Merge pull request #354 from CBenoit/fix-error-on-bad-root-cert

Gracefully handle invalid native root certificates
pull/356/head
Daniel Abramov 2 years ago committed by GitHub
commit 371f823044
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 12
      src/tls.rs

@ -104,11 +104,13 @@ mod encryption {
#[cfg(feature = "rustls-tls-native-roots")] #[cfg(feature = "rustls-tls-native-roots")]
{ {
for cert in rustls_native_certs::load_native_certs()? { let native_certs = rustls_native_certs::load_native_certs()?;
root_store let der_certs: Vec<Vec<u8>> =
.add(&rustls::Certificate(cert.0)) native_certs.into_iter().map(|cert| cert.0).collect();
.map_err(TlsError::Rustls)?; let total_number = der_certs.len();
} let (number_added, number_ignored) =
root_store.add_parsable_certificates(&der_certs);
log::debug!("Added {number_added}/{total_number} native root certificates (ignored {number_ignored})");
} }
#[cfg(feature = "rustls-tls-webpki-roots")] #[cfg(feature = "rustls-tls-webpki-roots")]
{ {

Loading…
Cancel
Save