$ rustls-native-certs

v0.8.4

rustls-native-certs allows rustls to use the platform native certificate store

Downloads: 397.7M

Recent: 103.4M

Versions: 23

Updated: June 1, 2026

Latest Update Summary

Crate

Name: rustls-native-certs New version: 0.8.2 Release date: 2025-10-15T08:12:49Z

Crate readme

Short description rustls-native-certs allows rustls to use the platform's native certificate store when operating as a TLS client.

Long description This library exposes a single function to load the root certificates found on the platform, which it supports on Windows, macOS, and Linux. It checks the SSL_CERT_FILE environment variable first before loading certificates from the system certificate store, keychain, or system CA bundle. The function can be expensive, hence it should be called sparingly.

Features • Supports Windows, macOS, and Linux platforms • Uses schannel to access Windows certificate store APIs • Uses security-framework to access macOS keystore APIs • Uses openssl-probe to discover system CA bundle on Linux

Code Examples Basic usage

 pub fn load_native_certs() -> Result<Vec<pki_types::CertificateDer<'static>>, std::io::Error>

Links • https://github.com/rustls/rustls • https://github.com/rustls/rustls-platform-verifier • https://github.com/rustls/rustls-native-certs/releases • https://github.com/steffengy/schannel-rs • https://github.com/kornelski/rust-security-framework • https://github.com/alexcrichton/openssl-probe • https://github.com/rustls/rustls-native-certs/pull/169 • https://github.com/rustls/rustls-native-certs/pull/187 • https://github.com/rustls/rustls-native-certs/pull/186 • https://github.com/rustls/rustls-native-certs/pull/189

https://api.github.com/repos/rustls/rustls-native-certs/releases/254603029

Release info

Release version: 0.8.2

Release description In version 0.8.2, several important changes were introduced. A new interface, load_certs_from_path(), was added (see pull request #169). Additionally, a fix was implemented to handle cases where SSL_CERT_DIR contains multiple paths (refer to pull request #187). Improvements were made to the CertificateResult::expect() function, which now utilizes track_caller (as noted in pull request #186). Furthermore, the version 0.8.2 removed the requirement for hash-based filenames (see pull request #189). These updates enhance the functionality and flexibility of the certificate handling in the library.

Code Examples New load_certs_from_path() interface

load_certs_from_path(path);

Fix handling multiple paths in SSL_CERT_DIR

let cert_dir = env::var("SSL_CERT_DIR").unwrap();
let paths: Vec<&str> = cert_dir.split(':').collect();

track_caller with CertificateResult::expect()

let result = CertificateResult::expect();

Removed hash-based filename requirements

// No longer require hash-based filenames
let filename = "cert.pem";

Patch update: 0.8.3 → 0.8.4

$ DOWNLOADS TREND

197.1M397.7M

$ VERSION HISTORY

v0.8.4June 1, 2026

v0.8.3December 29, 2025

v0.8.2October 15, 2025

v0.8.1November 21, 2024

$ LINKS

crates.io →Repository →

$ INSTALL

cargo add rustls-native-certs

Or add to Cargo.toml: rustls-native-certs = "0.8.4"

← Back to all crates