-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
finding corrupted certificate on MacOS Catalina #15
Comments
I have also received a report of the same error in my project when run in Mac OS 10.14.6: My project uses |
You can use a forked version of the library and add some extra debug printing here to figure out which cert is rejected. |
I think we just encountered this error, but on Windows. From what I can see, if there is any invalid certificates on your system it simply bails out with an error. This seems unintuitive because this is exactly the kind of library likely to be buried deep in other frameworks, where the end user will probably not understand the problem nor have any means to rectify. But perhaps I'm missing something? I'd be open to submitting a PR if there were suggestions around dealing with this. |
Looking into the Rustls code, it appears it's essentially expected that some certs in the store will be invalid. The parsing code contains a method with the comments:
That's the method that should probably be used internally so that invalid certs are skipped. |
I've written a sample app to parse my OS cert store in two different ways: one the way that The
The sample app is here: https://github.com/adamrodger/rustls-native-certs-error I've attached the cert here just in case you want to use it for testing:
|
In current main, rustls-native-certs no longer tries to parse the trust roots it finds, so parsing the roots and handling any errors is left to user code. |
I just looked at the code and if I'm not mistaken Can you please point me to what you mean? (I'm on mobile so perhaps I've mislooked). |
It returns a |
Ah I see, it loads the platform specific function (not the one in lib.rs). So I think we can resolve in reqwest directly then. |
I think so, yes. |
Based on the discussion above I believe this issue can be closed. If I'm mistaken please comment and we can reopen for further discussion. |
Hi! First of all, I'm no rust programmer or anything, I just want a thing that depends on a thing that depends on your thing to start to work so...
There was this problem mimblewimble/grin-wallet#554 and I traced it down to this https://github.com/ctz/hyper-rustls/blob/5a30ca520ab382bdeb06ba37a1401b6f5aeb971f/src/connector.rs#L42
I suspect it is one of my certificates that breaks it. I wanted to make something similar to what has been done here #4 (comment) which is, write a code snipped that shows which certificate breaks, I just have one that reproduces the problem
is there any chance I can detect which certificate breaks it, then I can remove it / update it / whatever and world can become a happy place once again?
Thanks in advance!
The text was updated successfully, but these errors were encountered: