-
Notifications
You must be signed in to change notification settings - Fork 37
/
Copy pathset_root_cert_store.rs
81 lines (69 loc) · 2.13 KB
/
set_root_cert_store.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
use rquest::Client;
use rquest::{Error, X509Store, X509StoreBuilder, X509};
use std::sync::LazyLock;
#[tokio::main]
async fn main() -> Result<(), rquest::Error> {
tracing_subscriber::fmt()
.with_max_level(tracing::Level::TRACE)
.init();
use_static_root_certs().await?;
use_dynamic_root_certs().await?;
Ok(())
}
/// Loads statically the root certificates from the webpki certificate store.
fn load_static_root_certs() -> Option<&'static X509Store> {
static CERT_STORE: LazyLock<Result<X509Store, Error>> = LazyLock::new(|| {
let mut cert_store = X509StoreBuilder::new()?;
for cert in webpki_root_certs::TLS_SERVER_ROOT_CERTS {
let cert = X509::from_der(&*cert)?;
cert_store.add_cert(cert)?;
}
Ok(cert_store.build())
});
match CERT_STORE.as_ref() {
Ok(cert_store) => {
log::info!("Loaded root certs");
Some(cert_store)
}
Err(err) => {
log::error!("Failed to load root certs: {:?}", err);
None
}
}
}
/// Loads dynamically the root certificates from the native certificate store.
fn load_dynamic_root_certs() -> Result<X509Store, Error> {
let mut cert_store = X509StoreBuilder::new()?;
for cert in rustls_native_certs::load_native_certs().certs {
let cert = X509::from_der(&cert)?;
cert_store.add_cert(cert)?;
}
log::info!("Loaded dynamic root certs");
Ok(cert_store.build())
}
async fn use_static_root_certs() -> Result<(), rquest::Error> {
let client = Client::builder()
.root_cert_store(load_static_root_certs)
.build()?;
let text = client
.get("https://tls.peet.ws/api/all")
.send()
.await?
.text()
.await?;
println!("{}", text);
Ok(())
}
async fn use_dynamic_root_certs() -> Result<(), rquest::Error> {
let client = Client::builder()
.root_cert_store(load_dynamic_root_certs()?)
.build()?;
let text = client
.get("https://tls.peet.ws/api/all")
.send()
.await?
.text()
.await?;
println!("{}", text);
Ok(())
}