allow ureq to use native certificate store #393
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This introduces a passthrough of the
native-certs
feature flag ofureq
, which allows the http client to load the OS certificate store.Motivation and Context
Currently,
rspotify
always uses thewebpki-roots
certificates, when used withureq
, which makes it impossible to use e.g. self-signed certificates.Type of change
Please delete options that are not relevant.
How has this been tested?
I ran the non-modifying tests with a proxy sniffing the HTTPS traffic, which failed with
ureq-rustls-tls
and passed withureq-rustls-tls-native-certs
(since I added the used cert to the OS store).Is this change properly documented?
I added the feature flag to one place in the documentation. Are there ones that I missed?
Additional notes
In theory, there's also a
native-tls
feature flag forureq
, but that requires creating anative-tls::TlsConnector
. This can fail, which I don't know how to handle within theDefault
implementation, so I didn't do that for now. If you've got ideas how this could be done, I'll happily implement that.