-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't use a self-signed certificate without using danger_accept_invalid_certs #1554
Comments
I don't know what the exact reason is, but sounds like something to file with the rustls repo. |
I am facing the exact same issue @mrcz. Did you figure out how to fix it? If so, can you share your solution here? |
No sorry, I did not solve it. |
I was having a similar issue where when using cURL to query the server everything was working as expected, but I was getting the error
unless I created the client by setting I solved it by changing the feature to |
Not too sure if it helps, but on my end I have no issue in using something like the following:
I do not think that using |
Thanks for helping out, however I tried again now, and I still get |
Oh wait, I re-read your initial issue more carefully. In my case it is not a self-signed certificate, it is a certificate signed by a self-signed chain, and I pass the chain. Sorry for the noise, it probably won't solve anything for you unless you have at least one level of signature so to speak. my code snippet should read more like:
|
FWIW, I also got this error
but I got this while running my code in a container on google cloud run. Installing ca-certificates in my container fixed it
|
Using the `rustls-tls-native-roots` feature seanmonstar/reqwest#1554
Using the `rustls-tls-native-roots` feature seanmonstar/reqwest#1554
Closes #1474 Using the `rustls-tls-native-roots` feature > `rustls-tls`: Enables TLS functionality provided by rustls. Equivalent to rustls-tls-webpki-roots. > > `rustls-tls-webpki-roots`: Enables TLS functionality provided by rustls, while using root certificates from the webpki-roots crate. > > `rustls-tls-native-roots`: Enables TLS functionality provided by rustls, while using root certificates from the rustls-native-certs crate. Additional context: - seanmonstar/reqwest#1554 - encode/httpx#302 - [Should I use the native certs or webpki-roots?](https://github.com/rustls/rustls-native-certs#should-i-use-this-or-webpki-roots) Prior discussion at #609
I have the same issue.
Using it from scala works:
But I cannot get it work with Here is the details of the certificate:
If someone has an idea. I'd rather not using |
When I used the self-signed certificate created by Rancher script, all things is ok. ClientBuilder::new()
.use_rustls_tls()
.add_root_certificate(get_root_cert(get_test_dir().join("pebble/certs/pebble.minica.pem")))
.add_root_certificate(get_root_cert(get_test_dir().join("cert/cacerts.pem")))
.build() When I use Let's Encrypt Pebble to create certificate, it would have problems: openssl s_client -showcerts -CAfile ./pebble.minica.pem -servername local.fornetcode.com -connect local.fornetcode.com:8443 What'more, I use The fail CI job is here: https://github.com/ForNetCode/spa-server/actions/runs/9725549520/job/26843000105 |
To allow self-signed certificates. See seanmonstar/reqwest#1554 (comment).
I'm trying to POST to an external http server which uses a self signed certificate. I have put this certificate in a PEM file that I read using Certificate::from_pem and pass to Client::builder(). This worked on macOS using native TLS, but after I switched to rustls-tls I need to also call (on both macOS and Linux):
Why is this? I don't want to accept invalid certificates, just trust the provided server certificate. (There is no chain of certificates, just one)
The error I get is:
source: hyper::Error(Connect, Custom { kind: Other, error: Custom { kind: InvalidData, error: InvalidCertificateData("invalid peer certificate: UnknownIssuer") } })
The text was updated successfully, but these errors were encountered: