Allow wkg to trust system root CA

When I run wkg on my IT-managed Windows machine I get the following error:

```
 > wkg wit fetch
 
2026-03-23T19:39:14.001995Z  WARN wasm_pkg_client::metadata: Error fetching registry metadata error=RegistryMetadataError(error fetching registry metadata from "https://wasi.dev/.well-known/wasm-pkg/registry.json"

Caused by:
    0: error sending request for url (https://wasi.dev/.well-known/wasm-pkg/registry.json)
    1: client error (Connect)
    2: invalid peer certificate: UnknownIssuer)
```

My hunch is that the IT configuration requires using the system root CA for HTTP requests, see similar:
- spin [issue](https://github.com/spinframework/spin/issues/3422) and [PR](https://github.com/spinframework/spin/pull/3426).
- servo [issue](https://github.com/servo/servo/issues/32903) and [PR](https://github.com/servo/servo/pull/40935)

There is a related issue asking for extra root certs / accepting invalid certs: #127 

I think this issue to trust the system root CA (and while independent the related issue for extra roots / accepting invalid certs) could be handled following the pattern from the spin and servo PRs by leaning on [`rustls-platform-verifier`](https://github.com/rustls/rustls-platform-verifier).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow wkg to trust system root CA #199

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Allow wkg to trust system root CA #199

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions