You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Just because a root certificate is in the built-in iOS/macOS trust store doesn't mean that it is trusted. Apple applies additional constraints via configuration updates to maintain a high-level of security. See https://support.apple.com/HT212865 for more detail.
It seems like this might be hinting that the approach taken by rustls-native-certs (and other libraries) is not valid/safe. This is something we already know from previous discussions.
I'm not sure what could reasonably be done other than deprecating this crate on macOS (and Windows) and replacing it with custom verification logic that uses the OS-provided APIs. I have done this at $work and we are open to open sourcing it.
The text was updated successfully, but these errors were encountered:
It sounds pretty clear that invoking OS verification APIs is the correct path forwards; I'd love to have a crate that does that to recommend for use with quinn.
From https://twitter.com/BasileBailey/status/1494801237694300161:
It seems like this might be hinting that the approach taken by rustls-native-certs (and other libraries) is not valid/safe. This is something we already know from previous discussions.
I'm not sure what could reasonably be done other than deprecating this crate on macOS (and Windows) and replacing it with custom verification logic that uses the OS-provided APIs. I have done this at $work and we are open to open sourcing it.
The text was updated successfully, but these errors were encountered: