From 84ec9d6dcd9f0cfc88af1dba7163f9ea261b6877 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Fri, 2 Feb 2024 10:32:25 -0500 Subject: [PATCH] lib: recommend platform verifier instead of native-certs Now that the platform verifier is available, point to that crate instead of the native certs crate. The platform verifier README already touches on native certs (and why the platform verifier is a better choice). --- webpki-roots/src/lib.rs | 7 +++++-- webpki-roots/tests/codegen.rs | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/webpki-roots/src/lib.rs b/webpki-roots/src/lib.rs index c9b6e1e..14d2150 100644 --- a/webpki-roots/src/lib.rs +++ b/webpki-roots/src/lib.rs @@ -10,8 +10,11 @@ //! //! This library is suitable for use in applications that can always be recompiled and instantly deployed. //! For applications that are deployed to end-users and cannot be recompiled, or which need certification -//! before deployment, consider a library that loads certificates at runtime, like -//! [rustls-native-certs](https://docs.rs/rustls-native-certs). +//! before deployment, consider a library that uses the platform native certificate verifier such as +//! [rustls-platform-verifier]. This has the additional benefit of supporting OS provided CA constraints +//! and revocation data. +//! +//! [rustls-platform-verifier]: https://docs.rs/rustls-platform-verifier // // This library is automatically generated from the Mozilla // IncludedCACertificateReportPEMCSV report via ccadb.org. Don't edit it. diff --git a/webpki-roots/tests/codegen.rs b/webpki-roots/tests/codegen.rs index fb67dbc..45d8d03 100644 --- a/webpki-roots/tests/codegen.rs +++ b/webpki-roots/tests/codegen.rs @@ -147,8 +147,11 @@ const HEADER: &str = r#"//! A compiled-in copy of the root certificates trusted //! //! This library is suitable for use in applications that can always be recompiled and instantly deployed. //! For applications that are deployed to end-users and cannot be recompiled, or which need certification -//! before deployment, consider a library that loads certificates at runtime, like -//! [rustls-native-certs](https://docs.rs/rustls-native-certs). +//! before deployment, consider a library that uses the platform native certificate verifier such as +//! [rustls-platform-verifier]. This has the additional benefit of supporting OS provided CA constraints +//! and revocation data. +//! +//! [rustls-platform-verifier]: https://docs.rs/rustls-platform-verifier // // This library is automatically generated from the Mozilla // IncludedCACertificateReportPEMCSV report via ccadb.org. Don't edit it.