Custom SSL certificate #386
Comments
|
You'll need to add dependencies on rustls and rustls-native-certs (with the "rustls" feature). Call load_native_certs to get a Then, build a Phew, we should document all this! :-) |
|
Thanks for the information and yes some documentation or an example would be very nice.
…Sent from my iPhone
On May 11, 2021, at 12:15 PM, Jacob Hoffman-Andrews ***@***.***> wrote:
You'll need to add dependencies on rustls and rustls-native-certs (with the "rustls" feature). Call load_native_certs to get a RootCertStore, then create a ClientConfig with that RootCertStore.
Then, build a ureq agent with the tls_config set to that RootCertStore.
Phew, we should document all this! :-)
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
I followed the information about and rustls reads the Linux system certificates and works as expected. However, on windows it does not read the computer trust certificates and fails https with unknown issuer. Are there any special steps for windows? |
|
No special steps on Windows as far as I know - rustls-native-certs should load from the platform certificate store. It's been a while since I added a custom root on Windows, so there might be some subtleties I'm forgetting - maybe you added the root just for one user or one context? Does the added root work with other software, e.g. OpenSSL? |
|
I added the root certificate on windows at the computer level. Normal windows programs such as MSEdge use it, along with c++ programs using the native windows WinHttp apis, and Golang programs work too with the custom certificate. |
|
When using windows development environment with rls and navigating to definition, it looks like rustls-native-certs on windows it loading in unix.rs instead of windows.rs. Although maybe that is an rls issue? |
|
hm, that seems like a potential issue. Are you using WSL? I'm not sure under what environments Rust / rustls-native-certs will build for Windows vs unix. |
|
I am not using WSL. I am running on Windows Server 2019 and rust 1.52.1 MSVC. |
|
That's in rustls' DangerousClientConfig, specifically |
|
I set the config option you specified and that allowed me to work around the problem on windows. However, moving forward, how do we get the underlying bug addressed on windows? Should I open an issue on rustls? |
|
I think I figured out some more on the issue. rustls-native-cers in windows.rs only adds certs from the current user, whereas my custom certificate is stored in the local computer level. |
|
Created issue rustls/rustls-native-certs#22 to track underlying bug. |
|
Thanks for digging into this! I think from the ureq side this is done. Feel free to reopen. |
I am looking at using ureq 2.X on x64 Linux and Windows. How do I add in custom SSL certificates for ureq?
I have the custom SSL certificates added into the system stores on both Linux and Windows and curl, which uses openssl, loads the certificates correctly. However, from reading the documentation of ureq, it does not use openssl so what steps do I need to take to add in the certificates?
The text was updated successfully, but these errors were encountered: