Function shared_native_trust_anchors 

pub fn shared_native_trust_anchors() -> Arc<[CertificateDer<'static>]> 

Available on crate features crypto and native-certs only.

Returns the cached, process-wide default trust anchors used by rama tls clients (both the rustls and boring backends consume these).

On first call this loads the platform’s native certificate store via load_native_certs (honoring SSL_CERT_FILE/SSL_CERT_DIR). If the native store yields no certificates, a warning is logged and the bundled webpki roots (bundled_root_certs) are used instead so that clients on minimal systems (e.g. distroless containers) still have a sane default.

The result is cached for the lifetime of the process: the (potentially expensive) native read happens at most once.