mirror of
https://github.com/openharmony/third_party_rust_openssl-probe.git
synced 2026-07-01 10:18:23 -04:00
Add path probing for modern RHEL-based systems.
On these systems `/etc/pki/tls/certs/ca-bundle.crt` is provided as a legacy mechanism and isn't updated with system-wide installed roots by default. This behavior can be changed by running `update-ca-trust enable` but it would be better to just use the correct path. See https://www.unix.com/man-page/centos/8/update-ca-trust/ for details. Note that the legacy path still exists, so the new path needs to come before it in the search order.
This commit is contained in:
@@ -22,6 +22,7 @@ pub fn find_certs_dirs() -> Vec<PathBuf> {
|
||||
"/usr/lib/ssl",
|
||||
"/usr/ssl",
|
||||
"/etc/openssl",
|
||||
"/etc/pki/ca-trust/extracted/pem",
|
||||
"/etc/pki/tls",
|
||||
"/etc/ssl",
|
||||
"/data/data/com.termux/files/usr/etc/tls",
|
||||
@@ -66,6 +67,7 @@ pub fn probe() -> ProbeResult {
|
||||
"certs/ca-root-nss.crt",
|
||||
"certs/ca-bundle.crt",
|
||||
"CARootCertificates.pem",
|
||||
"tls-ca-bundle.pem",
|
||||
].iter() {
|
||||
try(&mut result.cert_file, certs_dir.join(cert));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user