to make sure the custom certificates are detected? For reference, the end user's custom certificate works perfectly within other utilities like wget, curl, etc., it's only within a Rust app using rustls-native-certs (which in turn relies on openssl-probe) that things are not working. So I believe something in the process is not quite matching the behavior of other programs as far as detecting the appropriate root certificates.
Hi! I'm looking into a downstream issue where a user is having trouble getting their corporate root certificate to work in my project. I believe I've narrowed it down to the same root cause as https://github.com/rustls/rustls-native-certs/issues/28: Namely that
probe()short-circuits as soon as it finds a matching certificate file and so it doesn't find the custom file that was installed in one of the lower-precedence directories / filenames.I'm not too familiar with the specific behaviors, however based on the suggestion in that issue (to aggregate all possible certificate files), would it make sense to provide an API for iterating over all the existing certificate files in precedence order? Currently the directories are exposed, but the files within those directories are an internal detail of
probe().I'm happy to do the work of submitting a PR, however I want to check up-front if that's something that even makes sense, or if there's a better way to make sure the custom certificates are detected? For reference, the end user's custom certificate works perfectly within other utilities like
wget,curl, etc., it's only within a Rust app usingrustls-native-certs(which in turn relies onopenssl-probe) that things are not working. So I believe something in the process is not quite matching the behavior of other programs as far as detecting the appropriate root certificates.