2021-07-09 13:06:06 -07:00
|
|
|
use {
|
|
|
|
std::{fs::File, io::Read},
|
|
|
|
tonic::transport::Certificate,
|
|
|
|
};
|
2020-07-17 13:36:11 -07:00
|
|
|
|
|
|
|
pub fn load() -> Result<Certificate, String> {
|
|
|
|
// Respect the standard GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable if present,
|
|
|
|
// otherwise use the built-in root certificate
|
|
|
|
let pem = match std::env::var("GRPC_DEFAULT_SSL_ROOTS_FILE_PATH").ok() {
|
|
|
|
Some(cert_file) => File::open(&cert_file)
|
|
|
|
.and_then(|mut file| {
|
|
|
|
let mut pem = Vec::new();
|
|
|
|
file.read_to_end(&mut pem).map(|_| pem)
|
|
|
|
})
|
|
|
|
.map_err(|err| format!("Failed to read {}: {}", cert_file, err))?,
|
|
|
|
None => {
|
|
|
|
// PEM file from Google Trust Services (https://pki.goog/roots.pem)
|
|
|
|
include_bytes!("pki-goog-roots.pem").to_vec()
|
|
|
|
}
|
|
|
|
};
|
|
|
|
Ok(Certificate::from_pem(&pem))
|
|
|
|
}
|