Unable to parse CA trust store PEM file of ubuntu

[fmartinsons]

Hello,

I'm currently want to try the new API from_pem_bundle with the embedded ca store bundle on my ubuntu 22.04 (/etc/ssl/certs/ca-certificates.crt) but didn't manage to.

With this simple program (tested with reqwest 0.11.24)

use std::io::Read;
use std::result::Result;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let mut cert_bundle_buffer = Vec::new();
    std::fs::File::open("/etc/ssl/certs/ca-certificates.crt")?.read_to_end(&mut cert_bundle_buffer)?;
    match reqwest::Certificate::from_pem_bundle(&cert_bundle_buffer) {
        Ok(certs) => {
            for cert in certs {
                println!("add root cert {:?} ", cert);
            }
        },
        Err(e) => {
            println!("Cannot parse cert bundle file: {e}");
        }
    }
    Ok(())
}

I have

Cannot parse cert bundle file: builder error: error:0480006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:763:Expecting: CERTIFICATE

Openssl command manage to parse this bundle and find 137 certificates:

openssl storeutl -noout -text -certs /etc/ssl/certs/ca-certificates.crt

Do you know if this expected, am I missing some feature that must be enabled on the crate ?

[seanmonstar]

Do you know @gibbz00?

[fmartinsons]

I think the issue is the usage of from_pem methods since rustlfs_pemfile::certs that is used under the hood return der encoded certificates , not pem .

I'll open a PR but maybe I misunderstood the usage of this method ( Edit: #2126 )

[gibbz00]

Hi, I'll take a look at this during the weekend. Quite busy with work right now, sorry :/

[gibbz00]

@fmartinsons I saw your PR and you're right. My sincere apologies. I sent in a PR myself that but this time with a test too. Hope that's ok. #2129

[fmartinsons]

Yep, that's ok.
I'll then close my PR.
Thanks

[gibbz00]

Awesome, thank you so much for reporting and solving this issue🤗