fragile loading of native certs on MacOS with tls-roots #519
Comments
NAlexPear
added a commit
to NAlexPear/tonic
that referenced
this issue
Jan 1, 2021
Instead of failing and bailing when a bad cert is found, ignore one-off errors for bad certs and continue to load the rest of the store. These one-off errors mostly affect MacOS users, as found in this rustls-native-certs issue: rustls/rustls-native-certs#4 Fixes: hyperium#519
LucioFranco
pushed a commit
that referenced
this issue
Jan 7, 2021
Instead of failing and bailing when a bad cert is found, ignore one-off errors for bad certs and continue to load the rest of the store. These one-off errors mostly affect MacOS users, as found in this rustls-native-certs issue: rustls/rustls-native-certs#4 Fixes: #519
This was referenced Mar 18, 2021
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug Report
When using the
tls-rootsfeature, many MacOS users will run into this issue.Version
Platform
Linux (Arch, btw)
Crates
tonic(specifically this line)Description
Failure to parse a cert can happen for a variety of reasons, some of which are outlined in that thread. But failure to parse a single cert from the MacOS Trust Record should not result in failing to load any cert at all if there are other trusted certs in the store.
Prescription
tonicshould use the best-effort strategy described in this comment on the previous thread and implemented inhyper-rustls. Happy to make a PR for this if it would get merged!The text was updated successfully, but these errors were encountered: