Clarify that SSL_CERT_FILE needs to point to valid file

• Change wording of (private) documentation. I find "real" to be an ambiguous description. It could for instance be interpreted to mean it needs to be what Unix calls regular file (as opposed to a symlink, FIFO, etc.) • Add tests to show that file must exists but may be a non-regular file.
rustls · Jul 2, 2024 · b818726 · b818726
1 parent 7f0af3c
commit b818726
Showing 1 changed file with 19 additions and 2 deletions.
diff --git a/src/lib.rs b/src/lib.rs
@@ -114,8 +114,8 @@ const ENV_CERT_FILE: &str = "SSL_CERT_FILE";
 
 /// Returns None if SSL_CERT_FILE is not defined in the current environment.
 ///
-/// If it is defined, it is always used, so it must be a path to a real
-/// file from which certificates can be loaded successfully. While parsing,
+/// If it is defined, it is always used, so it must be a path to an existing,
+/// accessible file from which certificates can be loaded successfully. While parsing,
 /// [rustls_pemfile::certs()] parser will ignore parts of the file which are
 /// not considered part of a certificate. Certificates which are not in the right
 /// format (PEM) or are otherwise corrupted may get ignored silently.
@@ -149,4 +149,21 @@ mod tests {
         let certs = load_pem_certs(Path::new(file!())).unwrap();
         assert_eq!(certs.len(), 0);
     }
+
+    #[test]
+    fn from_env_missing_file() {
+        assert_eq!(
+            load_pem_certs(Path::new("no/such/file"))
+                .unwrap_err()
+                .kind(),
+            ErrorKind::NotFound
+        );
+    }
+
+    #[test]
+    #[cfg(unix)]
+    fn from_env_with_non_regular_and_empty_file() {
+        let certs = load_pem_certs(Path::new("/dev/null")).unwrap();
+        assert_eq!(certs.len(), 0);
+    }
 }