Add path probing for modern RHEL-based systems.

On these systems `/etc/pki/tls/certs/ca-bundle.crt` is provided as a
legacy mechanism and isn't updated with system-wide installed roots
by default. This behavior can be changed by running `update-ca-trust
enable` but it would be better to just use the correct path. See
https://www.unix.com/man-page/centos/8/update-ca-trust/ for details.

Note that the legacy path still exists, so the new path needs to
come before it in the search order.
This commit is contained in:
Jethro Beekman
2017-12-12 11:10:35 -08:00
parent e3035a35e7
commit f9174c95c7
+2
View File
@@ -22,6 +22,7 @@ pub fn find_certs_dirs() -> Vec<PathBuf> {
"/usr/lib/ssl",
"/usr/ssl",
"/etc/openssl",
"/etc/pki/ca-trust/extracted/pem",
"/etc/pki/tls",
"/etc/ssl",
"/data/data/com.termux/files/usr/etc/tls",
@@ -66,6 +67,7 @@ pub fn probe() -> ProbeResult {
"certs/ca-root-nss.crt",
"certs/ca-bundle.crt",
"CARootCertificates.pem",
"tls-ca-bundle.pem",
].iter() {
try(&mut result.cert_file, certs_dir.join(cert));
}