Can't npins init because of certifcates #110
Comments
|
Npins does nothing fancy but a simple HTTP GET request. Given that you are using custom certificates, the most plausible explanation for the difference in behavior is that curl uses a different certificate store. Npins uses the rustls library for SSL, maybe the upstream documentation can tell which lookup chain for CA stores it uses and how to modify it. |
|
Shouldn't it be the client code that sets the appropriate root certificate store ? I see in the "Getting started" section of the documentation [1] let root_store = rustls::RootCertStore::from_iter(
webpki_roots::TLS_SERVER_ROOTS
.iter()
.cloned(),
);so it seems to me there should be a call to that method somewhere that could be looking for the machine-wide certificates (or some other one) rather than the certificates of Mozilla. Note that I'm no expert in network programming so I may be completely wrong. [1] https://docs.rs/rustls/latest/rustls/?search=certificate#getting-started |
|
Aha ! I see there's a library called |
The problem
Running
npins initreturnsExpected behaviour
Doing other internet requests work, such as
curl -L https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz > /dev/null, so I would expect npins to work as well. If there's a variable or a parameter to set, I would expect the program to indicate that here.Environment
The text was updated successfully, but these errors were encountered: