You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've searched the issue tracker for similar requests
Is your feature request related to a problem? Please describe.
There is currently a proliferation of Cargo features in downstream libraries to determine the set of trusted roots using webpki-roots and rustls-native-certs. We've recently also added the rustls-platform-verifier option, which will probably make this worse (before it potentially eventually makes things better?).
Describe the solution you'd like
Given that we now have the process default method for crypto providers, perhaps it could make sense to do something similar for the server certificate verifier? It seems likely to me that processes would like to use the same server certificate verification across all uses of rustls clients.
The text was updated successfully, but these errors were encountered:
I'd love to see this happen, so that people can set policy in one place, and not continuously chase down random crates that have their own (varying) policies.
I've spent a lot of time sending PRs to projects that hardcode the use of rustls-native-certs, trying to add Cargo features and code branches. :)
Checklist
Is your feature request related to a problem? Please describe.
There is currently a proliferation of Cargo features in downstream libraries to determine the set of trusted roots using webpki-roots and rustls-native-certs. We've recently also added the rustls-platform-verifier option, which will probably make this worse (before it potentially eventually makes things better?).
Describe the solution you'd like
Given that we now have the process default method for crypto providers, perhaps it could make sense to do something similar for the server certificate verifier? It seems likely to me that processes would like to use the same server certificate verification across all uses of rustls clients.
The text was updated successfully, but these errors were encountered: