No CA certificates found panic when setting up AWS S3 sync #608
Description
Hey, I am trying to add AWS S3 syncing integration to taskchamp, note that this has the taskchampion rust binary running in iOS via this bridge
However, I keep getting the following panic when setting up the sync:
thread '<unnamed>' panicked at /Users/<user>/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/hyper-rustls-0.24.2/src/config.rs:48:9:
no CA certificates found
stack backtrace:
0: \_rust_begin_unwind
1: core::panicking::panic_fmt
2: <rustls::builder::ConfigBuilder<rustls::client::client_conn::ClientConfig,rustls::builder::WantsVerifier> as hyper_rustls::config::ConfigBuilderExt>::with_native_roots
3: aws_smithy_runtime::client::http::hyper_014::default_connector::default_tls
4: once_cell::imp::OnceCell<T>::initialize::{{closure}}
5: once_cell::imp::initialize_or_wait
6: once_cell::imp::OnceCell<T>::initialize
7: aws_smithy_runtime::client::http::hyper_014::default_connector::https
8: <aws_smithy_runtime::client::http::hyper_014::HyperClient<F> as aws_smithy_runtime_api::client::http::HttpClient>::validate_base_client_config
9: aws_smithy_runtime_api::client::runtime_components::RuntimeComponentsBuilder::validate_base_client_config
10: aws_sdk_s3::client::Client::from_conf
11: aws_sdk_s3::client::Client::new
12: taskchampion::server::cloud::aws::AwsService::new
13: taskchampion::server::config::ServerConfig::into_server
14: taskchampion_swift::Replica::sync_aws
It looks to me from the stacktrace that the way its setup AWS is using native TLS root certs (which it cannot find in iOS) instead of the bundled certs. Note that I did not enable the tls-native-roots feature introduced in #460.
I dug a bit into it and think that we might need to override the HttpClient passed to aws config here: https://github.com/awslabs/aws-sdk-rust/blob/cccaf7ce452b84ba3800837c63280aec531c67a5/sdk/aws-config/src/lib.rs#L398
Appreciate the help : )