| use openssl_probe; |
| use rustls::RootCertStore; |
| use std::io::{Error, ErrorKind}; |
| use std::io::BufReader; |
| use std::fs::File; |
| use std::path::Path; |
| |
| use crate::PartialResult; |
| |
| fn load_file(store: &mut RootCertStore, path: &Path) -> Result<(), Error> { |
| let f = File::open(&path)?; |
| let mut f = BufReader::new(f); |
| if store.add_pem_file(&mut f).is_err() { |
| Err(Error::new(ErrorKind::InvalidData, |
| format!("Could not load PEM file {:?}", path))) |
| } else { |
| Ok(()) |
| } |
| } |
| |
| /// Loads root certificates found in the platform's native certificate |
| /// store. |
| /// |
| /// On success, this returns a `rustls::RootCertStore` loaded with a |
| /// snapshop of the root certificates found on this platform. This |
| /// function fails in a platform-specific way, expressed in a `std::io::Error`. |
| /// It may produce partial output. |
| /// |
| /// This function can be expensive: on some platforms it involves loading |
| /// and parsing a ~300KB disk file. It's therefore prudent to call |
| /// this sparingly. |
| pub fn load_native_certs() -> PartialResult<RootCertStore, Error> { |
| let likely_locations = openssl_probe::probe(); |
| let mut store = RootCertStore::empty(); |
| let mut first_error = None; |
| |
| if let Some(file) = likely_locations.cert_file { |
| match load_file(&mut store, &file) { |
| Err(err) => { |
| first_error = first_error.or_else(|| Some(err)); |
| } |
| _ => {} |
| } |
| } |
| |
| if let Some(err) = first_error { |
| if store.is_empty() { |
| Err((None, err)) |
| } else { |
| Err((Some(store), err)) |
| } |
| } else { |
| Ok(store) |
| } |
| } |
