[PR #393] [MERGED] allow ureq to use native certificate store #432

New issue

Closed

opened 2026-02-27 20:24:43 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 20:24:43 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/ramsayleung/rspotify/pull/393
Author: @eladyn
Created: 3/9/2023
Status: ✅ Merged
Merged: 3/10/2023
Merged by: @ramsayleung

Base: master ← Head: ureq_native_certs

📝 Commits (3)

8f4e694 add ureq-rustls-tls-native-certs feature
788a654 document new feature flag
277ba46 update changelog

📊 Changes

4 files changed (+4 additions, -0 deletions)

View changed files

📝 CHANGELOG.md (+1 -0)
📝 Cargo.toml (+1 -0)
📝 rspotify-http/Cargo.toml (+1 -0)
📝 src/lib.rs (+1 -0)

📄 Description

Description

This introduces a passthrough of the native-certs feature flag of ureq, which allows the http client to load the OS certificate store.

Motivation and Context

Currently, rspotify always uses the webpki-roots certificates, when used with ureq, which makes it impossible to use e.g. self-signed certificates.

Type of change

Please delete options that are not relevant.

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Breaking change (fix or feature that would cause existing functionality to not work as expected)
This change requires a documentation update

How has this been tested?

I ran the non-modifying tests with a proxy sniffing the HTTPS traffic, which failed with ureq-rustls-tls and passed with ureq-rustls-tls-native-certs (since I added the used cert to the OS store).

Is this change properly documented?

I added the feature flag to one place in the documentation. Are there ones that I missed?

Additional notes

In theory, there's also a native-tls feature flag for ureq, but that requires creating a native-tls::TlsConnector. This can fail, which I don't know how to handle within the Default implementation, so I didn't do that for now. If you've got ideas how this could be done, I'll happily implement that.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ramsayleung/rspotify/pull/393 **Author:** [@eladyn](https://github.com/eladyn) **Created:** 3/9/2023 **Status:** ✅ Merged **Merged:** 3/10/2023 **Merged by:** [@ramsayleung](https://github.com/ramsayleung) **Base:** `master` ← **Head:** `ureq_native_certs` --- ### 📝 Commits (3) - [`8f4e694`](https://github.com/ramsayleung/rspotify/commit/8f4e694b43e52ec0bd7e9263ebc818dab62d841c) add ureq-rustls-tls-native-certs feature - [`788a654`](https://github.com/ramsayleung/rspotify/commit/788a654f6395f67bfd2c085023919507e584b87b) document new feature flag - [`277ba46`](https://github.com/ramsayleung/rspotify/commit/277ba46d6c86818d4e967cff0b864e12274ecc4a) update changelog ### 📊 Changes **4 files changed** (+4 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `CHANGELOG.md` (+1 -0) 📝 `Cargo.toml` (+1 -0) 📝 `rspotify-http/Cargo.toml` (+1 -0) 📝 `src/lib.rs` (+1 -0) </details> ### 📄 Description ## Description This introduces a passthrough of the `native-certs` feature flag of `ureq`, which allows the http client to load the OS certificate store. ## Motivation and Context Currently, `rspotify` always uses the `webpki-roots` certificates, when used with `ureq`, which makes it impossible to use e.g. self-signed certificates. ## Type of change Please delete options that are not relevant. - [ ] Bug fix (non-breaking change which fixes an issue) - [X] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) - [X] This change requires a documentation update ## How has this been tested? I ran the non-modifying tests with a proxy sniffing the HTTPS traffic, which failed with `ureq-rustls-tls` and passed with `ureq-rustls-tls-native-certs` (since I added the used cert to the OS store). ## Is this change properly documented? I added the feature flag to one place in the documentation. Are there ones that I missed? ## Additional notes In theory, there's also a `native-tls` feature flag for `ureq`, but that requires creating a [`native-tls::TlsConnector`](https://docs.rs/native-tls/latest/native_tls/struct.TlsConnector.html). This can fail, which I don't know how to handle within the `Default` implementation, so I didn't do that for now. If you've got ideas how this could be done, I'll happily implement that. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>