forked/reqwest-impersonate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Log instead of error MissingOrMalformedExtensions in rustls_native_certs::load_native_certs (#1316)

Browse Source
This commit is contained in:
Tjeu Kayim
2022-01-27 19:57:52 +01:00
committed by GitHub
parent d3ffb27bdb
commit d92d2aa3ce
1 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/async_impl/client.rs
View File

@@ -346,12 +346,31 @@ impl ClientBuilder {
#[cfg(feature = "rustls-tls-native-roots")] #[cfg(feature = "rustls-tls-native-roots")]
if config.tls_built_in_root_certs { if config.tls_built_in_root_certs {
let mut valid_count = 0;
let mut invalid_count = 0;
for cert in rustls_native_certs::load_native_certs() for cert in rustls_native_certs::load_native_certs()
.map_err(crate::error::builder)? .map_err(crate::error::builder)?
{ {
root_cert_store let cert = rustls::Certificate(cert.0);
.add(&rustls::Certificate(cert.0)) // Continue on parsing errors, as native stores often include ancient or syntactically
.map_err(crate::error::builder)? // invalid certificates, like root certificates without any X509 extensions.
// Inspiration: https://github.com/rustls/rustls/blob/633bf4ba9d9521a95f68766d04c22e2b01e68318/rustls/src/anchors.rs#L105-L112
match root_cert_store.add(&cert) {
Ok(_) => valid_count += 1,
Err(err) => {
invalid_count += 1;
log::warn!(
"rustls failed to parse DER certificate {:?} {:?}",
&err,
&cert
);
}
}
}
if valid_count == 0 && invalid_count > 0 {
return Err(crate::error::builder(
"zero valid certificates found in native root store",
));
} }
} }