Hi!
It's clear to me how to enable the rustls feature flag in various libs. But how am I supposed to add a custom certificate chain as .pem file to this setup?
I am baking on top of a https://github.com/GoogleContainerTools/distroless image.
Has this to be done on the OS level or Rust code wise in my project?
Thanks
Do you mean custom roots for the client's verification of the server certificate?
Yes exactly, within a corporate environment.
You can use the rustls-pemfile crate to get DER from PEM, then call https://docs.rs/rustls/latest/rustls/struct.RootCertStore.html#method.add and pass the RootCertStore to https://docs.rs/rustls/latest/rustls/struct.ConfigBuilder.html#method.with_root_certificates.
Thanks for the hint. Is that then a global config that does not need to be injected further anymore?
The ConfigBuilder setup ends up in a ClientConfig type, an Arc<ClientConfig> needs to be passed into any ClientConnections (depending on how what libraries you're using) you want to set up. If you want to, I can review your changes.
