Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

object_store: native certs, w/o webpki-roots #4870

Closed
crepererum opened this issue Sep 27, 2023 · 2 comments · Fixed by #5056
Closed

object_store: native certs, w/o webpki-roots #4870

crepererum opened this issue Sep 27, 2023 · 2 comments · Fixed by #5056
Labels
enhancement Any new improvement worthy of a entry in the changelog

Comments

@crepererum
Copy link
Contributor

Is your feature request related to a problem or challenge? Please describe what you are trying to do.
I would like to be able to build a version of object_store that uses the OS-native CA root system and NOT bundle CAs. This has the following advantages:

  • some server environments use custom CAs
  • webpki-roots is MPL-2.0 licensed which might not be desired for certain projects

Note that using builtin roots should still be an option since some users may prefer that.

Describe the solution you'd like
Have feature flags that toggle between reqwest/rustls-tls-native-roots and reqwest/rustls-tls-webpki-roots. Do NOT use reqwest/rustls-tls which selects reqwest/rustls-tls-webpki-roots.

Describe alternatives you've considered
-

Additional context
-
@crepererum crepererum added the enhancement Any new improvement worthy of a entry in the changelog label Sep 27, 2023
@jonas-w
Copy link

jonas-w commented Sep 29, 2023

This also seems to be creating issues with pola-rs. Can't use it to access some endpoints that have use a self signed/internal certificate.

crepererum added a commit to crepererum/arrow-rs that referenced this issue Nov 2, 2023
@crepererum
refactor: feature-switch for object_store CA certs
bee01ff 
Closes apache#4870.
@crepererum crepererum mentioned this issue Nov 2, 2023
Closed
crepererum added a commit to crepererum/arrow-rs that referenced this issue Nov 2, 2023
@crepererum
refactor: feature-switch for object_store CA certs
fd609f0 
Closes apache#4870.
crepererum added a commit to crepererum/arrow-rs that referenced this issue Nov 2, 2023
@crepererum
refactor: feature-switch for object_store CA certs
b59341f 
Closes apache#4870.
crepererum added a commit to crepererum/arrow-rs that referenced this issue Nov 2, 2023
@crepererum
refactor: feature-switch for object_store CA certs
304cfb0 
Closes apache#4870.
crepererum added a commit to crepererum/arrow-rs that referenced this issue Nov 2, 2023
@crepererum
refactor: feature-switch for object_store CA certs
bb9edbd 
Closes apache#4870.
crepererum added a commit to crepererum/arrow-rs that referenced this issue Nov 2, 2023
@crepererum
refactor: feature-switch for object_store CA certs
089f4cd 
Closes apache#4870.
@tustvold
Copy link
Contributor

tustvold commented Nov 2, 2023

Can't use it to access some endpoints that have use a self signed/internal certificate

I've filed #5034 for this use-case, as I believe it slightly different to this ticket

crepererum added a commit to crepererum/arrow-rs that referenced this issue Nov 8, 2023
@crepererum
refactor: change object_store CA handling
8b642ae 
Closes apache#4870.
@crepererum crepererum mentioned this issue Nov 8, 2023
Merged
crepererum added a commit that referenced this issue Nov 8, 2023
@crepererum
refactor: change object_store CA handling (#5056)
0cb30bb 
Closes #4870.
@wjones127 wjones127 mentioned this issue Jan 25, 2024
Open
@tustvold tustvold mentioned this issue Sep 27, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Any new improvement worthy of a entry in the changelog
Projects
None yet
Milestone
No milestone
3 participants
@crepererum @tustvold @jonas-w