Skip to content

Commit

Permalink
feat: allow multiple trust certs in cert file
Browse files Browse the repository at this point in the history
The `.ssl_cert_file()` option now can read files with multiple
certificate to trust. This is useful when using a single client instance
to access many minio servers.
  • Loading branch information
donatello committed Oct 25, 2024
1 parent b254b2f commit 3ad9d6d
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 5 deletions.
2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ os_info = "3.7.0"
percent-encoding = "2.3.0"
rand = { version = "0.8.5", features = ["small_rng"] }
regex = "1.9.4"
reqwest = { version = "0.12.5", features = ["native-tls", "blocking", "rustls-tls", "stream"] }
reqwest = { version = "0.12.8", features = ["stream"] }
serde = { version = "1.0.188", features = ["derive"] }
serde_json = "1.0.105"
sha2 = "0.10.7"
Expand Down
12 changes: 8 additions & 4 deletions src/s3/client.rs
Original file line number Diff line number Diff line change
Expand Up @@ -91,13 +91,15 @@ impl ClientBuilder {
self
}

/// Set file for loading a trust certificate.
/// Set file for loading CAs certs to trust. This is in addition to the system
/// trust store. The file must contain PEM encoded certificates.
pub fn ssl_cert_file(mut self, ssl_cert_file: Option<&Path>) -> Self {
self.ssl_cert_file = ssl_cert_file.map(PathBuf::from);
self
}

/// Set flag to ignore certificate check.
/// Set flag to ignore certificate check. This is insecure and should only
/// be used for testing.
pub fn ignore_cert_check(mut self, ignore_cert_check: Option<bool>) -> Self {
self.ignore_cert_check = ignore_cert_check;
self
Expand Down Expand Up @@ -127,8 +129,10 @@ impl ClientBuilder {
if let Some(v) = self.ssl_cert_file {
let mut buf = Vec::new();
File::open(v)?.read_to_end(&mut buf)?;
let cert = reqwest::Certificate::from_pem(&buf)?;
builder = builder.add_root_certificate(cert);
let certs = reqwest::Certificate::from_pem_bundle(&buf)?;
for cert in certs {
builder = builder.add_root_certificate(cert);
}
}

let client = builder.build()?;
Expand Down

0 comments on commit 3ad9d6d

Please sign in to comment.