with_native_roots: Restore robustness to unparseable certs

rustls-native-certs used to filter out invalid certs on Unix, where certs are parsed from PEM files. rustls/rustls-native-certs#26 changed it to passing them unparsed. Now that hyper-rustls does the parsing, keep being robust to invalid certs. Implementation modified from rustls::RootCertStore::add_parsable_certificates, which cannot be used directly due to a newtype in rustls-native-certs.
rustls · Oct 18, 2021 · 344d493 · 344d493
1 parent 6bc647f
commit 344d493
Showing 1 changed file with 16 additions and 2 deletions.
diff --git a/src/config.rs b/src/config.rs
@@ -23,11 +23,25 @@ impl ConfigBuilderExt for ConfigBuilder<ClientConfig, WantsVerifier> {
     #[cfg_attr(docsrs, doc(cfg(feature = "rustls-native-certs")))]
     fn with_native_roots(self) -> ClientConfig {
         let mut roots = rustls::RootCertStore::empty();
+        let mut valid_count = 0;
+        let mut invalid_count = 0;
+
         for cert in rustls_native_certs::load_native_certs().expect("could not load platform certs")
         {
-            roots.add(&rustls::Certificate(cert.0)).unwrap();
+            let cert = rustls::Certificate(cert.0);
+            match roots.add(&cert) {
+                Ok(_) => valid_count += 1,
+                Err(err) => {
+                    log::trace!("invalid cert der {:?}", cert.0);
+                    log::debug!("certificate parsing failed: {:?}", err);
+                    invalid_count += 1
+                }
+            }
         }
-
+        log::debug!(
+            "with_native_roots processed {} valid and {} invalid certs",
+            valid_count, invalid_count
+        );
         assert!(!roots.is_empty(), "no CA certificates found");
 
         self.with_root_certificates(roots).with_no_client_auth()