config: avoid overriding native store root with SSL_CERT_FILE env

BiagioFesta · Oct 5, 2023 · 2f9054a · 2f9054a
1 parent b9e7e4d
commit 2f9054a
Showing 1 changed file with 32 additions and 0 deletions.
diff --git a/wtransport/src/config.rs b/wtransport/src/config.rs
@@ -568,6 +568,8 @@ impl ClientConfigBuilder<WantsRootStore> {
     fn native_cert_store() -> RootCertStore {
         let mut root_store = RootCertStore::empty();
 
+        let _var_restore_guard = utils::remove_var_tmp("SSL_CERT_FILE");
+
         match rustls_native_certs::load_native_certs() {
             Ok(certs) => {
                 for c in certs {
@@ -706,3 +708,33 @@ mod dangerous_configuration {
         }
     }
 }
+
+mod utils {
+    use std::env;
+    use std::ffi::OsStr;
+    use std::ffi::OsString;
+
+    pub struct VarRestoreGuard {
+        key: OsString,
+        value: Option<OsString>,
+    }
+
+    impl Drop for VarRestoreGuard {
+        fn drop(&mut self) {
+            if let Some(value) = self.value.take() {
+                env::set_var(self.key.clone(), value)
+            }
+        }
+    }
+
+    pub fn remove_var_tmp<K: AsRef<OsStr>>(key: K) -> VarRestoreGuard {
+        let value = env::var_os(key.as_ref());
+
+        env::remove_var(key.as_ref());
+
+        VarRestoreGuard {
+            key: key.as_ref().to_os_string(),
+            value,
+        }
+    }
+}