Feature hyper-rustls requires dynamically linked CA certificates

Question

Feature hyper-rustls requires dynamically linked CA certificates

Closed this issue 4 years ago · 2 comments

Even if I add egg-mode like this:

egg-mode = { version = "0.14", features = ["hyper-rustls"], default-features = false }

I run into the following errors:

WARN rustls::session            > Sending fatal alert BadCertificate
ERROR server::error             > Network error: error trying to connect: invalid certificate: UnknownIssuer

I figured out that hyper-rustls started to use rustls-native-certs from v18.

How can it be fixed without adding CA certs to the root?

Answer 1 · 2020-06-10T17:22:13.000Z

It looks like hyper-rustls version 0.20 introduced a webpki-tokio feature to use compiled-in root certificates from webpki-roots instead of rustls-native-certs. We could expose that feature in egg-mode to allow you to use those certificates instead of using the root certs on your system. I'll give this a shot and add it in if it works.

Answer 2 · 2020-06-10T17:47:21.000Z

Update: i got it working locally, so i've opened #95 to enable this. I'll make sure to merge it before cutting the next release with the raw stuff in it.