Componentpedia / Listings / rustls-native-certs

Last update: 06/05/2026

rustls-native-certs

Integration with OS certificate stores for rustls

Latest version: 0.8.3 registry icon
Maintenance score
100
Safety score
100
Popularity score
77
Check your open source dependency risks. Get immediate insight about security, stability and licensing risks.
De-risk your app now
Security
  Vulnerabilities
Version Suggest Low Medium High Critical
0.8.3 0 0 0 0 0
0.8.2 0 0 0 0 0
0.8.1 0 0 0 0 0
0.8.0 0 0 0 0 0
0.7.3 0 0 0 0 0
0.7.2 0 0 0 0 0
0.7.1 0 0 0 0 0
0.7.0 0 0 0 0 0
0.6.3 0 0 0 0 0
0.6.2 0 0 0 0 0
0.6.1 0 0 0 0 0
0.6.0 0 0 0 0 0
0.5.0 0 0 0 0 0
0.4.0 0 0 0 0 0
0.3.0 0 0 0 0 0
0.2.1 0 0 0 0 0
0.2.0 0 0 0 0 0
0.1.0 0 0 0 0 0

Stability
Latest release:

0.8.3 - This version is safe to use because it has no known security vulnerabilities at this time. Find out if your coding project uses this component and get notified of any reported security vulnerabilities with Meterian-X Open Source Security Platform

Licensing

Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.

MIT   -   MIT License

Not a wildcard

Not proprietary

OSI Compliant

Apache-2.0   -   Apache License 2.0

Not a wildcard

Not proprietary

OSI Compliant

ISC   -   ISC License

Not a wildcard

Not proprietary

OSI Compliant

Logo

rustls-native-certs allows rustls to use the platform's native certificate store when operating as a TLS client.

[!IMPORTANT] Instead of this crate, we suggest using rustls-platform-verifier, which provides a more robust solution with a simpler API. This crate is still maintained, but mostly for use inside the platform verifier on platforms where no other solution is available. For more context, see deployment considerations.

Status

rustls-native-certs is mature and widely used.

If you'd like to help out, please see CONTRIBUTING.md.

rustls Documentation

Release notes can be found on GitHub.

API

This library exposes a single function with this signature:

pub fn load_native_certs() -> CertificateResult

This returns a CertificateResult which contains certs: Vec<CertificateDer<'static>> loaded with a snapshot of the root certificates found on this platform along with any platform-specific errors.

This function can be expensive: on some platforms it involves loading and parsing a ~300KB disk file. It's therefore prudent to call this sparingly.

Platform support

This is supported on Windows, macOS and Linux:

  • On all platforms, the SSL_CERT_FILE environment variable is checked first. If that's set, certificates are loaded from the path specified by that variable, or an error is returned if certificates cannot be loaded from the given path. If it's not set, then the platform-specific certificate source is used.
  • On Windows, certificates are loaded from the system certificate store. The schannel crate is used to access the Windows certificate store APIs.
  • On macOS, certificates are loaded from the keychain. The user, admin and system trust settings are merged together as documented by Apple. The security-framework crate is used to access the keystore APIs.
  • On Linux and other UNIX-like operating systems, the openssl-probe crate is used to discover the filename of the system CA bundle.

Worked example

See examples/google.rs.

License

rustls-native-certs is distributed under the following three licenses:

  • Apache License version 2.0.
  • MIT license.
  • ISC license.

These are included as LICENSE-APACHE, LICENSE-MIT and LICENSE-ISC respectively. You may use this software under the terms of any of these licenses, at your option.