Iterator of all certificate files

[charlespierce]

Hi! I'm looking into a downstream issue where a user is having trouble getting their corporate root certificate to work in my project. I believe I've narrowed it down to the same root cause as rustls/rustls-native-certs#28: Namely that probe() short-circuits as soon as it finds a matching certificate file and so it doesn't find the custom file that was installed in one of the lower-precedence directories / filenames.

I'm not too familiar with the specific behaviors, however based on the suggestion in that issue (to aggregate all possible certificate files), would it make sense to provide an API for iterating over all the existing certificate files in precedence order? Currently the directories are exposed, but the files within those directories are an internal detail of probe().

I'm happy to do the work of submitting a PR, however I want to check up-front if that's something that even makes sense, or if there's a better way to make sure the custom certificates are detected? For reference, the end user's custom certificate works perfectly within other utilities like wget, curl, etc., it's only within a Rust app using rustls-native-certs (which in turn relies on openssl-probe) that things are not working. So I believe something in the process is not quite matching the behavior of other programs as far as detecting the appropriate root certificates.

[djc]

@charlespierce is this is still an issue for you? The rustls team recently took over maintenance of this crate and we're re-organizing things a bit in #41. There's also discussion on FreeBSD specifically in #39.

[charlespierce]

Hi @djc, thanks for checking! I'm not actually sure if this is still an issue given the fixes / changes you linked. I haven't had much time to maintain the project that kicked this issue off for me, so I think given the age and the changes that have happened in the interim, it's safe to close this until/unless it comes up for someone else.