Skip to content

self-signed end entity cert is not trusted when added as extra root. #214

Closed
#215
Closed
self-signed end entity cert is not trusted when added as extra root.#214
#215
@cstkingkey

Description

@cstkingkey
cstkingkey
opened on Jan 17, 2026

rustls-platform-verifier/rustls-platform-verifier/src/verification/windows.rs

Line 659 in 93f729c

if is_partial_chain && self.extra_roots.is_some() {

Under windows, extra roots are added only when TrustStatus.dwErrorStatus is CERT_TRUST_IS_PARTIAL_CHAIN. But the error is CERT_TRUST_IS_UNTRUSTED_ROOT when the cert is self-signed and the issuer is itself.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions