Add support for multiple CA certificates

[dv-ds]

[Edited to reflect behaviour for DER as well, and to clarify a little what the desired functionality is.]

From https://docs.rs/mysql/20.0.1/mysql/struct.SslOpts.html#method.with_root_cert_path : "If you have multiple certificates in a .pem file, only the first one will be loaded." (Out of date? I get a TlsError in this case: "One or more parameters passed to a function were not valid.")

For a DER bundle, I get a TlsHandshakeError: "The certificate was not trusted." It would appear to me that some changes have been made in the native-tls crate since this bit in the mysql crate documentation was written.

The IT architecture for one of our customers however was designed with the understanding that cross-region (AWS) DB connections should be supported. Therefore we are keen to use bundle files, like those that AWS provides.

I can see that you're using add_root_certificate ( https://docs.rs/native-tls/0.2.4/native_tls/struct.TlsConnectorBuilder.html#method.add_root_certificate ) behind the scenes, but I see no way of accessing that functionality via the mysql crate as its API revolves around a single CA certificate.

Would it be possible for you to add support for specifying multiple CA certs and / or a bundle file?

Thank you in advance!

[blackbeam]

@dv-ds, hi!

Sorry for delay. Could you please try this branch with multiple pem certs in single file?

[dv-ds]

Tested PEM bundle on Linux and looks OK with that branch!