ca-bundle option

[hinrichd]

Hi,

In AWS CLI, I can use the —ca-bundle option to use a non-public CA for my S3 endpoint.

I was wondering if there’s a similar option for STU, or if I can even inject CA certificates into STU somewhere else?

Until then, I will get an connection error:
2026-03-17 15:41:42.596427092 +01:00 Failed to load objects: DispatchFailure(DispatchFailure { source: ConnectorError { kind: Io, source: hyper_util::client::legacy::Error(Connect, Custom { kind: Other, error: Custom { kind: InvalidData, error: InvalidCertificate(BadSignature) } }), connection: Unknown } })

Thank you

[lusingander]

Thank you for the report.

The ca_bundle profile setting or the AWS_CA_BUNDLE environment variable might be usable, but I haven't verified them, so it's unclear if they work correctly.

In either case, it seems reasonable to add a --ca-bundle option similar to the one in AWS CLI.

[lusingander]

awslabs/aws-sdk-rust#1286

[hinrichd]

I have tested both ca_bundle settings from config file as also environment var and they do not work in stu but do in aws cli!

[lusingander]

Thanks for the checking. Sorry about that, it looks like it needs some fixing...