Closed cyang1 closed 4 years ago
@sfackler would you have a chance to take another look at this?
Thanks!
On android, the system certificates are still loaded even if this flag is set to true since the function loading android system certificates is called later.
Implements a way to distrust the system cert store on all backends.
trust_anchor_certificates_only
.verify_callback
that manually checks that the root cert exists in the user-specified root certs.X509Store
with the user-specified root certs and sets it withset_verify_cert_store
. This is the one I'm least sure about -- it is probably more correct to avoid callingset_default_verify_paths
, but that currently happens on builder construction, and moving where that happens might be a breaking change (asset_default_verify_paths
reads environment variables, which are set process-wide).Closes #41.