Supporting system root certificates and a custom root certificate with ureq v3

[michaeljones]

Thank you for kindly creating, publishing and maintaining ureq, we've found it very useful as a non-async http client.

In ureq 2.9.7, we had the following code for a tool that needed to support requests to generally trusted servers (via the OS's cert store) and also to support the option of custom certificates provided by the user. Via native-tls.

 let mut builder = native_tls::TlsConnector::builder(); 
  
 // add custom certs 
 for cert in certificates { 
     let native_cert = native_tls::Certificate::from_der(&cert)?; 
     builder.add_root_certificate(native_cert); 
 } 
  
 let client_config = builder.build()?; 
  
 let http_agent = ureq::AgentBuilder::new() 
     .tls_connector(Arc::new(client_config)) 
     .build(); 

With ureq v3, it would seem that we can either use RootCerts::PlatformVerifier or RootCerts::Specific. For our use case, do you recommend using something like rustls_native_certs::load_native_certs to load the certificates, add any custom ones and then use RootCerts::Specific?

It seems reasonable as I type it out, but I wanted to check if that seems like the best route?

[algesten]

Thanks for you kind words!

The solution you propose sounds exactly right for your use case. RootCerts::Specific would be the way to go.

I'm interested in hearing how it goes!