Module native_certs
Available on crate features
crypto and native-certs only.Expand description
Load the platform’s native certificate store (system trust chain) in a
tls-implementation agnostic way, as pki_types certificates.
The certificates returned here can be fed into any tls backend (e.g.
rustls or boring), which is why this lives in rama-crypto rather than
in one of the tls backend crates.
The main entry points are:
shared_native_trust_anchors: the cached, process-wide default trust anchors used by rama tls clients. Loads the native store once; if nothing is found it warns and falls back to the bundled webpki roots.load_native_certs: a one-shot (uncached) read of the platform store, for callers that want to manage caching/merging themselves.bundled_root_certs: the bundled Mozilla (CCADB) root certificates used as the fallback.
§Attribution
The platform readers and SSL_CERT_FILE/SSL_CERT_DIR handling are an
adapted fork of rustls-native-certs (Apache-2.0 OR ISC OR MIT), with the
pending permission-skip fix folded in and the public surface
reshaped around rama’s pki_types re-export, error and tracing
conventions.
Structs§
- Certificate
Result - Results from trying to load certificates from the platform’s native store.
- Error
- An error encountered while loading certificates from the platform store.
Enums§
- Error
Kind - The kinds of errors that can occur while loading native certificates.
Functions§
- bundled_
root_ certs - The bundled Mozilla (CCADB) root certificates, used as the fallback by
shared_native_trust_anchorsand available for explicit use. - load_
certs_ from_ paths - Load certificates from the given paths.
- load_
native_ certs - Load root certificates found in the platform’s native certificate store.
- shared_
native_ trust_ anchors - Returns the cached, process-wide default trust anchors used by rama tls
clients (both the
rustlsandboringbackends consume these).