Allow specification of trusted certificates / CAs

[reg0bs]

First and foremost: Thanks for sharing sshx and huge respect for what you've built here!

I'm running my own sshx server and it gets a certificate by an internal (private) CA. This leads to the sshx client not accepting the cert, because it seems it brings a list of CAs with it using a rust package.

So, it would be nice to be able to specify a file or folder with certificates of CAs (aka trust store) that should be trusted by the sshx client additionally or instead of the ones included, similar to the --cacert option in curl or many others.

Thanks!

[shumvgolove]

Hey!

While this would be great addition, in the meantime you could recompile sshx binary with tls-roots feature, which will lookup OS ca-bundles following sshx setup section here: #27

[ekzhang]

Thank you for the suggestion! It's really helpful to know more about how you'd like to use it.

I might not get to this for a while -- officially, only the sshx.io server cluster that I maintain is supported for the time being. That one uses public CAs, hence the bundling of Mozilla's webpki-roots list. Trying to make this rock-solid first!