fix: disable default root certificates in push service (#350)

Explicitly disable built-in root certificates when creating HTTP client to ensure only the provided certificate authority is used for TLS verification.
whisperfish · Jan 5, 2025 · dd43d93 · dd43d93
1 parent e6affcc
commit dd43d93
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/push_service/mod.rs b/src/push_service/mod.rs
@@ -158,6 +158,7 @@ impl PushService {
     ) -> Self {
         let cfg = cfg.into();
         let client = reqwest::ClientBuilder::new()
+            .tls_built_in_root_certs(false)
             .add_root_certificate(
                 reqwest::Certificate::from_pem(
                     cfg.certificate_authority.as_bytes(),